HJT Log + SpyBot/SpyHunter Results --- Thank You.
Make sure it is set to Instant Notification, then click Subscribe. sorry to be so long winded. The following programs have all failed to be helpful in this regard- KillBox Hijack This Clamwin Blacklist Winsock Repair Tool Symantec Sysclean Stinger CWShredder Coolwwwsearch removal tool VundoFix AVG Antivirus Tweaknow After downloading the tool, disconnect from the internet and disable all antivirus protection. have a peek at these guys
You are running it from the ZIP file which is what we specically request you not do. Ive Try to get help at the Spybot forum but i haven´t got a response yet, Ive Upload a HJT LOG , am unable to get the other two logs cause Look for the Error>  .Right click on the Error> Properties> . Here in the forums, replies are posted to topics only.
Does it show you to be a Member of: Administators If not, you need to reboot in safe mode and log in as Administrator (that should be an account name). C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE svchost.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\system32\igfxsrvc.exe C:\WINDOWS\RTHDCPL.EXE C:\Program etc.
It is still part of the same issue and does not belong in a new thread. You show heavy use of uTorrent and it appears you have pirated software: Microsoft.Windows.XP.Professional.SP3.Integrated.April.2009.Corporate.Unattended-UP2DATE.torrent c:\documents and settings\Owner\Application Data\uTorrent\ First.Aid.Platinum.v22.214.171.1248.Multilingual.Incl.Keymaker.torrent SpyHunter Security Suite 3.5.11+Crack-HeartBug.torrent Since you are getting help and acting on just thought I would add my 2 cents.... And as usual, "My Documents" mysteriously opened.
Sorry to ask what might be such a simplistic question... All rights reserved. Already have an account? To be old and wise you have to first be young and stupid. 02-02-2012, 11:45 AM #15 Amit_Sardal Registered Member Join Date: Jan 2012 Posts: 14 OS: win
but to me it would seem that to just wipe out the OS and rebuild it means the keylogger/hijacker won (and it cost me some bucks to show I lost). Please copy and paste the contents of that file here. We do not give a personal support via PM The way to request help is to post a NEW TOPIC in the appropriate forum. Jun 20, 2009 #11 (You must log in or sign up to reply here.) Show Ignored Content Topic Status: Not open for further replies.
He felt that it would wipe everything clean and be back to normal, with SP2 now as an upgrade.... Do you get any error messages? I rarely use IE and have those settings in IE only when I use it directly with the tunneler(I try to stay away from active X scripting and have IE set any chance I have been infected with something new? --geeksoncall suspected xofspy had something to do with the keylogger or CWS but prior to approx 3/1 i had never seen either
HJT Log + SpyBot/SpyHunter Results --- thank you. D: is FIXED (NTFS) - 931 GiB total, 660.137 GiB free. A case like this could easily cost hundreds of thousands of dollars. C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Directory 2 for hijackthis.zip\HijackThis.exe Not only that....
So after generating it, I have to search for it and then copy paste the results. Look2Me-Destroyer will now shutdown your computer, click OK.Your computer will then shutdown.Turn your computer back on.Please post the contents of Look2Me-Destroyer.txt (it can be found wherever you saved Look2Me-Destroyer.exe) and a Please disable all security programs, such as antiviruses, antispywares, and firewalls. I have the Mcafee firewall and virus scan always on, But part of your initial suggestions to me was not to have both avast and Mcafee.
I tried to go into the location and it showed nothing in the folder....weird Regarding CWS overall, seems to be reappearing so perhaps when I ran the spysweeper in safe mode Attach log. Nothing goofy has been going on to prompt me to see some of the websites showing up from CWS.
I will go back and follow your instructions from your tutorial and let you know what I find prior to posting any hijack this logs Just wanted to hear from anyone
Click Do a system scan and save a logfile. The hijackthis.log text file will appear on your desktop. Check the files on the log, then research if they are Click on Reboot Now. Please run all of the READ ME. DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_29 Run by Amit12 at 23:53:33 on 2012-02-01 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2037.752 [GMT 5.5:30] .
mindnmuscl2, Mar 11, 2005 #19 chaslang MajorGeeks Admin - Master Malware Expert Staff Member Too many questions and you still did not do what I requested in message # 18. You may need to be logged in as Administrator. So it looks as though all my work was not able to detect or cleanup the ardamax keylogger. I like my current system, I am in process of receiving a new laptop in next 2 weeks but would like to salvage my desktop and use it as a spare.
Page 1 of 2 1 2 > Thread Tools Search this Thread 01-12-2012, 02:33 AM #1 Amit_Sardal Registered Member Join Date: Jan 2012 Posts: 14 OS: win xp Finished : << RKreport.txt >> RKreport.txt 02-01-2012, 11:51 AM #9 Amit_Sardal Registered Member Join Date: Jan 2012 Posts: 14 OS: win xp sp3 CKScanner - Additional Security Risks I will post the HJT log if you will ok it. I then manually went into a few of the hidden directories and deleted the copies it had made of itself.
chaslang, Mar 9, 2005 #16 mindnmuscl2 Private E-2 Sorry to continue stumbling....I kept the CWS thread separate because I am not savvy enough to know if I have one large problem Post your HJT log. I rebooted in safe mode w/o networking and unplugged my computer from our network to ensure no other computers were infected. But what is funny, I am not seeing my browser being overtly hijacked....
In safe mode, disconnected from my DSL a full scan of "hard drive c:\ " did not expose any ardamax kaylogger extensions( I think it is akl.exe extension). OK.. Microsoft Windows XP Professional Boot Device: \Device\HarddiskVolume1 Install Date: 3/20/2011 9:02:16 PM System Uptime: 1/31/2012 2:46:09 PM (33 hours ago) . See: http://www.spywarewarrior.com/rogue_anti-spyware.htm Here are the steps you need to follow (completely): To help us to best help you, please follow the steps below closely and in the order given and do
Stinger and sysclean have now both cleared me of any trojan infections. I have seen no proof of a CWS infection in your system. It inexplicably closes and up pops the "Windows is running in safemode message" as it restarts. I found your site on 3/5 and ran your full test based on the 6/22 posting disabling spyware, malware, etc on before asking for help.
No issues reported f) Symantec Security-normal mode, could not connect to internet in safe. In order to find out what entries are nasty and what are installed by the user, you need some background information.A logfile is not so easy to analyze. It does not look to be like something was added without user consent. Please subscribe to this thread to get immediate notification of replies as soon as they are posted.
This infection should not be confused with the legitimate AOL file which can be found here. Also take a look at the info here: http://labs.paretologic.com/spyware.aspx?remove=Ardamax Seems to say Xoftspy is supposed to remove Ardamax??? Earlier when I first posted my problem, I could access Wikipedia..but not for the past 2 days.