|
| ||
| Please Help! I have a big Spyware Problem 1 Attachment(s) I cannot install or uninstall anything at all. The progress bar stays at 0%. I believe this a spyware or maybe even a virus. I have tried SpyBot and a few other Spyware programs, and i've deleted all I could find. But after every scan, more come. I tried loading in safe mode, but i can't do anything that way, everything is so limited. Please help as this is one of my most desperate times. :cry: :sad: P.S. I added a picture of my Task Manager |
| ||
| Re: Please Help! I have a big Spyware Problem I know you allready ran some of these ,just do the ones you haven't used yet. ............................................................................... Download and run this fully working 30 day trial version Trojan Hunter. http://www.misec.net/trojanhunter/?aff=12129 ......................................................................................................... Download CWShredder from HERE and run the Program in safe mode . Press the "Fix Button" Let it fix all variants. Next, Close the program and all windows and IE windows and run hijackthis and Post a Fresh log. Reboot to SAFE mode to run CWShredder How to start computer in safe mode Then these 2 programs . Ad-Aware and Spybot Download the latest version of Ad-Aware at ADAWARE Setup Ad-Aware . After installing AAW, and before running the program, update reference files by using the bottom right button in the program, labeled "Check for Updates." Launch the program, and click on the Gear at the top of the start screen. Click the "Scanning" button. Under Drives & Folders, select "Scan within Archives". Click "Click here to select Drives + folders" and select your installed hard drives. Under Memory & Registry, select all options. Click the "Advanced" button. Under "Log-file detail", select all options. Click the "Tweaks" button. Under "Scanning Engine", select the following: "Include additional Ad-aware settings in logfile" and "Unload recognized processes during scanning." Under "Cleaning Engine", select the following: "Let Windows remove files in use after reboot." Click on 'Proceed' to save these Preferences. Please make sure that you activate IN-DEPTH scanning before you proceed ................................................. Increase the strength of Ad-Aware by installing the VX2 Cleaner plug-in. Close Ad-Aware 6. Download the free VX2 Cleaner here. Install the VX2 Cleaner. Start Ad-Aware and click on "Plug-ins". Select the VX2 Cleaner plug-in and click "Run Plugin". If your computer isn’t infected, click "Close". If your computer is infected: Select "Clean System". Reboot your computer. Scan your computer with Ad-Aware. Remove any VX2 objects detected. Reboot your computer again. Run a second scan to make sure the files have been removed from your computer. ................................................................. Download SPYBOT After installing Spybot S&D, update it by using the "Update" button on the left panel of the program. Search for updates and download anything it finds How to setup Ad-Aware and Spy-Bot S&D Check my signature for details And after that, please do the following: ........................................................................ Get The latest Version of Hijackthis 1.98 Download 'Hijack This!'.HERE Download link is on the left Unzip (extract) it to a folder of its own.Like c:\HJT\hijackthis.exe , Then Doubleclick HijackThis.exe (in the new folder), and hit "Scan". When the scan is finished, the "Scan" button will change into a "Save Log" button. Press that, then Ctrl-A to Select All, and copy its contents here. for hijackthis,most of what it lists will be harmless or even essential, don't fix anything yet. Reboot and post a new log ............................................................................................................ |
| ||
| Re: Please Help! I have a big Spyware Problem Thanks for your help, I did everything you told me (scanned with ad-aware, spybot...etc.) And here is the current hijackthis log Logfile of HijackThis v1.97.7 Scan saved at 6:09:29 PM, on 8/1/2004 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\PackethSvc.exe C:\WINDOWS\System32\cisvc.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\system32\pctspk.exe C:\Program Files\Norton AntiVirus\SAVScan.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe C:\WINDOWS\System32\winlog.exe C:\Program Files\Common Files\WinTools\WToolsS.exe C:\WINDOWS\system32\winel.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe c:\progra~1\intern~1\iexplore.exe C:\WINDOWS\System32\ALGATEWAY.EXE C:\WINDOWS\mfcsn32.exe c:\progra~1\intern~1\iexplore.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Common Files\WinTools\WToolsA.exe C:\Program Files\Yahoo!\browser\YBrowser.exe C:\Program Files\Common Files\WinTools\WSup.exe C:\WINDOWS\System32\cidaemon.exe C:\Program Files\Microsoft Works\MSWorks.exe C:\Program Files\HJT\HijackThis.exe C:\Program Files\Microsoft Works\wkswp.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\xlsuw.dll/sp.html#37049 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://xlsuw.dll/index.html#37049 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://xlsuw.dll/index.html#37049 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\xlsuw.dll/sp.html#37049 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://xlsuw.dll/index.html#37049 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\xlsuw.dll/sp.html#37049 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.ptgstototpfcbn.com/6VTa9f...g0TCA33w_s.jpg R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cust.../www.yahoo.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=40 R3 - Default URLSearchHook is missing F2 - REG:system.ini: UserInit=C:\Windows\System32\wsaupdater.exe, N2 - Netscape 6: user_pref("browser.startup.homepage", "http://www.pqsgygfubztbdglz.com/6VTa9fLZanhuDaMSZAjaTMcg9Bo7OPZC/i1MxMndAfQ.html");\nuser_pref("browser.startup.page", 1); (C:\Documents and Settings\Behzad Malekian\Application Data\Mozilla\Profiles\default\0wge8c5n.slt\prefs.js) N2 - Netscape 6: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%206%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Behzad Malekian\Application Data\Mozilla\Profiles\default\0wge8c5n.slt\prefs.js) O2 - BHO: (no name) - {7EFD4A6B-37E1-C72F-2816-ABB5899646D5} - C:\WINDOWS\system32\javazt32.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn0\ycomp5_3_12_0.dll (file missing) O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [Dvd Dash] C:\PROGRA~1\SUPPOR~1\drvwarnhide.exe O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [ManagerOnceMapiAcid] C:\Documents and Settings\All Users\Application Data\poll ace manager once\Movestyle.exe O4 - HKLM\..\Run: [Application Layer Gateway] ALGATEWAY.EXE O4 - HKLM\..\Run: [mfcsn32.exe] C:\WINDOWS\mfcsn32.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [Windows Login] winlog.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [WinTools] C:\Program Files\Common Files\WinTools\WToolsA.exe O4 - HKLM\..\RunServices: [Windows Login] winlog.exe O4 - HKLM\..\RunServices: [WUPDATE16] wupdate16.exe O4 - HKLM\..\RunServices: [virsscan] C:\WINDOWS\System32\WinT\scsaver.exe O4 - HKLM\..\RunServices: [Virtual System Monitor] pmfdsd.exe O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl O4 - HKLM\..\RunOnce: [winel.exe] C:\WINDOWS\system32\winel.exe O4 - HKLM\..\RunOnce: [addkx.exe] C:\WINDOWS\addkx.exe O4 - HKLM\..\RunOnce: [iesk.exe] C:\WINDOWS\system32\iesk.exe O4 - HKLM\..\RunOnce: [atlql.exe] C:\WINDOWS\atlql.exe O4 - HKLM\..\RunOnce: [mfcmo.exe] C:\WINDOWS\mfcmo.exe O4 - HKLM\..\RunOnce: [mfclh.exe] C:\WINDOWS\mfclh.exe O4 - HKLM\..\RunOnce: [addtb32.exe] C:\WINDOWS\addtb32.exe O4 - HKLM\..\RunOnce: [crmj.exe] C:\WINDOWS\system32\crmj.exe O4 - HKLM\..\RunOnce: [ipos32.exe] C:\WINDOWS\system32\ipos32.exe O4 - HKLM\..\RunOnce: [sdkwi.exe] C:\WINDOWS\sdkwi.exe O4 - HKLM\..\RunOnce: [netwd32.exe] C:\WINDOWS\system32\netwd32.exe O4 - HKLM\..\RunOnce: [apiyf32.exe] C:\WINDOWS\system32\apiyf32.exe O4 - HKLM\..\RunOnce: [ipbh32.exe] C:\WINDOWS\ipbh32.exe O4 - HKLM\..\RunOnce: [mfclx32.exe] C:\WINDOWS\mfclx32.exe O4 - HKLM\..\RunOnce: [winwj.exe] C:\WINDOWS\system32\winwj.exe O4 - HKLM\..\RunOnce: [ntqr.exe] C:\WINDOWS\system32\ntqr.exe O4 - HKLM\..\RunOnce: [apple.exe] C:\WINDOWS\apple.exe O4 - HKLM\..\RunOnce: [ntqb32.exe] C:\WINDOWS\ntqb32.exe O4 - HKLM\..\RunOnce: [ntoi32.exe] C:\WINDOWS\ntoi32.exe O4 - HKLM\..\RunOnce: [addoh32.exe] C:\WINDOWS\addoh32.exe O4 - HKLM\..\RunOnce: [crus.exe] C:\WINDOWS\system32\crus.exe O4 - HKLM\..\RunOnce: [atlti32.exe] C:\WINDOWS\atlti32.exe O4 - HKLM\..\RunOnce: [mfcso32.exe] C:\WINDOWS\mfcso32.exe O4 - HKLM\..\RunOnce: [atlpz32.exe] C:\WINDOWS\atlpz32.exe O4 - HKLM\..\RunOnce: [ienu.exe] C:\WINDOWS\system32\ienu.exe O4 - HKLM\..\RunOnce: [crvh.exe] C:\WINDOWS\crvh.exe O4 - HKLM\..\RunOnce: [ipip32.exe] C:\WINDOWS\ipip32.exe O4 - HKLM\..\RunOnce: [crin.exe] C:\WINDOWS\system32\crin.exe O4 - HKLM\..\RunOnce: [crbe.exe] C:\WINDOWS\crbe.exe O4 - HKLM\..\RunOnce: [addgs.exe] C:\WINDOWS\addgs.exe O4 - HKLM\..\RunOnce: [mfcnd.exe] C:\WINDOWS\system32\mfcnd.exe O4 - HKLM\..\RunOnce: [apiun.exe] C:\WINDOWS\apiun.exe O4 - HKLM\..\RunOnce: [winrn.exe] C:\WINDOWS\winrn.exe O4 - HKLM\..\RunOnce: [apioz32.exe] C:\WINDOWS\system32\apioz32.exe O4 - HKLM\..\RunOnce: [sdkea32.exe] C:\WINDOWS\system32\sdkea32.exe O4 - HKLM\..\RunOnce: [mfcdf32.exe] C:\WINDOWS\system32\mfcdf32.exe O4 - HKLM\..\RunOnce: [addza32.exe] C:\WINDOWS\addza32.exe O4 - HKLM\..\RunOnce: [atllf32.exe] C:\WINDOWS\atllf32.exe O4 - HKLM\..\RunOnce: [sdkql.exe] C:\WINDOWS\sdkql.exe O4 - HKCU\..\RunOnce: [Application Layer Gateway] ALGATEWAY.EXE O8 - Extra context menu item: &Download by Morgul - C:\Program Files\Morgul\ieext_cp.htm O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: &Register in Morgul - C:\Program Files\Morgul\ieext_reg.htm O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: Backward &Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: Download using LeechGet - file://C:\Program Files\LeechGet 2004\\AddUrl.html O8 - Extra context menu item: Download using LeechGet Wizard - file://C:\Program Files\LeechGet 2004\\Wizard.html O8 - Extra context menu item: Parse with LeechGet - file://C:\Program Files\LeechGet 2004\\Parser.html O8 - Extra context menu item: Si&milar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\SourceTec\Sothink SWF Quicker\InternetExplorer.htm O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM) O9 - Extra button: Yahoo! Login (HKLM) O9 - Extra 'Tools' menuitem: Yahoo! Login (HKLM) O9 - Extra button: Messenger (HKLM) O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM) O9 - Extra button: AIM (HKLM) O9 - Extra button: SWF Catcher (HKLM) O9 - Extra 'Tools' menuitem: Sothink SWF Catcher (HKLM) O9 - Extra button: Messenger (HKLM) O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM) O9 - Extra button: Support (HKCU) O14 - IERESET.INF: START_PAGE_URL=http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=3c01&lc=0409 O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/s...irector/sw.cab O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://imgfarm.com/images/nocache/fu...tup1.0.0.8.cab O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinstc.cab O16 - DPF: {35B7E48B-9D81-4C6C-9578-5FD4F620D886} - http://mars.installshield.com/is/x/1.../oci/setup.exe O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/ca...C_1_0_0_44.cab O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/...eInstaller.exe O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/acti...l_v1-0-3-9.cab O16 - DPF: {4E888414-DB8F-11D1-9CD9-00C04F98436A} (Microsoft.WinRep) - https://webresponse.one.microsoft.co...veX/winrep.cab O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/04f7748dcf2f183...p/RdxIE601.cab O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/...eInstaller.exe O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab O16 - DPF: {9CF28A69-7659-4C51-BFD5-9ADE19E19EC3} (RegConfig Class) - http://download.yahoo.com/dl/install...od/yregcfg.cab O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://download.yahoo.com/dl/installs/ymail/ymmapi.dll O16 - DPF: {A7E092C3-692A-11D0-A7E5-08002B322F3B} (WebResponseAttachments Control) - https://webresponse.one.microsoft.co...X/FileXfer.cab O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yaho...tocomplete.cab O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/tech...a/SymAData.dll O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub...sh/swflash.cab O16 - DPF: {DDFFA75A-E81D-4454-89FC-B9FD0631E726} - http://www.bundleware.com/activeX/DS3/DS3.cab O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/tech...ActiveData.cab O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex...l_v1-0-3-0.cab O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/is...71/mcfscan.cab O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX/kdx.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{4E0F062A-3101-4071-AAB7-FAA02AA33D70}: NameServer = 206.141.192.60,206.141.193.55 O17 - HKLM\System\CCS\Services\Tcpip\..\{9DB9E277-DC49-4839-94B6-F59C009A7BD6}: NameServer = 206.141.192.60 206.141.193.55 I am really appreciating your help, thanks |
| ||
| Re: Please Help! I have a big Spyware Problem WOW! ,I can't believe that you computer is running!A number of issues ,I summoned help from our Resident expert ,Crunchie ,please stand By!thanks You could run a free online virus scan while you are waiting .Check to auto fix and then scan .Here http://housecall.trendmicro.com/hous...start_corp.asp |
| ||
| Re: Please Help! I have a big Spyware Problem Thanks, I'll be scanning and waiting. |
| ||
| Re: Please Help! I have a big Spyware Problem Hi. First of all you need to update hijackthis to version 1.98.1 Run hijackthis & go to *Config\Misc Tools\Check for update on-line*. Remove 1.97 from the folder it is in & replace it with 1.98.1. Download About:buster from http://malwarebytes.biz/AboutBuster.zip and unzip it to your desktop. Do not run yet. Please go here for Wintools removal instructions. When done please open Task Manager & end process on the following; winlog.exe winel.exe ALGATEWAY.EXE mfcsn32.exe Then delete these files manually; C:\WINDOWS\System32\winlog.exe C:\WINDOWS\system32\winel.exe C:\WINDOWS\System32\ALGATEWAY.EXE C:\WINDOWS\mfcsn32.exe Close all (browser) windows & rescan with hijackthis. When the scan is finished place a check in the box to the left of the following entries & click 'fix checked': F2 - REG:system.ini: UserInit=C:\Windows\System32\wsaupdater.exe, N2 - Netscape 6: user_pref("browser.startup.homepage", "http://www.pqsgygfubztbdglz.com/6VTa9fLZanhuDaMSZAjaTMcg9Bo7OPZC/i1MxMndAfQ.html");\nuser_pref("browser.startup.page", 1); (C:\Documents and Settings\Behzad Malekian\Application Data\Mozilla\Profiles\default\0wge8c5n.slt\prefs.js) O2 - BHO: (no name) - {7EFD4A6B-37E1-C72F-2816-ABB5899646D5} - C:\WINDOWS\system32\javazt32.dll Is this next one legitimate? If not, have HJT fix it. O4 - HKLM\..\Run: [Dvd Dash] C:\PROGRA~1\SUPPOR~1\drvwarnhide.exe O4 - HKLM\..\Run: [ManagerOnceMapiAcid] C:\Documents and Settings\All Users\Application Data\poll ace manager once\Movestyle.exe O4 - HKLM\..\Run: [Application Layer Gateway] ALGATEWAY.EXE O4 - HKLM\..\Run: [mfcsn32.exe] C:\WINDOWS\mfcsn32.exe O4 - HKLM\..\Run: [Windows Login] winlog.exe O4 - HKLM\..\RunServices: [Windows Login] winlog.exe O4 - HKLM\..\RunServices: [WUPDATE16] wupdate16.exe O4 - HKLM\..\RunServices: [virsscan] C:\WINDOWS\System32\WinT\scsaver.exe O4 - HKLM\..\RunServices: [Virtual System Monitor] pmfdsd.exe O4 - HKLM\..\RunOnce: [winel.exe] C:\WINDOWS\system32\winel.exe O4 - HKLM\..\RunOnce: [addkx.exe] C:\WINDOWS\addkx.exe O4 - HKLM\..\RunOnce: [iesk.exe] C:\WINDOWS\system32\iesk.exe O4 - HKLM\..\RunOnce: [atlql.exe] C:\WINDOWS\atlql.exe O4 - HKLM\..\RunOnce: [mfcmo.exe] C:\WINDOWS\mfcmo.exe O4 - HKLM\..\RunOnce: [mfclh.exe] C:\WINDOWS\mfclh.exe O4 - HKLM\..\RunOnce: [addtb32.exe] C:\WINDOWS\addtb32.exe O4 - HKLM\..\RunOnce: [crmj.exe] C:\WINDOWS\system32\crmj.exe O4 - HKLM\..\RunOnce: [ipos32.exe] C:\WINDOWS\system32\ipos32.exe O4 - HKLM\..\RunOnce: [sdkwi.exe] C:\WINDOWS\sdkwi.exe O4 - HKLM\..\RunOnce: [netwd32.exe] C:\WINDOWS\system32\netwd32.exe O4 - HKLM\..\RunOnce: [apiyf32.exe] C:\WINDOWS\system32\apiyf32.exe O4 - HKLM\..\RunOnce: [ipbh32.exe] C:\WINDOWS\ipbh32.exe O4 - HKLM\..\RunOnce: [mfclx32.exe] C:\WINDOWS\mfclx32.exe O4 - HKLM\..\RunOnce: [winwj.exe] C:\WINDOWS\system32\winwj.exe O4 - HKLM\..\RunOnce: [ntqr.exe] C:\WINDOWS\system32\ntqr.exe O4 - HKLM\..\RunOnce: [apple.exe] C:\WINDOWS\apple.exe O4 - HKLM\..\RunOnce: [ntqb32.exe] C:\WINDOWS\ntqb32.exe O4 - HKLM\..\RunOnce: [ntoi32.exe] C:\WINDOWS\ntoi32.exe O4 - HKLM\..\RunOnce: [addoh32.exe] C:\WINDOWS\addoh32.exe O4 - HKLM\..\RunOnce: [crus.exe] C:\WINDOWS\system32\crus.exe O4 - HKLM\..\RunOnce: [atlti32.exe] C:\WINDOWS\atlti32.exe O4 - HKLM\..\RunOnce: [mfcso32.exe] C:\WINDOWS\mfcso32.exe O4 - HKLM\..\RunOnce: [atlpz32.exe] C:\WINDOWS\atlpz32.exe O4 - HKLM\..\RunOnce: [ienu.exe] C:\WINDOWS\system32\ienu.exe O4 - HKLM\..\RunOnce: [crvh.exe] C:\WINDOWS\crvh.exe O4 - HKLM\..\RunOnce: [ipip32.exe] C:\WINDOWS\ipip32.exe O4 - HKLM\..\RunOnce: [crin.exe] C:\WINDOWS\system32\crin.exe O4 - HKLM\..\RunOnce: [crbe.exe] C:\WINDOWS\crbe.exe O4 - HKLM\..\RunOnce: [addgs.exe] C:\WINDOWS\addgs.exe O4 - HKLM\..\RunOnce: [mfcnd.exe] C:\WINDOWS\system32\mfcnd.exe O4 - HKLM\..\RunOnce: [apiun.exe] C:\WINDOWS\apiun.exe O4 - HKLM\..\RunOnce: [winrn.exe] C:\WINDOWS\winrn.exe O4 - HKLM\..\RunOnce: [apioz32.exe] C:\WINDOWS\system32\apioz32.exe O4 - HKLM\..\RunOnce: [sdkea32.exe] C:\WINDOWS\system32\sdkea32.exe O4 - HKLM\..\RunOnce: [mfcdf32.exe] C:\WINDOWS\system32\mfcdf32.exe O4 - HKLM\..\RunOnce: [addza32.exe] C:\WINDOWS\addza32.exe O4 - HKLM\..\RunOnce: [atllf32.exe] C:\WINDOWS\atllf32.exe O4 - HKLM\..\RunOnce: [sdkql.exe] C:\WINDOWS\sdkql.exe O4 - HKCU\..\RunOnce: [Application Layer Gateway] ALGATEWAY.EXE O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://imgfarm.com/images/nocache/f...etup1.0.0.8.cab O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/04f7748dcf2f18...ip/RdxIE601.cab O16 - DPF: {DDFFA75A-E81D-4454-89FC-B9FD0631E726} - http://www.bundleware.com/activeX/DS3/DS3.cab Reboot into safe mode following the instructions here & navigate to & delete the following if found: C:\Windows\System32\wsaupdater.exe-file C:\PROGRA~1\SUPPOR~1-folder (If not legitimate) C:\Documents and Settings\All Users\Application Data\poll ace manager once-folder C:\WINDOWS\System32\WinT-folder C:\WINDOWS\addkx.exe C:\WINDOWS\system32\iesk.exe C:\WINDOWS\atlql.exe C:\WINDOWS\mfcmo.exe C:\WINDOWS\mfclh.exe C:\WINDOWS\addtb32.exe C:\WINDOWS\system32\crmj.exe C:\WINDOWS\system32\ipos32.exe C:\WINDOWS\sdkwi.exe C:\WINDOWS\system32\netwd32.exe C:\WINDOWS\system32\apiyf32.exe C:\WINDOWS\ipbh32.exe C:\WINDOWS\mfclx32.exe C:\WINDOWS\system32\winwj.exe C:\WINDOWS\system32\ntqr.exe C:\WINDOWS\apple.exe C:\WINDOWS\ntqb32.exe C:\WINDOWS\ntoi32.exe C:\WINDOWS\addoh32.exe C:\WINDOWS\system32\crus.exe C:\WINDOWS\atlti32.exe C:\WINDOWS\mfcso32.exe C:\WINDOWS\atlpz32.exe C:\WINDOWS\system32\ienu.exe C:\WINDOWS\crvh.exe C:\WINDOWS\ipip32.exe C:\WINDOWS\system32\crin.exe C:\WINDOWS\crbe.exe C:\WINDOWS\addgs.exe C:\WINDOWS\system32\mfcnd.exe C:\WINDOWS\apiun.exe C:\WINDOWS\winrn.exe C:\WINDOWS\system32\apioz32.exe C:\WINDOWS\system32\sdkea32.exe C:\WINDOWS\system32\mfcdf32.exe C:\WINDOWS\addza32.exe C:\WINDOWS\atllf32.exe C:\WINDOWS\sdkql.exe In order to view these files you may have to select 'show hidden files/folders.' Instructions on how to here. Still in safe mode, do the following; Run About:buster, click OK, Start, and OK again to start the scan. Let it scan and fix everything it finds. Still in safe mode, do a full system scan with Adaware. When the scan is finished select *next* & place a check in the boxes to the left of what is found & click *next* again. Let it delete those entries. Reboot your computer in normal mode. Can you download the following app. VX2Finder Reboot and stay off the internet until the entire procedure is complete. 1.) Run Vx2Finder click on the 'Click to find VX2.BetterInternet' button. 2.) Then click 'make log'. 3.) Highlight all the files and click the 'Delete these files' button. 4.) You will be left with notice about one to be deleted on reboot. 5.) Reboot 6.) Run VX2Finder again and click on these buttons in the right pane: - user agent - Guardian.reg - restore policy 7.) Exit and reboot once more. 8.) Run VX2Finder again click on the 'Click to Find VX2.BetterInternet' Button. 9.) Click 'Make Log' 10.) Post the first log and the second log in your next thread with another hijackthis log. |
| ||
| Re: Please Help! I have a big Spyware Problem Thanks for your help ;) Log for VX2.BetterInternet File Finder (msg126) Files Found--- Additional Files--- Keys Under Notify--- crypt32chain cryptnet cscdll ScCertProp Schedule sclgntfy SensLogn termsrv wlballoon Guardian Key--- is called: User Agent String--- Logfile of HijackThis v1.98.1 Scan saved at 12:25:59 PM, on 8/3/2004 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\PackethSvc.exe C:\WINDOWS\System32\cisvc.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\system32\pctspk.exe C:\Program Files\Norton AntiVirus\SAVScan.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe C:\WINDOWS\ipho.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\QuickTime\qttask.exe C:\Documents and Settings\Behzad Malekian\Desktop\VX2Finder(126).exe C:\Program Files\Microsoft Works\wkswp.exe C:\Program Files\Microsoft Works\MSWorks.exe C:\Program Files\Microsoft Works\wkgdcach.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\HJT\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=40 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.docdtyxppyzptosc.net/6VTa...0TCA33w_s.html R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cust.../www.yahoo.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - Default URLSearchHook is missing N2 - Netscape 6: user_pref("browser.startup.homepage", "http://home.netscape.com/"); (C:\Documents and Settings\Behzad Malekian\Application Data\Mozilla\Profiles\default\0wge8c5n.slt\prefs.js) N2 - Netscape 6: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%206%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Behzad Malekian\Application Data\Mozilla\Profiles\default\0wge8c5n.slt\prefs.js) O2 - BHO: (no name) - {EB88038F-9FCA-144C-1828-0E3D30A95BAB} - C:\WINDOWS\system32\addnt32.dll (file missing) O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn0\ycomp5_3_12_0.dll (file missing) O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Windows Login] winlog.exe O4 - HKLM\..\RunServices: [Windows Login] winlog.exe O4 - HKLM\..\RunOnce: [atlsf32.exe] C:\WINDOWS\atlsf32.exe O4 - HKLM\..\RunOnce: [mfcph32.exe] C:\WINDOWS\system32\mfcph32.exe O4 - HKLM\..\RunOnce: [addkx.exe] C:\Windows\addkx.exe O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl O8 - Extra context menu item: &Download by Morgul - C:\Program Files\Morgul\ieext_cp.htm O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: &Register in Morgul - C:\Program Files\Morgul\ieext_reg.htm O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: Backward &Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: Download using LeechGet - file://C:\Program Files\LeechGet 2004\\AddUrl.html O8 - Extra context menu item: Download using LeechGet Wizard - file://C:\Program Files\LeechGet 2004\\Wizard.html O8 - Extra context menu item: Parse with LeechGet - file://C:\Program Files\LeechGet 2004\\Parser.html O8 - Extra context menu item: Si&milar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\SourceTec\Sothink SWF Quicker\InternetExplorer.htm O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\SourceTec\Sothink SWF Quicker\InternetExplorer.htm O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\SourceTec\Sothink SWF Quicker\InternetExplorer.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra button: Support - {F497ADFA-4C56-441D-BE6B-1FDD26D5045C} - C:\Program Files\Internet Explorer\SIGNUP\Presario.htm (HKCU) O14 - IERESET.INF: START_PAGE_URL=http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=3c01&lc=0409 O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://imgfarm.com/images/nocache/fu...tup1.0.0.8.cab O16 - DPF: {35B7E48B-9D81-4C6C-9578-5FD4F620D886} - http://mars.installshield.com/is/x/1.../oci/setup.exe O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/ca...C_1_0_0_44.cab O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/...eInstaller.exe O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/acti...l_v1-0-3-9.cab O16 - DPF: {4E888414-DB8F-11D1-9CD9-00C04F98436A} (Microsoft.WinRep) - https://webresponse.one.microsoft.co...veX/winrep.cab O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/04f7748dcf2f183...p/RdxIE601.cab O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/...eInstaller.exe O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab O16 - DPF: {A7E092C3-692A-11D0-A7E5-08002B322F3B} (WebResponseAttachments Control) - https://webresponse.one.microsoft.co...X/FileXfer.cab O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yaho...tocomplete.cab O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/tech...a/SymAData.dll O16 - DPF: {DDFFA75A-E81D-4454-89FC-B9FD0631E726} - http://www.bundleware.com/activeX/DS3/DS3.cab O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/tech...ActiveData.cab O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex...l_v1-0-3-0.cab O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/is...71/mcfscan.cab O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX/kdx.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{4E0F062A-3101-4071-AAB7-FAA02AA33D70}: NameServer = 206.141.192.60,206.141.193.55 O17 - HKLM\System\CCS\Services\Tcpip\..\{9DB9E277-DC49-4839-94B6-F59C009A7BD6}: NameServer = 206.141.192.60 206.141.193.55 O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll |
| ||
| Re: Please Help! I have a big Spyware Problem Reboot into safe mode following the instructions here & Close all (browser) windows & rescan with hijackthis. When the scan is finished place a check in the box to the left of the following entries & click 'fix checked': R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.docdtyxppyzptosc.net/6VT...g0TCA33w_s.html R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cus...//www.yahoo.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - Default URLSearchHook is missing O2 - BHO: (no name) - {EB88038F-9FCA-144C-1828-0E3D30A95BAB} - C:\WINDOWS\system32\addnt32.dll (file missing) O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn0\ycomp5_3_12_0.dll (file missing) O4 - HKLM\..\Run: [Windows Login] winlog.exe O4 - HKLM\..\RunServices: [Windows Login] winlog.exe O4 - HKLM\..\RunOnce: [atlsf32.exe] C:\WINDOWS\atlsf32.exe O4 - HKLM\..\RunOnce: [mfcph32.exe] C:\WINDOWS\system32\mfcph32.exe O4 - HKLM\..\RunOnce: [addkx.exe] C:\Windows\addkx.exe These are still there too, so remove them also; O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://imgfarm.com/images/nocache/f...etup1.0.0.8.cab O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/04f7748dcf2f18...ip/RdxIE601.cab O16 - DPF: {DDFFA75A-E81D-4454-89FC-B9FD0631E726} - http://www.bundleware.com/activeX/DS3/DS3.cab navigate to & delete the following if found: C:\WINDOWS\System32\winlog.exe C:\WINDOWS\ipho.exe C:\WINDOWS\atlsf32.exe C:\WINDOWS\system32\mfcph32.exe C:\Windows\addkx.exe Reboot normally after doing the above then post a fresh log please. Go here for an on-line scan & set it to autoclean for you. Try this scan as well. Did VX2 finder find anything? |
| ||
| Re: Please Help! I have a big Spyware Problem The VX2 Finder Didn't Find Anything. I am still vius scanning with PandaActiveScan. TrendMicro just froze everytime I tried it. Here is the current hijackthis log C:\PROGRA~1\Yahoo!\browser\YBrowser.exe C:\WINDOWS\System32\cidaemon.exe C:\Program Files\HJT\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search200.com/passthrough/ind...www.google.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=40 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.pjokpuvbjvfnjdqwkmez.com/...0TCA33w_s.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank N2 - Netscape 6: user_pref("browser.startup.homepage", "http://home.netscape.com/"); (C:\Documents and Settings\Behzad Malekian\Application Data\Mozilla\Profiles\default\0wge8c5n.slt\prefs.js) N2 - Netscape 6: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%206%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Behzad Malekian\Application Data\Mozilla\Profiles\default\0wge8c5n.slt\prefs.js) O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Dvd Dash] C:\PROGRA~1\SUPPOR~1\drvwarnhide.exe O4 - HKLM\..\Run: [winlogin] C:\WINDOWS\System32\winlogin.exe O4 - HKLM\..\RunServices: [Windows Login] winlog.exe O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl O8 - Extra context menu item: &Download by Morgul - C:\Program Files\Morgul\ieext_cp.htm O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: &Register in Morgul - C:\Program Files\Morgul\ieext_reg.htm O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: Backward &Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: Download using LeechGet - file://C:\Program Files\LeechGet 2004\\AddUrl.html O8 - Extra context menu item: Download using LeechGet Wizard - file://C:\Program Files\LeechGet 2004\\Wizard.html O8 - Extra context menu item: Parse with LeechGet - file://C:\Program Files\LeechGet 2004\\Parser.html O8 - Extra context menu item: Si&milar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\SourceTec\Sothink SWF Quicker\InternetExplorer.htm O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\SourceTec\Sothink SWF Quicker\InternetExplorer.htm O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\SourceTec\Sothink SWF Quicker\InternetExplorer.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra button: Support - {F497ADFA-4C56-441D-BE6B-1FDD26D5045C} - C:\Program Files\Internet Explorer\SIGNUP\Presario.htm (HKCU) O14 - IERESET.INF: START_PAGE_URL=http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=3c01&lc=0409 O16 - DPF: {27527D31-447B-11D5-A46E-0001023B4289} (CoGSManager Class) - http://gamingzone.ubisoft.com/dev/pa.../GSManager.cab O16 - DPF: {35B7E48B-9D81-4C6C-9578-5FD4F620D886} - http://mars.installshield.com/is/x/1.../oci/setup.exe O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/ca...C_1_0_0_44.cab O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/...eInstaller.exe O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/acti...l_v1-0-3-9.cab O16 - DPF: {4E888414-DB8F-11D1-9CD9-00C04F98436A} (Microsoft.WinRep) - https://webresponse.one.microsoft.co...veX/winrep.cab O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/...eInstaller.exe O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab O16 - DPF: {A7E092C3-692A-11D0-A7E5-08002B322F3B} (WebResponseAttachments Control) - https://webresponse.one.microsoft.co...X/FileXfer.cab O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yaho...tocomplete.cab O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/tech...a/SymAData.dll O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/tech...ActiveData.cab O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex...l_v1-0-3-0.cab O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/is...71/mcfscan.cab O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX/kdx.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{4E0F062A-3101-4071-AAB7-FAA02AA33D70}: NameServer = 206.141.192.60,206.141.193.55 O17 - HKLM\System\CCS\Services\Tcpip\..\{9DB9E277-DC49-4839-94B6-F59C009A7BD6}: NameServer = 206.141.192.60 206.141.193.55 O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll Thanks For Your Help, My PC has improved a lot, but it is still kinda slow, and it takes for ever for it to load my desktop, and I only have one startup item. |
| ||
| Re: Please Help! I have a big Spyware Problem Thought I had replied to this yesterday :o . Doesn't look like a full log. Please reboot in normal mode & rescan with HJT & post the log again. |
| All times are GMT -4. The time now is 1:08 am. |
Forum system based on vBulletin Copyright ©2000 - 2009, Jelsoft Enterprises Ltd.
©2003 - 2009 DaniWeb® LLC