 |  |  |  |  |  |  |  |
Have tried everything
 |
I am at a loss. i have tried absolutely everything. I have spyware (of course) and can't get rid of it. It is now to the point where I post on these tech support websites and once I reboot I can't even get back in. I have run the latest version of ad-aware. I have ran spy sweeper, CWSHshredder, Spy botand regcleaner. I have also defragmented my computer and also ran it in safe mode and ran those programs. I really don't know what to do anymore. I am still getting the pop ups, still slow and when I boot up it goes to my dic & settings folder.This is my latest log. if anyone has any other suggestions...please HELP.
Logfile of HijackThis v1.97.7
Scan saved at 5:07:18 PM, on 5/4/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\CTSvcCDA.EXE
C:\WINDOWS\System32\gearsec.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\windows\temp\u.exe
C:\windows\temp\u.exe
C:\WINDOWS\System32\IEHost.exe
C:\WINDOWS\System32\grpsn1.exe
C:\Program Files\Optimum Online\Netsurf.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S0BIC1.EXE
C:\WINDOWS\mHotkey.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\XmuX.exe
C:\WINDOWS\System32\Pxq7v1Z.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Microsoft Money\System\urlmap.exe
C:\Documents and Settings\Marna Lee\Local Settings\Temp\Temporary Directory 1 for hijackthis1977.zip\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\System32\SearchBar.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R3 - URLSearchHook: (no name) - {CFBFAE00-17A6-11D0-99CB-00C04FD64497}_ - (no file)
R3 - URLSearchHook: (no name) - {707E6F76-9FFB-4920-A976-EA101271BC25} - C:\Program Files\TV Media\TvmBho.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {08351226-6472-43BD-8A40-D9221FF1C4CE} - C:\Program Files\XoloX\SbCIe026.dll
O2 - BHO: (no name) - {707E6F76-9FFB-4920-A976-EA101271BC25} - C:\Program Files\TV Media\TvmBho.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\windows\googletoolbar2.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\windows\googletoolbar2.dll
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [TV Media] C:\Program Files\TV Media\Tvm.exe
O4 - HKLM\..\Run: [u.exe] C:\windows\temp\u.exe
O4 - HKLM\..\Run: [Bakra] C:\WINDOWS\System32\IEHost.exe
O4 - HKLM\..\Run: [2N85L533MR#GJT] C:\WINDOWS\System32\Zubyk.exe
O4 - HKLM\..\Run: [wsoW3nO] C:\WINDOWS\System32\grpsn1.exe
Logfile of HijackThis v1.97.7
Scan saved at 5:07:18 PM, on 5/4/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\CTSvcCDA.EXE
C:\WINDOWS\System32\gearsec.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\windows\temp\u.exe
C:\windows\temp\u.exe
C:\WINDOWS\System32\IEHost.exe
C:\WINDOWS\System32\grpsn1.exe
C:\Program Files\Optimum Online\Netsurf.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S0BIC1.EXE
C:\WINDOWS\mHotkey.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\XmuX.exe
C:\WINDOWS\System32\Pxq7v1Z.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Microsoft Money\System\urlmap.exe
C:\Documents and Settings\Marna Lee\Local Settings\Temp\Temporary Directory 1 for hijackthis1977.zip\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\System32\SearchBar.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R3 - URLSearchHook: (no name) - {CFBFAE00-17A6-11D0-99CB-00C04FD64497}_ - (no file)
R3 - URLSearchHook: (no name) - {707E6F76-9FFB-4920-A976-EA101271BC25} - C:\Program Files\TV Media\TvmBho.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {08351226-6472-43BD-8A40-D9221FF1C4CE} - C:\Program Files\XoloX\SbCIe026.dll
O2 - BHO: (no name) - {707E6F76-9FFB-4920-A976-EA101271BC25} - C:\Program Files\TV Media\TvmBho.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\windows\googletoolbar2.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\windows\googletoolbar2.dll
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [TV Media] C:\Program Files\TV Media\Tvm.exe
O4 - HKLM\..\Run: [u.exe] C:\windows\temp\u.exe
O4 - HKLM\..\Run: [Bakra] C:\WINDOWS\System32\IEHost.exe
O4 - HKLM\..\Run: [2N85L533MR#GJT] C:\WINDOWS\System32\Zubyk.exe
O4 - HKLM\..\Run: [wsoW3nO] C:\WINDOWS\System32\grpsn1.exe
•
•
Join Date: Oct 2003
Posts: 165
Reputation: 
Solved Threads: 5
Junior Poster
i'm no expert, but
C:\WINDOWS\mHotkey.exe (looks gay)
O4 - HKLM\..\Run: [Bakra] C:\WINDOWS\System32\IEHost.exe (looks gay)
O4 - HKLM\..\Run: [2N85L533MR#GJT] C:\WINDOWS\System32\Zubyk.exe (ditto)
O4 - HKLM\..\Run: [wsoW3nO] C:\WINDOWS\System32\grpsn1.exe (appears faggish)
I say REFORMAT.
[ps no offense meant, but you do know you have to check the boxes next to the things adaware found right?]
p.s.s. soulseek ...check it out,better than xolox
C:\WINDOWS\mHotkey.exe (looks gay)
O4 - HKLM\..\Run: [Bakra] C:\WINDOWS\System32\IEHost.exe (looks gay)
O4 - HKLM\..\Run: [2N85L533MR#GJT] C:\WINDOWS\System32\Zubyk.exe (ditto)
O4 - HKLM\..\Run: [wsoW3nO] C:\WINDOWS\System32\grpsn1.exe (appears faggish)
I say REFORMAT.
[ps no offense meant, but you do know you have to check the boxes next to the things adaware found right?]
p.s.s. soulseek ...check it out,better than xolox
|
Other Threads in the Viruses, Spyware and other Nasties Forum
- Previous Thread: I occasionally get hijacked when browsing.
- Next Thread: popuppers.com - hijack this log - now what?
Views: 1969 | Replies: 1
| Thread Tools | Search this Thread |
Latest Viruses, Spyware and other Nasties Posts
Related Forum Features
Tag cloud for Viruses, Spyware and other Nasties
acrobat adware anti-malware anti-virussitesaccessissue antivirus apple attack avg backtoschoolspeech bar blackhat botnet botnets censorship china combofix commercial conficker control cybercrime cyberwarfare ddos education email europe exam exploit explorer facebook fake fancheckvirus firefox gtaiv halloween herss.exe hijack hosting ie8 internet iphone links logfiles malware mcafee microsoft mobile msn nazi news norton obama onlinethreats paedophile panel parents patch pc pdf policeprovirusmba-mblockedinternetaccess president privacy pro redirect redirecting report research rogueantivirus rootkit samhain sans scareware search security seopoisoning sites software spam spyware spywareexternalwindows7adminstratortrojans symantec system teen threat translate trojan unabletoaccessanti-virussites unwanted update usa virus viruses vista vulnerability war warning windows worm yahoo zero-day zeroday
