I noticed that you are runing HJT v1.99.

It comes with an extra added bonus. Before clicking scan, click 'Config...' on the bottom right. From there, select 'Misc Tools' and then 'Open Process...

Okay - what a nightmare thisone has been.

Finally got a copy off of the MS website of a product called Microsoft-AntiSpyware. I ran it first, then ran the SE addition of AdAware.

Antispyware...

Okay - May have found the culprit but am running some tests to find out. Seems that one of the anti-spyware apps on the next looked at everything running in memory and tells you who created it, if...

Crunchie:

Here's the deal:
I go in an kill all running tasks that include wiwqww, hzhxhh and huhfhh.
I then delete all of these files and the eoesee.dll. I then run adaware se and everything is...

All done as requested, though the Find-it still created a number of output logs. I did look at the file and you're right, it doesn't look as if it completed - interesting. Also - when I went into my...

Crunchie -

Downloaded and ran as instructed. Qoologic.bat only created one file: log.txt:
+++++++++++++++++++++++++++++++++++++++++++++++++++++
C:\Documents and Settings\GavzyA\Desktop ...

Also - found this file when I did a search for wiwqww:

WIWQWW.EXE-0CBA861F.pf under the c:\windows\prefetch subdirectory - what the blue blazes is a prefetch?

I'm looking at the file and it seems to indicate that wiwqww is still there, I've checked, its not.


Also, should I be questioning the existance of hzhxhh.exe as well?
As always - thanks...

Process killed and deleted. File downloaded and run - here's the log:

By the way - why is it that when you have 'spyware' on your pc, the pop-ups you get are for spyware cleaners? Makes you...

Crunchie:

Did what you had asked (and also did some other things last night).
Last nite - enabled system restore boot. Went in this morning and erased EVERYTHING that had a creation date of...

Crunchie:

Good to hear from you again - this one has been a real pain in the butt! And the pop-ups are becoming VERY annoying!

Downloaded the Symantic tool and tried to run - it kept getting...

All:

Seems that my recycle bin, though it has entries, is also not showing those entries when opened and will not delete
Thanks
agavzy

Gents:
Every now and then I decide to run a HiJack this in order to seew hat's in there and make sure all is clean.

Ran this morning and got the following log. I went through and ran the...

Note -

MSN has updated its homepage and it is now centered.
THis can be closed

All:

Had a few nasties/trojans/adware issues but was able to clean them all.

My home page is www.msn.com (http://www.msn.com). Usually, when going to the homepage, all of the...

Seems to be fixed!

Thanks for the link - we can close the thread now:mrgreen: :mrgreen: :) :)

All:

A friend was recently hijacked and with the help of the folks from that forum was able to get everythng cleaned off. At this point the pc is clean as a whistle - well it can't actually...

Caperjack -
Completed all as instructed - last log attached - unless you see anything else, looks like we can close this one out.
As always, thanks for your help - I'll take a look at the other...

Caperjack:

Had determined that wuclient was the main culprit (saw another posting on CastleCops). Have downloaded the trojan app and will rerun as well as getting rid of the others and willpost...

Sorry all - Looks like it wasn't fixed after all. Rebooted and ran an HJT and its back - guess we're still looking for the culprit:

___________________________________________________________...

Caperjack (et.al)

Seems I went back into HJT and got rid of the marked files again:
c:\windows\system32\iverxape
c:\windows\system32\peseuidim.exe
c:\windows\system32\reavvi.dll...

Caperjack:

Thanks for the links to the info - perhaps I'll be able to help others in the future easier!

Went through and did all as requested.
There were 5 files that could not be removed by...

All:

Seems another of my friends has been hijacked (I'm becoming known for helping some of the folks out here with this little problem thanks to you all!)

In any event - I've attached the...

All:

Problem is solved:
For those of you that end up with the same problem:
goto to http://support.microsft.com and download the latest version of IE with the service packs. THen:
1.

While...

:cry: All:

I got hit with a nasty spyware bug that some of the other moderators were kind enough to help me reomve from my system. SInce doing so, however, I keep getting the following message...

:mrgreen: Im free! I'm free!!

By the by - you may want to check out www.download.com (http://www.download.com)
They have a spyware section with all kinds of stuff.
I downloaded two of the ad...

Interestingly enough, my Recyclebin had been showing as blank. I just checked, however and items are now appearing, so that's a good thing.

Also - for whatever reason, after running HJT, the...

All:

I have a dell system running XP pro. I had moved the original maxtor 30gb hard-drive from the master to the slave position due to some issues caused by my son (still alive, for the time...

Crunchie:

the following logs are attached:

DLLCompare:) , VX2:) , notify.reg:) , HijackThis:-|
Seems to be clean with the exception of the HJT which is showing some items I'm not sure of. ...

Crunchie:

Guard.tmp not found, other files run through killbox and deleted (reran DLLCompare on c:\windows with subdirectories and it came up clean)

Attached is result of notify.reg - PLease...

Crunchie:
Also just realized that I ran the DLLcompare against c:\windows\system32
Should it have been run against c:\windows?
I ran it there and got the following log:

* DLLCompare Log...

Crunchie:

Ran the DLLcompare the second time and it still showed the
C:\WINDOWS\SYSTEM32\ibmpagnt.dll
Ran it a third time, showed the above file and one other.
Ran the Kill and the compare...

Crunchie:
New HJT installed and ready to go

Log file from VX2Finder:
Log for VX2.BetterInternet File Finder
Files Found---

Guardian Key--- is called:
Asynchronous 000
DllName

Crunchie -

Still seem to be getting pop-ups -
Have posted the latesd log
Pop up is : http://www.seeq.com/popupwrapper.jsp?track=true&referrer=&domain=theplaceforcollectibles.com&direct=true...

:) Crunchie!
From the log - it would seem that all has been fixed
PLease let me know if you see anything else

THanks!
ALso - WOuld like to do something approrpiate for the folks at DaniWeb....

Crunchie:

Did as instructed, though I did not see the 2 apps running in the task mamanger - rebooted in safe mode and deleted the files.

Attached are the two logs as well as a new HJT

Thank...

I did - somehow reposted the wrong log -

Latest attached, but some of the 015 entries would not go away, no matter ho many times I clicked 'fix'. ALso, now have 2 BHO entries!

PLease help!!...

DMR:

Done as requested - new log attached:
PLease help!

Logfile of HijackThis v1.98.2
Scan saved at 5:53:32 PM, on 12/15/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet...

Caperjack:

Ran the virus checker - came up clean
Took the system off the net and reran the Spybot, Adaware and CWShredder for good measure. Also ran the LSPfix. There were actually 2 protocol...

Gents
Posting this for a friend that has been hijacked.
Have all of the components necessary:

Adaware, Spybot, CWShredder, etc.
Attached is latest HijackThis Log:

PLease advise as to which...