Major Spyware Problem...Please Help!

Didn't you already have a thread started with this problem in it:

http://forums.majorgeeks.com/showthread.php?t=52525

Why did you start a new one? You just need to be patient? It's been very busy here and you just drifted down the stack a little. A friendly "bump" to remind us would be better.

I don't see where anyone asked you to post a HijackThis log.

You need to first follow ALL the steps in this Sticky thread READ ME FIRST BEFORE ASKING FOR SUPPORT: Basic Spyware, Trojan And Virus Removal

 

By the way 'services.exe' is not necessarily a trojan. If it is running from the correct location it is a valid windows process. You need to be careful what you read and how you interprete it.

 

Adding a message to your thread would bring it back to the top. So something like:

Can anyone please help me with this I'm still having a problem and it looks like I slipped way down to page x and no one is seeing my message anymore?


The sooner you run all the steps of the READ ME FIRST the sooner we will get you fixed up.

After doing ALL of the READ ME, if you still have a problem:

Make sure you have HijackThis 1.99 and follow the guidelines on where to install it and how to post a log as an attachment. This is all covered in the sticky thread NO HIJACK THIS LOG FILES BEFORE READING THIS: HJT Tutorial & LOG File Posting

Now post a HijackThis log as an attachment to your message (Do not post the log inline). All running programs should be closed, including your web browser, e-mail. Close before running Hijack This!

To repeat: Do NOT run Hijack This from the Desktop, a temp folder, or a sub-folder of C:\Documents and Settings, or choose to run it directly from the downloaded ZIP file. Place it in its own folder, for example C:\Program Files\HJT

 

This is not always a good thing to do. You really should only work your problem at one place or the other. Working both at the same time can confuse the people helping you because we know nothing about what is going on elsewhere.


Also your services.exe is still probably okay.

The bad one is typically called service.exe.


It is asociated with the W32.Randex.R trojan and when executed, it copies itself to one of the following locations:

%System%\service.exe
%System%\svhost.exe
%System%\pointer32.exe

 

If you the dialers are running services, then services.exe would have to run.

If you ran all the steps post the HJT log as requested. Make sure you follow those directions though!

 

Re: HIJACKTHIS Log: Major Spyware Problem...Please Help!

Please stop creating new threads! Stay in one thread until the problems are resolved.
I'm merging you back to the other thread!

 

Re: HIJACKTHIS Log: Major Spyware Problem...Please Help!

You did not follow the directions on where to install HJT too. You have it here:
C:\Documents and Settings\Owner\Desktop\hijackthis\HijackThis.exe

Please install it correctly before continuing!

You should not be installing programs there! You also put SpySweeper there:
O4 - HKCU\..\Run: [SpySweeper] "C:\Documents and Settings\Owner\Desktop\Hassan's Folder\Spy Sweeper\SpySweeper.exe" /0

That folder should be used for Documents and or Settings for each user. Programs really should be installed in most cases to their default folders which is normally under C:\Program Files

Will the run elsewhere? Yes? But this is a bad practice and can lead to problems?

 

Stop complaining! All I did was tell you how to do it properly. You have open at least 3 threads on this problem already. Look at message #4.

If you want help, all we ask is for you to follow directions. That I can and do expect. If you don't understand a direction or a procedure. Then ask questions but in the same thread.

If you READ the FAQs and the stickies in the forums which they clearly tell you to do, all of this would be apparent.

 

If you right click on the Desktop icon what information do you get about it. Like Target, Start in information.

You need to download LSP - Fix

NOW: Unzip it and run LSP-Fix.

Check the Box labeled "I know what I'm doing" and then click on the xfire_lsp_10650.dll file (in the “Keep” section) to select it.

Then, Select the >> button to move xfire_lsp_10650.dll into the Remove section.

Now, click the Finish Button. When the Repair Summary box appears, click OK.


Now run HijackThis and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
O13 - DefaultPrefix:
O16 - DPF: {F0BC061F-DAF9-4533-8011-53BCB4C10307} (Installations Assistent) - http://install.mp3bereich.de/InstallationsAssistent.ocx
O16 - DPF: {FF3F0F03-0F01-131A-A3F9-08F02B23E0CC} - http://66.117.37.13/dba842.exe
O23 - Service: Ati HotKey Poller - Unknown - C:\WINDOWS\System32\Ati2evxx.exe (file missing)
O23 - Service: kavsvc - Unknown - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe (file missing)

Do you know what this below item is for? If not, fix it too.
O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} (InstallShield Setup Player 2K2) - http://sib1.od2.com/common/Member/ClientInstall/10.01.0004/OCI/setup.exe


After clicking Fix, exit HJT.

Now reboot and post a new HJT log. Are you still having a problem?

 

You're welcome. But you really should post the follow up HJT log to make sure!