[TripleH2k3]

Everytime I go online I recieve a add saying that I have Spyware installed on my computer, so I downloaded Spyhunter and the scan came up with 31 Spware applications in my registry, memory, and files on my hard drive. I couldn't delete them with the free Spyhunter download, so I bought GhostSurf Pro, scanned the registry, hard drive, and the memory, and none of the Spyware that SpyHunter showed me appeared in the search, and I view the reports of the items listed and all of them say that they are not a Spyware application. I bought GhostSurf Pro because it allows you to surf anonymously and most importantly it is supposed to delete the Spyware. How can I get the GhostSurf Pro to get all of the Spyware listed and deleted off of my computer? If anyone has a GhostSurf Pro, PLEASE respond to this and tell me what I need to do.
Thanks

 

[mobo]

Please get Spybot S&D to clear out any spyware.
http://www.safer-networking.org/index.php?page=mirrors

Install the program and open it.

Before doing any scanning click Online and Search for Updates .
Put a check mark at and install all updates.

Click Check for Problems and when the scan is finished have Spybot fix all it finds marked in red.

Then after reboot:
Download 'Hijack This!'. http://www.spywareinfo.com/~merijn/files/HijackThis.exe
Unzip, doubleclick HijackThis.exe, and hit "Scan".

When the scan is finished, the "Scan" button will change into a "Save Log" button.
Press that, save the log, load it in Notepad, and copy its contents here. Most of what it lists will be harmless or even essential, don't fix anything yet.

 

[raybro]

I'm not familiar with SurfGhost Pro, but it sounds to me like you have been suckered. ANY time you get something popping up when you are on line telling you there is something wrong with your computer IGNORE IT.

As far as spyware is concerned. There is a good bet if you didn't have spyware on your computer before all this, you do now.

There are FREE downloads available that are very effective in dealing with spyware and all kinds of nasties. I use them regularly and help others interpret them on forums like this when I can.

Two of the best progs are Spybot S&D and AdAware. To get them, set them up and run them, do the following:

Download Spybot S&D. Install Spybot, open it and click the Search for Updates button. When updates are found, put a check mark next to all and click the Download Updates button. Now click the Search & Destroy icon in the left pane, then the Check for problems button at the bottom of the window. When the scan completes, check all the items in RED, then click the Fix Selected Problems button.

Reboot your computer

Next, download AdAware. Install the program and launch it.

First in the main window look in the bottom right corner and click on Check for updates now and download the latest reference files.

Make sure the following settings are made and on -------ON=GREEN

From main window :Click Start then Activate in-depth scan (recommended)

Click Use custom scanning options then click Customize and have these options selected: Under Drives and Folders put a check by Scan within archives and below that under Memory and Registry put a check by all the options there.

Now click on the Tweak button in that same window. Under Scanning Engine select Unload recognized processes during scanning and under Cleaning Engine select Let windows remove files in use at next reboot

Click Proceed to save your settings.

Now to scan just click the Next button.

When the scan is finished mark everything for removal and get rid of it.(Right-click the window and choose Select All from the drop down menu and click Next)

Reboot your computer.

These two steps should get rid of most any malware you have on your computer. If you still have any concerns, you can download HiJackThis. This program collects all the information needed to evaluate your computer for operating anomalies. It does, however, require interpretation by people trained in it's use. So what you do after you get the program is run a scan them paste the scan here in a post.

If you wish to do this, first create a folder in C:\Program Files titled HiJackThis. Now click Here and download the file to the new folder. Close all other windows, including this and any other browser windows. Launch HJT and click the Scan button. When the scan is complete the Scan button will have changed to Save Log. Click that and save the log to the HJT folder. Now open the saved log file. In the toolbar under Edit, select select All then copy (Ctrl+C) the text. Open your browser to this thread and paste (Ctrl+V) the text in a reply. DO NOT CHANGE ANYTHING YET. Most of what is listed is harmless or even essential for system operation. Wait for someone here to analyze the log and make recommendations. There is a safety net in that HJT backs up anything it removes. So you CAN restore a file if necessary.

 

[raybro]

mobo... One of these days I'm gonna remember to refresh the page BEFORE I post a reply so I can see if anyone else has posted while I was formulating mine. Oh well... I suppose to much input is better than no input at all.

Ray

 

[mobo]

I suppose so ray..I much prefer copy/paste

 

[TripleH2k3]

Logfile of HijackThis v1.97.7
Scan saved at 3:11:41 AM, on 3/22/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Grisoft\AVG6\avgcc32.exe
C:\Program Files\Common Files\Dpi\dpi.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\system32\pcs\pcsvc.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\System32\dp-k13w13.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Documents and Settings\Eric\Desktop\HijackThis.exe
C:\Program Files\America Online 9.0\waol.exe
C:\Program Files\America Online 9.0\shellmon.exe
C:\Program Files\America Online 9.0\aolwbspd.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wwe.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:7212
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.blazefind.com/
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {83DE62E0-5805-11D8-9B25-00E04C60FAF2} - C:\WINDOWS\2_0_1browserhelper2.dll
O2 - BHO: (no name) - {9527D42F-D666-11D3-B8DD-00600838CD5F} - C:\WINDOWS\System32\IETie.dll
O2 - BHO: (no name) - {9CFD7F05-2908-46DA-B38C-B4F5BF994AE8} - C:\WINDOWS\f9SNj9jem.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"
O4 - HKLM\..\Run: [AVG_CC] C:\Program Files\Grisoft\AVG6\avgcc32.exe /startup
O4 - HKLM\..\Run: [Dpi] C:\Program Files\Common Files\Dpi\dpi.exe
O4 - HKLM\..\Run: [Pcsv] C:\WINDOWS\system32\pcs\pcsvc.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Dsi] C:\WINDOWS\System32\dp-k13w13.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra 'Tools' menuitem: MaxSpeed (HKLM)
O9 - Extra button: ATI TV (HKLM)
O9 - Extra button: Research (HKLM)
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38031.5741319444
O17 - HKLM\System\CCS\Services\Tcpip\..\{1EF3B66B-2A79-4DFC-989E-E8BA7FFE3E0E}: NameServer = 198.81.17.134
O17 - HKLM\System\CS1\Services\Tcpip\..\{1EF3B66B-2A79-4DFC-989E-E8BA7FFE3E0E}: NameServer = 198.81.17.134

 

[mobo]

Rescan and put a check next to eachof these then close all browser windows and click "fix checked"

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank

R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

O2 - BHO: (no name) - {83DE62E0-5805-11D8-9B25-00E04C60FAF2} - C:\WINDOWS\2_0_1browserhelper2.dll

O2 - BHO: (no name) - {9CFD7F05-2908-46DA-B38C-B4F5BF994AE8} - C:\WINDOWS\f9SNj9jem.dll

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"

O4 - HKLM\..\Run: [Dsi] C:\WINDOWS\System32\dp-k13w13.exe

Then reboot into safe mode and delete :
C:\WINDOWS\System32\dp-k13w13.exe