TechTalkz.com Logo Ask the Experts!

Go Back   TechTalkz.com Technology & Computer Troubleshooting Forums > Tech World > Computer Security

Major spyware issues - anti-malware software hasn't worked yet

Computer Security

 
Reply
Thread Tools Display Modes
Unread 01-06-2008, 04:29 AM   #1
Junior Member (25+)
Thread Starter
 
Cambion's Avatar
 
Join Date: Jun 2008
Location: Earth
Posts: 26
Thanks: 0
Thanked 0 Times in 0 Posts
Rep Power: 0 Cambion is an unknown quantity at this point
Send a message via AIM to Cambion
Major spyware issues - anti-malware software hasn't worked yet

This might end up getting slightly long-winded, and I apologize if this gets too lengthy.

My computer has been infected with something for the last couple of months, in which time I have tried just about every possible solution under the sun to cure the infection. I have installed more anti-malware software than I care to think about, run numerous scans using each of them, and yet the problem persists.

What I am seeing is my wallpaper is non-existant, having been replaced with an error stating that "your computer has several fatal errors due to spyware activity" , along with pop-ups from the bar in the bottom-right corner of the screen telling me my computer is infected and constant pop-ups every time I go to a new link that tell me my computer is infected. I know for a fact these are fake because the grammar on them is wrong, and I know Microsoft is not that incompetent as to make such mistakes.

Here are the programs I have used to try and deal with this problem:

- SpyBot Search and Destroy
- AdAware (still have)
- Norton
- McAfee
- SuperAntiSpyware
- AVG
- Avast!
- Panda
- Spyware Doctor (gives me the blue screen of death after scanning about 6000 files)
- HiJackThis
- CounterSpy
- Advanced Spyware Remover
- SpyBlaster

With each of the programs that could successfully complete scans, they found numerous infections, including Smitfraud and TrojanFakeAlert. Each program claimed to quarantine and remove the infections...but when I would run yet another scan to check and make sure, all those same files that were said to have been removed were still there.

I have tried going in and manually removing the offending files, only to have them re-appear or have my computer tell me those files can't be deleted.

Because of these infections, I cannot access my Task Manager (I get told that 'access has been disabled by administration'), I can't have a wallpaper, and most recently, Firefox cannot open and I had to go back to Internet Exlporer (which means many more pop-ups). Also, recently, every time I attempt to access a site from a results list in a search engine, I get redirected to a site called Searchpils.com.

________________________________________

I am very much at the end of my rope. I have tried everything except restoring a registry from the past (which I have since learned is not a good idea), re-installing Windows, which I really do not want to do unless it is my only option to save my computer from being rendered useless....and throwing my laptop across the room (it fixed my GameBoy, so this is starting to seem like a good solution).

I have tried the manual removal of Smitfraud files, but I cannot find them, which leads me to believe either Smitfraud got removed and I didn't know it, or it has somehow infected my system so the files it puts into my system do not show up via system searches.

Does anyone have any suggestions for a solution?

Sponsored Links
Cambion is offline   Reply With Quote
Unread 01-06-2008, 07:49 AM   #2
Webmaster
 
Strider's Avatar
 
Join Date: Nov 2005
Location: Interwebs
Posts: 5,046
Thanks: 637
Thanked 730 Times in 613 Posts
Mood: Busy
Blog Entries: 6
Rep Power: 9045 Strider is extemly EminentStrider is extemly EminentStrider is extemly EminentStrider is extemly EminentStrider is extemly EminentStrider is extemly EminentStrider is extemly EminentStrider is extemly EminentStrider is extemly EminentStrider is extemly EminentStrider is extemly Eminent

Intel Nvidia

Windows Server Windows 7 Windows 10 Linux


Cool Re: Major spyware issues - anti-malware software hasn't worked yet

Ok, so I assume there is more than one infection in your computer. Looks like the best way out is a windows xp reinstall.

But since you don't want to try it as the first option we will give a try.

I need you to do a few things to get started.
  1. Go to Add/Remove programs and uninstall all the unnecessary applications including the security products . If possible remove all of them, unless it's critical for you.

  2. Once the un-installation process is completed, reboot your computer. Then download Hijackthis, run it and attach the log file here.

    http://www.trendsecure.com/portal/en...HJTInstall.exe

  3. Download ESET NOD32 Trial, install it, update definitions and do a scan.

    http://download.eset.com/eval/win/eav/eav_nt32_enu.msi

  4. Reboot into windows safe mode ( by keep tapping F8 key during boot), open System Management Utility ( Start > Run> msconfig > Enter ).
    • From the Startup tab uncheck all entries except egui(if it's there).
    • In the Services tab first tick the Hide all Microsoft Services option. Now uncheck all unnecessary services except Eset ones.

  5. Reboot in to normal mode.

All the best.
Strider is offline   Reply With Quote
Unread 01-06-2008, 02:09 PM   #3
(ψ)=Θφ
 
bakuryu's Avatar
 
Join Date: May 2006
Location: India
Age: 30
Posts: 6,620
Thanks: 19
Thanked 673 Times in 626 Posts
Rep Power: 2183 bakuryu has a brilliant futurebakuryu has a brilliant futurebakuryu has a brilliant futurebakuryu has a brilliant futurebakuryu has a brilliant futurebakuryu has a brilliant futurebakuryu has a brilliant futurebakuryu has a brilliant futurebakuryu has a brilliant futurebakuryu has a brilliant futurebakuryu has a brilliant future


Windows XP Windows Vista Windows 7


Send a message via Yahoo to bakuryu
Re: Major spyware issues - anti-malware software hasn't worked yet

And run the scans in Safe Mode after DISABLING System restore.
__________________
Please don't click here
bakuryu is offline   Reply With Quote
Unread 01-06-2008, 04:58 PM   #4
Junior Member (25+)
Thread Starter
 
Cambion's Avatar
 
Join Date: Jun 2008
Location: Earth
Posts: 26
Thanks: 0
Thanked 0 Times in 0 Posts
Rep Power: 0 Cambion is an unknown quantity at this point
Send a message via AIM to Cambion
Re: Major spyware issues - anti-malware software hasn't worked yet

I apologize if this sounds ignorant, but will any of this delete any of my files (images, video, etc.)? I only ask so I can put everything I don't want to lose on disks.
Cambion is offline   Reply With Quote
Unread 01-06-2008, 08:13 PM   #5
(ψ)=Θφ
 
bakuryu's Avatar
 
Join Date: May 2006
Location: India
Age: 30
Posts: 6,620
Thanks: 19
Thanked 673 Times in 626 Posts
Rep Power: 2183 bakuryu has a brilliant futurebakuryu has a brilliant futurebakuryu has a brilliant futurebakuryu has a brilliant futurebakuryu has a brilliant futurebakuryu has a brilliant futurebakuryu has a brilliant futurebakuryu has a brilliant futurebakuryu has a brilliant futurebakuryu has a brilliant futurebakuryu has a brilliant future


Windows XP Windows Vista Windows 7


Send a message via Yahoo to bakuryu
Re: Major spyware issues - anti-malware software hasn't worked yet

Quote:
I apologize if this sounds ignorant, but will any of this delete any of my files (images, video, etc.)? I only ask so I can put everything I don't want to lose on disks.
No, however if the virus/spyware affects any of your image/video files (rare case -- they generally attach themselves to exe files), and if the abti-virus fails to clean it, then it may delete or quarantine the files.
bakuryu is offline   Reply With Quote
Unread 02-06-2008, 01:45 AM   #6
Junior Member (25+)
Thread Starter
 
Cambion's Avatar
 
Join Date: Jun 2008
Location: Earth
Posts: 26
Thanks: 0
Thanked 0 Times in 0 Posts
Rep Power: 0 Cambion is an unknown quantity at this point
Send a message via AIM to Cambion
Re: Major spyware issues - anti-malware software hasn't worked yet

Okay. Thank you for clarifying.

I will try the above suggestions tomorrow. I did, however, use a new anti-malware software today with a tiny bit of success. Malware Sweeper got rid of whatever was giving me the error message on my wallpaper *joy*.
Cambion is offline   Reply With Quote
Unread 02-06-2008, 07:33 PM   #7
Junior Member (25+)
Thread Starter
 
Cambion's Avatar
 
Join Date: Jun 2008
Location: Earth
Posts: 26
Thanks: 0
Thanked 0 Times in 0 Posts
Rep Power: 0 Cambion is an unknown quantity at this point
Send a message via AIM to Cambion
Re: Major spyware issues - anti-malware software hasn't worked yet

I installed the ESET NOD32 trial, but it made my computer freeze up to the point where I could not open any programs or at times would not even allow me to log in. So, I restarted in Safe Mode and got rid of ESET NOD32 since it did not seem to help.

Here is the logfile from the HiJackThis scan (oddly enough, trying to access the TXT file via Notepad caused Notepad to shut down before I could read it):

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:28:14 PM, on 6/2/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
c:\progra~1\mcafee\mcafee antispyware\massrv.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\PeoplePC\ISP6600\Browser\Bartshel.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\VnrPack\VnrPack16.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\PROGRA~1\PeoplePC\ISP6600\Browser\PPShared.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymSCUI.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\AIM95\aim.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\dwwin.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\drwtsn32.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://home.peoplepc.com/search
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotmail.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://home.peoplepc.com/search
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
O2 - BHO: EarthLink BHO Guard - {00000000-0000-0000-0000-000000000002} - C:\Program Files\PeoplePC\Toolbar\ScamGrd.dll (file missing)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: EarthLink ScamBlocker V3 - {15F4D456-5BAA-4076-8486-EECB38CD3E57} - C:\Program Files\PeoplePC\Toolbar\ScamGrd.dll (file missing)
O2 - BHO: Accelerator Plugin - {656EC4B7-072B-4698-B504-2A414C1F0037} - C:\PROGRA~1\PEOPLE~1\PRPL_I~1.DLL
O2 - BHO: SSV - {69F6C0AE-0C78-4999-B6D1-62932A265C5D} - C:\WINDOWS\UNOPUS.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: CNi***tBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [Bart Station] C:\Program Files\PeoplePC\ISP6600\BIN\PPCOLink.exe -STATION
O4 - HKLM\..\Run: [MDNS] C:\WINDOWS\system32\service.exe
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VER SIO~2.EXE
O4 - HKLM\..\Run: [Recordpad] "C:\Program Files\NCH Swift Sound\Recordpad\recordpad.exe" -logon
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [Microsoft Windows Installer] C:\DOCUME~1\Umbra\LOCALS~1\Temp\ie.exe
O4 - HKCU\..\Run: [VnrPack16] "C:\Program Files\VnrPack\VnrPack16.exe"
O4 - HKCU\..\Run: [Malware Sweeper] C:\Program Files\MalwareSweeper.com\MalwareSweeper\MalSwep.ex e
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: &Search - ?p=ZJ
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Copy to Semagic - C:\Program Files\Semagic\copy.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Semagic - C:\Program Files\Semagic\link.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AOL Instant Messenger (TM) - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/pr02...s/MSNPUpld.cab
O16 - DPF: {58FC4C77-71C2-4972-A8CD-78691AD85158} (BJA Control) - http://www.worldwinner.com/games/v49...k/bjattack.cab
O16 - DPF: {639658F3-B141-4D6B-B936-226F75A5EAC3} (CPlayFirstDinerDash2Control Object) - http://www.shockwave.com/content/din...2.1.0.0.53.cab
O16 - DPF: {640B39C1-D713-464F-92C3-75BD972B95EE} - http://www.sidestep.com/get/k42037/sb02a.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O18 - Filter hijack: text/html - {07851C6A-1C43-41d9-8319-BC89154A8C00} - C:\Program Files\RcvSystem\httpdchk.dll
O20 - Winlogon Notify: isigc70 - isigc70.dll (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: McAfee AntiSpyware Service - McAfee, Inc. - c:\progra~1\mcafee\mcafee antispyware\massrv.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WLANKEEPER - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 14134 bytes

There were about ten more files in that log, but they all said "no file" at the end, which I had to assume meant they could be removed.
Cambion is offline   Reply With Quote
Unread 02-06-2008, 07:57 PM   #8
(ψ)=Θφ
 
bakuryu's Avatar
 
Join Date: May 2006
Location: India
Age: 30
Posts: 6,620
Thanks: 19
Thanked 673 Times in 626 Posts
Rep Power: 2183 bakuryu has a brilliant futurebakuryu has a brilliant futurebakuryu has a brilliant futurebakuryu has a brilliant futurebakuryu has a brilliant futurebakuryu has a brilliant futurebakuryu has a brilliant futurebakuryu has a brilliant futurebakuryu has a brilliant futurebakuryu has a brilliant futurebakuryu has a brilliant future


Windows XP Windows Vista Windows 7


Send a message via Yahoo to bakuryu
Re: Major spyware issues - anti-malware software hasn't worked yet

you have too many anti virus and anti spyware softwares.

Un-install all of the, keeping Spybot S&D and Adaware.
And for anti-virus install ESET NOD32, then upon reboot, wait for some time -- sometimes it seems to freeze, but it's just NOD32 scanning all startup files in background, and you having so many anti-viruses -- might cause conflicts and slowdowns leading to complete system freeze.

your HJT log files seems clean, except with some files missing, which is not causing your problems.
bakuryu is offline   Reply With Quote
Unread 03-06-2008, 01:53 AM   #9
Junior Member (25+)
Thread Starter
 
Cambion's Avatar
 
Join Date: Jun 2008
Location: Earth
Posts: 26
Thanks: 0
Thanked 0 Times in 0 Posts
Rep Power: 0 Cambion is an unknown quantity at this point
Send a message via AIM to Cambion
Re: Major spyware issues - anti-malware software hasn't worked yet

AdAware and SyBot S&D were actually uninstalled prior to running HiJackThis, so I'm not sure why they showed up on the log file. I decided to keep Malware Sweeper since it found a lot of stuff neither SpyBot nor AdAware picked up. I cannot remove Norton because my computer won't let me - it says I need the disk, which I do not have because Norton was already on here when I got the computer (I got it new).

Gosh, I never thought I could have too much protection from malware. Currently, the only programs I have on here are Malware Sweeper, HiJackThis, Norton and McAfee (the last two were both on here when I got the laptop). I will try ESET NOD32 again and see if it freezes up my screen again.
Cambion is offline   Reply With Quote
Unread 03-06-2008, 07:35 AM   #10
Webmaster
 
Strider's Avatar
 
Join Date: Nov 2005
Location: Interwebs
Posts: 5,046
Thanks: 637
Thanked 730 Times in 613 Posts
Mood: Busy
Blog Entries: 6
Rep Power: 9045 Strider is extemly EminentStrider is extemly EminentStrider is extemly EminentStrider is extemly EminentStrider is extemly EminentStrider is extemly EminentStrider is extemly EminentStrider is extemly EminentStrider is extemly EminentStrider is extemly EminentStrider is extemly Eminent

Intel Nvidia

Windows Server Windows 7 Windows 10 Linux


Re: Major spyware issues - anti-malware software hasn't worked yet

Sponsored Links
You should be able to uninstall Mcafee. If possible remove it. Multiple security products will only do harm to your pc.

Or at least stop them from running in the startup. Then try installing NOD32.

Quote:
# Reboot into windows safe mode ( by keep tapping F8 key during boot), open System Management Utility ( Start > Run> msconfig > Enter ).

* From the Startup tab uncheck all entries except egui(if it's there).
* In the Services tab first tick the Hide all Microsoft Services option. Now uncheck all unnecessary services except Eset ones.


# Reboot in to normal mode.


Now Try these tools:
F-Secure BlackLight Rootkit Elimination
ftp://ftp.f-secure.com/anti-virus/tools/fsbl.exe

Sophos Anti-Rootkit 1.3.1
http://www.sophos.com/support/cleaners/sarsfx.exe

Microsoft RootkitRevealer v1.71
http://download.sysinternals.com/Fil...itRevealer.zip

Sponsored Links
Strider is offline   Reply With Quote
Reply

Thread Tools
Display Modes



< Home - Windows Help - MS Office Help - Hardware Support >


New To Site? Need Help?

All times are GMT. The time now is 03:46 AM.


vBulletin, Copyright ©2000 - 2017, Jelsoft Enterprises Ltd.
Copyright © 2005-2016, TechTalkz.com. All Rights Reserved - Privacy Policy
Valid XHTML 1.0 Transitional