Spyware, but where

underworld288

underworld288

New Member
I scaned my whole computer with Pandas online scanner, to check to see if i had any infections, and well it found 47 spyware and 3 potentially unwanted tools but when i scanned my pc with spybot and ad-aware i only found 36 spyware. Does anyone know how to find/get rid of the other spyware and unwanted tools?
 
is your computer running slow, or anything? what anti-virus, spyware, malware programs do you got? if you got AVG, AdAware, Spybot, thats what i was going 2 tell you 2 download, make sure their all up date, and take the computer off the network, by unplugging the ethernet cord, or disabling the conenction, you can alsway enable it again, scan with the scanners, and delete everything they find, that should do it, let us know how it goes.
 
If you downloaded and tried out a shareware not freeware program you will often see some large number of things found that in fact may just a selling gimic where you need to buy the full version for the price they list in order to have everything fixed. AdAware SE Personal along with Spybot search + Destroy generally will find most bugs as well as running Grisoft's AVG Free edition that includes an email scanner and automatic updates. One other tool commonly used to track a limited amount of questionable things found in the system registry is called HiJack This where you can save a log and post it here to be looked over. This won't always catch everything(there's no one utility that will do that) but can help when looking for the obvious items to remove. One free version can be downloaded at http://www.spychecker.com/program/hijackthis.html

Sometimes the more clever adwares may appear as spyware since they can hide as a portion of a recent program you may have downloaded. Briefly last year until the end of December with the Microsoft AntiSpyware Remover and more recently the Windows Defender beta 2 anything that tries to install to your system with or without your knowledge first sees a warning message pop up on your screen. That is free to try out at http://www.microsoft.com/downloads/...e7-da2b-4a6a-afa4-f7f14e605a0d&displaylang=en
For the free version of AVG 7.1 antivirus utility that can also catch spywares trying to get on your system, http://free.grisoft.com/doc/2/lng/us/tpl/v5
To run HiJack This and post a log choose the first option at the top of the screen there for the "run a system scan and save logfile" in order to copy and paste the logfile here. That can be looked over to further instruct on how to remove any "questionable" items found in the system registry.
 
Logfile of HijackThis v1.99.1
Scan saved at 10:04:48 PM, on 6/25/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\csrss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\system32\LEXBCES.EXE
F:\WINDOWS\system32\spoolsv.exe
F:\WINDOWS\system32\LEXPPS.EXE
F:\WINDOWS\Explorer.EXE
F:\Program Files\QuickTime\qttask.exe
F:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
F:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe
F:\WINDOWS\system32\WinSys.exe
F:\Program Files\Dell AIO Printer A920\dlbkbmon.exe
F:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
F:\Program Files\MSI\Live Update 3\LMonitor.exe
F:\Program Files\Comodo\Personal Firewall\CPF.exe
F:\Program Files\Comodo\LaunchPad\CLPTray.exe
F:\WINDOWS\SOUNDMAN.EXE
F:\WINDOWS\system32\rundll32.exe
F:\WINDOWS\system32\RUNDLL32.EXE
F:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
F:\Program Files\dvd43\dvd43_tray.exe
F:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
F:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
F:\Program Files\Comodo\Personal Firewall\cmdagent.exe
F:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
F:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe
F:\WINDOWS\system32\nvsvc32.exe
F:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
F:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\system32\wdfmgr.exe
F:\WINDOWS\System32\alg.exe
F:\WINDOWS\system32\WgaTray.exe
F:\Program Files\mozilla.org\Mozilla\mozilla.exe
F:\Program Files\WinRAR\WinRAR.exe
F:\DOCUME~1\UNDERW~1\LOCALS~1\Temp\Rar$EX00.062\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.games-fusion.net/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.games-fusion.net/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 217.97.237.145:80
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Mario Forever Toolbar Helper - {8036D4D7-AAD3-4793-AB49-329E437155A8} - F:\Program Files\Mario Forever Toolbar\v2.0.0.4\Mario_Forever_Toolbar.dll
O3 - Toolbar: Mario Forever Toolbar - {463DF6D5-BEC1-4d67-B217-59DB692DFC53} - F:\Program Files\Mario Forever Toolbar\v2.0.0.4\Mario_Forever_Toolbar.dll
O4 - HKLM\..\Run: [SW20] F:\WINDOWS\system32\sw20.exe
O4 - HKLM\..\Run: [SW24] F:\WINDOWS\system32\sw24.exe
O4 - HKLM\..\Run: [QuickTime Task] "F:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] F:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Dell AIO Printer A920] "F:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] F:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE F:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [WinSys] F:\WINDOWS\system32\WinSys.exe
O4 - HKLM\..\Run: [AVG7_CC] F:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [LiveMonitor] F:\Program Files\MSI\Live Update 3\LMonitor.exe
O4 - HKLM\..\Run: [Comodo Personal Firewall] F:\Program Files\Comodo\Personal Firewall\CPF.exe sysrestart
O4 - HKLM\..\Run: [Comodo Launch Pad Tray] F:\Program Files\Comodo\LaunchPad\CLPTray.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE F:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [dvd43] F:\Program Files\dvd43\dvd43_tray.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] F:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [FreeRAM XP] "F:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win
O4 - Global Startup: Reg.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O20 - Winlogon Notify: WgaLogon - F:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - F:\WINDOWS\system32\acs.exe (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - F:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - F:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - F:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - F:\Program Files\Comodo\Personal Firewall\cmdagent.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - F:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - F:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: nTune Service (nTuneService) - Unknown owner - F:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - F:\WINDOWS\system32\nvsvc32.exe
O23 - Service: LiveShare P2P Server (RoxLiveShare) - Sonic Solutions - F:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxLiveShare.exe
O23 - Service: RoxMediaDB - Sonic Solutions - F:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
O23 - Service: RoxUpnpRenderer (RoxUPnPRenderer) - Sonic Solutions - F:\Program Files\Common Files\Roxio Shared\SharedCom\RoxUpnpRenderer.exe
O23 - Service: RoxUpnpServer - Sonic Solutions - F:\Program Files\Roxio\Easy Media Creator 8\Digital Home\RoxUpnpServer.exe
O23 - Service: Roxio Hard Drive Watcher (RoxWatch) - Sonic Solutions - F:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - F:\Program Files\SiSoftware\SiSoftware Sandra Lite 2007\Win32\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - F:\Program Files\SiSoftware\SiSoftware Sandra Lite 2007\RpcSandraSrv.exe





there is the hijackthis log.
 
Besides a pair of files missing for Windows Messenger the first item to be noticed here is "O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - F:\WINDOWS\system32\acs.exe (file missing)" as well as possible problems regarding the Mario Forever toolbar. Some of the toolbars like this can either be seen as an adware/spyware/browser hijacker, etc. while not being a problem. Others seem to have builtin adware.

Apparently you have a video file missing as well. O23 - Service: nTune Service (nTuneService) - Unknown owner - F:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe (file missing)
The rest of the post here doesn't reveal any particular bugs while there can be things hidden deeper in the registry itself. The first item would be easily removed by using the "fix" button after putting a check on that item alone. The other is part of the NVidia software package where you can either put a check on that if no problems have been with it missing or reinstall your video software to repair that one item.
 
acually now my windows xp wont even let me sign into my account so i guess that stuff that was wrong finally messed up to partition so ill have to reinstall anyway.
 
jp198780 said:
if you can, just reinstall, easist way
Click to expand...

A repair install may or may not work if "something"? still remains hidden on the drive. Often using a restore point to Windows running then temporarily turning off the creation of new restore points to run deep scans will help clean off anything hidden. The use of different programs can also help in finding anything buried deep in folders or even the system registry appearing as Windows files. But you may still have to manually remove anything found.
 
You must log in or register to reply here.
Back
Top