Member Panel

Remember me ?

Forgot password?   

Sponsors and Ads

Live Tag Cloud
PC Forum PC Help Forum » Security & Safety » [Fixed] Hijackthis! Logs » [FIXED] Library of Spyware and Adware on my PC

[Fixed] Hijackthis! Logs - [FIXED] Library of Spyware and Adware on my PC posted in the Security & Safety forums; Hi, It seems that my laptop could be used as an example of infection of, what seems to be, every spyware/adware progam known to man. The ones that I have ...

JOIN US NOW to remove these Ads

Post New Thread  Reply
Page 1 of 11 1 2 3 4 5 > Last »
  #1  
Old 09-22-2005
Tigereye1786's Avatar
Bronze Member
  
Join Date: Sep 2005
Posts: 25
Tigereye1786 - See this Members User comments on their Profile page
Default [FIXED] Library of Spyware and Adware on my PC
Hi,
It seems that my laptop could be used as an example of infection of, what seems to be, every spyware/adware progam known to man. The ones that I have identified and quasi-researched were PeopleOnPage, IST bar, and The Best Offers which somehow installed itself on my Add/Remove programs list (which I am so far unable to remove). I have run CCleaner, ewido, and HijackThis. The scan and HJT logs are attached. So if you can help me with the remaining bugs other than the 45 or so infected files that ewido found, your help is greatly appriciated. Thanks.
Attached Files
File Type: txt hijackthis.log9.22.05.txt (10.2 KB, 4 views)


  #2  
Old 09-22-2005
Hengis's Avatar
PCHF Founder & Owner
My PC
 
Join Date: Jan 2004
Location: Newbury, England
Posts: 10,838
PC Experience: Always learning
Hengis - See this Members User comments on their Profile page Hengis - See this Members User comments on their Profile page Hengis - See this Members User comments on their Profile page Hengis - See this Members User comments on their Profile page Hengis - See this Members User comments on their Profile page Hengis - See this Members User comments on their Profile page Hengis - See this Members User comments on their Profile page Hengis - See this Members User comments on their Profile page Hengis - See this Members User comments on their Profile page Hengis - See this Members User comments on their Profile page Hengis - See this Members User comments on their Profile page
Send a message via Skype™ to Hengis
Default Re: Library of Spyware and Adware on my PC
Welcome to the forum Tigereye1786

Before you send that PC off to be forensically tested and stored in the X-Files (Spyware Dept.) bunker, I would like to say that we have some excellent Spyware minds that work tirelessly on this site and they will be more than happy to vanquish those nasties from your PC. I am sure one of them will be along soon to cast their eyes over your logs


__________________
> Pre-Work > System File Checker
> Did we help you? If we did, please consider Donating
  #3  
Old 09-22-2005
Tigereye1786's Avatar
Bronze Member
  
Join Date: Sep 2005
Posts: 25
Tigereye1786 - See this Members User comments on their Profile page
Default Re: Library of Spyware and Adware on my PC
Boy, do I hope so! :-o
Thanks.
  #4  
Old 09-22-2005
ladygreenwitch's Avatar
Elite Member
  
Join Date: Jul 2005
Location: Bay Area California
Posts: 4,642
ladygreenwitch - See this Members User comments on their Profile page ladygreenwitch - See this Members User comments on their Profile page ladygreenwitch - See this Members User comments on their Profile page
Default Re: Library of Spyware and Adware on my PC
:-D Hey Tigereye,

Can you do me a favor please. Post the ewido log by copying and pasting into your post. they don't convert well to text, (They actually turn into Chinese :lol
In the mean time I'll take a look at your HJT log.

Also, when you ran ewido, did you allow it to fix the items it found?

TTFN

T
  #5  
Old 09-22-2005
Tigereye1786's Avatar
Bronze Member
  
Join Date: Sep 2005
Posts: 25
Tigereye1786 - See this Members User comments on their Profile page
Default Re: Library of Spyware and Adware on my PC
Here is the ewido log file.
Yes I did let it correct the infected files.

+ Created on: 12:48:40 AM, 9/22/2005
+ Report-Checksum: 62599C72

+ Scan result:

HKLM\SOFTWARE\Classes\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} -> Spyware.MiniBug : Cleaned with backup
HKLM\SOFTWARE\ISTsvc -> Spyware.ISTBar : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{8A0DCBDA-6E20-489C-9041-C1E8A0352E75} -> Spyware.NetNucleus : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uni nstall\ISTsvc -> Spyware.ISTBar : Cleaned with backup
HKLM\SYSTEM\CurrentControlSet\Control\Print\Monito rs\ZepMon -> Spyware.BetterInternet : Cleaned with backup
HKU\S-1-5-21-2491644285-426764551-501881172-1017\Software\IST -> Spyware.ISTBar : Cleaned with backup
HKU\S-1-5-21-2491644285-426764551-501881172-1017\Software\Microsoft\Windows\CurrentVersion\Ext \Settings\{16B238D5-80DE-47CE-8F17-B3ECE2C2248D} -> Spyware.Begin2Search : Cleaned with backup
HKU\S-1-5-21-2491644285-426764551-501881172-1017\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{00000000-F09C-02B4-6EC2-AD0300000000} -> Spyware.Transponder : Cleaned with backup
HKU\S-1-5-21-2491644285-426764551-501881172-1017\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{016235BE-59D4-4CEB-ADD5-E2378282A1D9} -> Spyware.AproposMedia : Cleaned with backup
HKU\S-1-5-21-2491644285-426764551-501881172-1017\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{10E42047-DEB9-4535-A118-B3F6EC39B807} -> Spyware.SideFind : Cleaned with backup
HKU\S-1-5-21-2491644285-426764551-501881172-1017\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{16B238D5-80DE-47CE-8F17-B3ECE2C2248D} -> Spyware.Begin2Search : Cleaned with backup
HKU\S-1-5-21-2491644285-426764551-501881172-1017\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{4A2AACF3-ADF6-11D5-98A9-00E018981B9E} -> Spyware.NewDotNet : Cleaned with backup
HKU\S-1-5-21-2491644285-426764551-501881172-1017\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{86227D9C-0EFE-4F8A-AA55-30386A3F5686} -> Spyware.YourSiteBar : Cleaned with backup
HKU\S-1-5-21-2491644285-426764551-501881172-1017\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{A3FDD654-A057-4971-9844-4ED8E67DBBB8} -> Spyware.ISTBar : Cleaned with backup
HKU\S-1-5-21-2491644285-426764551-501881172-1017\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{C900B400-CDFE-11D3-976A-00E02913A9E0} -> Spyware.Webhancer : Cleaned with backup
HKU\S-1-5-21-2491644285-426764551-501881172-1017\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{F4E04583-354E-4076-BE7D-ED6A80FD66DA} -> Spyware.BargainBuddy : Cleaned with backup
[892] C:\WINDOWS\system32\qrstlkr.exe -> Trojan.Agent.cp : Cleaned with backup
:mozilla.11:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jfmx7r35.default\coo kies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.12:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jfmx7r35.default\coo kies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.13:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jfmx7r35.default\coo kies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.16:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jfmx7r35.default\coo kies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.18:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jfmx7r35.default\coo kies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.23:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jfmx7r35.default\coo kies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.24:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jfmx7r35.default\coo kies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.25:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jfmx7r35.default\coo kies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.30:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jfmx7r35.default\coo kies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.6:C:\Documents and Settings\nikhilp\Application Data\Mozilla\Firefox\Profiles\mqz3cb62.Nikhil\cook ies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.7:C:\Documents and Settings\nikhilp\Application Data\Mozilla\Firefox\Profiles\mqz3cb62.Nikhil\cook ies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.8:C:\Documents and Settings\nikhilp\Application Data\Mozilla\Firefox\Profiles\mqz3cb62.Nikhil\cook ies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.10:C:\Documents and Settings\nikhilp\Application Data\Mozilla\Firefox\Profiles\mqz3cb62.Nikhil\cook ies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.11:C:\Documents and Settings\nikhilp\Application Data\Mozilla\Firefox\Profiles\mqz3cb62.Nikhil\cook ies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.12:C:\Documents and Settings\nikhilp\Application Data\Mozilla\Firefox\Profiles\mqz3cb62.Nikhil\cook ies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.17:C:\Documents and Settings\nikhilp\Application Data\Mozilla\Firefox\Profiles\mqz3cb62.Nikhil\cook ies.txt -> Spyware.Cookie.Myaffiliateprogram : Cleaned with backup
:mozilla.18:C:\Documents and Settings\nikhilp\Application Data\Mozilla\Firefox\Profiles\mqz3cb62.Nikhil\cook ies.txt -> Spyware.Cookie.Myaffiliateprogram : Cleaned with backup
:mozilla.28:C:\Documents and Settings\nikhilp\Application Data\Mozilla\Firefox\Profiles\mqz3cb62.Nikhil\cook ies.txt -> Spyware.Cookie.Adjuggler : Cleaned with backup
:mozilla.29:C:\Documents and Settings\nikhilp\Application Data\Mozilla\Firefox\Profiles\mqz3cb62.Nikhil\cook ies.txt -> Spyware.Cookie.Adjuggler : Cleaned with backup
:mozilla.34:C:\Documents and Settings\nikhilp\Application Data\Mozilla\Firefox\Profiles\mqz3cb62.Nikhil\cook ies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.51:C:\Documents and Settings\nikhilp\Application Data\Mozilla\Firefox\Profiles\mqz3cb62.Nikhil\cook ies.txt -> Spyware.Cookie.Bluestreak : Cleaned with backup
:mozilla.52:C:\Documents and Settings\nikhilp\Application Data\Mozilla\Firefox\Profiles\mqz3cb62.Nikhil\cook ies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.53:C:\Documents and Settings\nikhilp\Application Data\Mozilla\Firefox\Profiles\mqz3cb62.Nikhil\cook ies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.54:C:\Documents and Settings\nikhilp\Application Data\Mozilla\Firefox\Profiles\mqz3cb62.Nikhil\cook ies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.55:C:\Documents and Settings\nikhilp\Application Data\Mozilla\Firefox\Profiles\mqz3cb62.Nikhil\cook ies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.56:C:\Documents and Settings\nikhilp\Application Data\Mozilla\Firefox\Profiles\mqz3cb62.Nikhil\cook ies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.57:C:\Documents and Settings\nikhilp\Application Data\Mozilla\Firefox\Profiles\mqz3cb62.Nikhil\cook ies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.64:C:\Documents and Settings\nikhilp\Application Data\Mozilla\Firefox\Profiles\mqz3cb62.Nikhil\cook ies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
C:\Program Files\Common Files\services.exe -> Spyware.Maxifiles : Cleaned with backup
C:\Program Files\Common Files\system32.dll/gui.exe -> TrojanDownloader.Agent.rv : Error during cleaning
C:\Program Files\Common Files\Windows\services32.exe -> Spyware.Maxifiles : Cleaned with backup
C:\Program Files\DNS\gui.exe -> TrojanDownloader.Agent.rv : Cleaned with backup
C:\Program Files\DVD Author\TMPGEnc.DVD.Author.v1.6.26.73.Incl.Keygen-PARADOX\pdx-td16.exe -> TrojanDropper.Delf.fl : Cleaned with backup
C:\Program Files\DVD Author\TMPGEnc.DVD.Author.v1.6.26.73.Incl.Keygen-PARADOX.zip/pdx-td16.exe -> TrojanDropper.Delf.fl : Error during cleaning
C:\Program Files\ISTsvc -> Spyware.ISTBar : Cleaned with backup
C:\Program Files\ISTsvc\istsvc.exe -> Spyware.ISTBar : Cleaned with backup
C:\Program Files\Tesosoft\Cache\00004e45_432c1466_0005b89e -> TrojanDownloader.IstBar.j : Cleaned with backup
C:\Program Files\Tesosoft\Cache\000056ae_432c14c4_000de61e -> TrojanDownloader.IstBar.j : Cleaned with backup
C:\WINDOWS\imgnwqo.exe -> TrojanDownloader.IstBar.ij : Cleaned with backup
C:\WINDOWS\system32\f3PSSavr.scr -> Spyware.MyWebSearch : Cleaned with backup
C:\WINDOWS\system32\wingmt32.exe -> Worm.Mytob : Cleaned with backup
C:\WINDOWS\system32\winsvc32.exe -> Backdoor.SdBot : Cleaned with backup
C:\wingmt32.exe -> Worm.Mytob : Cleaned with backup
D:\My Documents\Programs\TMPGEnc.DVD.Author.v1.6.26.73.I ncl.Keygen-PARADOX.zip/pdx-td16.exe -> TrojanDropper.Delf.fl : Error during cleaning
D:\My Documents\Confirmation_Sheet.pif/wingmt32.exe -> Worm.Mytob : Error during cleaning

In case you need it here is the HJT log too.

Logfile of HijackThis v1.99.1
Scan saved at 1:54:38 PM, on 9/22/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\QCONSVC.EXE
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\System32\TPHDEXLG.EXE
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\acs.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\TpShocks.exe
C:\WINDOWS\System32\TpScrLk.exe
C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\Program Files\Lexmark 5200 series\lxbtbmgr.exe
C:\IBMTOOLS\UTILS\ibmprc.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Lexmark 5200 series\lxbtbmon.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\program files\chemistry 11l programs\quicktime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe
C:\Program Files\OpenAFS\Client\Program\afscreds.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HijackThis\HiJackThis(BrowserHijacking)\Hija ckThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/yco...search/ie.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com.../fix_homepage/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = local.,
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Internet Explorer Web Content Catcher - {FFF4E223-7019-4ce7-BE03-D7D3C8CCE884} - C:\Program Files\DNS\Catcher.dll (file missing)
O4 - HKLM\..\Run: [UC_Start] C:\Program Files\Updater\ucstartup.exe
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [TPKBDLED] C:\WINDOWS\System32\TpScrLk.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Lexmark 5200 series] "C:\Program Files\Lexmark 5200 series\lxbtbmgr.exe"
O4 - HKLM\..\Run: [IBMPRC] C:\IBMTOOLS\UTILS\ibmprc.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [LXBTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBTtim e.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [BMMGAG] RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPw rMonitor
O4 - HKLM\..\Run: [BMMLREF] C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE
O4 - HKLM\..\Run: [BMMMONWND] rundll32.exe C:\PROGRA~1\ThinkPad\UTILIT~1\BatInfEx.dll,BMMAuto nomicMonitor
O4 - HKLM\..\Run: [BLOG] rundll32.exe C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBa ttLog
O4 - HKLM\..\Run: [QCWLICON] C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [PRONoMgrWired] C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\program files\chemistry 11l programs\quicktime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe
O4 - Global Startup: AFS Credentials.lnk = C:\Program Files\OpenAFS\Client\Program\afscreds.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Software Installer - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Program Files\Lenovo\PkgMgr\\PkgMgr.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1126276944468
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: QConGina - C:\WINDOWS\SYSTEM32\QConGina.dll
O20 - Winlogon Notify: tphotkey - C:\WINDOWS\SYSTEM32\tphklock.dll
O23 - Service: ACU Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: IBM Rapid Restore Ultra Service - Unknown owner - C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InstallProcessing - Unknown owner - C:\WINDOWS\system32\InstallProcessing.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxbt_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxbtcoms.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: QCONSVC - IBM Corp. - C:\WINDOWS\System32\QCONSVC.EXE
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe (file missing)
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: IBM HDD APS Logging Service (TPHDEXLGSVC) - IBM Corporation - C:\WINDOWS\System32\TPHDEXLG.EXE
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: IBM AFS Client (TransarcAFSDaemon) - Unknown owner - C:\Program Files\OpenAFS\Client\Program\afsd_service.exe

Thanks
  #6  
Old 09-22-2005
ladygreenwitch's Avatar
Elite Member
  
Join Date: Jul 2005
Location: Bay Area California
Posts: 4,642
ladygreenwitch - See this Members User comments on their Profile page ladygreenwitch - See this Members User comments on their Profile page ladygreenwitch - See this Members User comments on their Profile page
Default Re: Library of Spyware and Adware on my PC
  • :-D Hey Tigereye,

    Boy, your title sure says it all!! I would recommend printing these instructions because you are going to be in Safe Mode for a good deal of them.

    You are going to need to do these in order.

    First I need you to download some programs. Hoster, Nailfix,Spybot: Search And Destroy, Ad-Aware SE, and RegSupremePro.

    Install but do not run RegSupremePro. Install and update Spybot and Adaware. Unzip Nailfix to your desktop but don't do anything with it yet. Leave Hoster until later.

    Disable system restore to prevent re-infection.
    (you can turn it back on when youre pc is clean).
    How to disable system restore: WinXP.

    Right-click My Computer, and then click Properties.
    On the System Restore tab, check Turn off System Restore or Turn off System Restore on all drives.

    Then run this online virus scanner Housecalls
    Let it fix everyting that it finds.

    Then boot into Safe Mode and stay there until the fixes are complete or you could reinfect your system.

    Once in Safe Mode run CCleaner, make sure that all options to scan are checked, including Advanced. Answer Yes to any warnings. Let it clean everything that it finds.

    Spybot: Search And Destroy:
  • Close ALL windows except Spybot SD.
  • Click the "Check for Problems" button.
  • Click 'Fix Selected Problems' and fix only the RED items.

    Ad-Aware SE by Lavasoft:
  • Close ALL windows except Ad-Aware SE.
  • Click on 'Start' and choose 'full scan' for a full scan.
  • Quarantine anything that it finds and SAVE the log file and exit out of Adaware.

    Run CCleaner again.



    Then click Start>Run and type in: services.msc
    Click OK
    In the Services window find each of the following and follow the next set of instructions for each:

    InstallProcessing
    System Startup Service

    Select, and right click the entry, choose: Properties
    On the General tab, under Service Status click the Stop button
    Beside: Startup Type, in the drop menu, select: Disabled
    Click Apply, then OK

    Open HJT and click config > misc tools > ?delete an NT service?
    Copy and past:


    InstallProcessing
    SvcProc

    Click OK.


    Now run the Nailfix.


    Then, still in safemode, fix these with HJT:


    C:\WINDOWS\System32\TPHDEXLG.EXE




    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com.../fix_homepage/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = local.,
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
    O2 - BHO: Internet Explorer Web Content Catcher ?- {FFF4E223-7019-4ce7-BE03-D7D3C8CCE884} - C:\Program Files\DNS\Catcher.dll (file missing)

    O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
    O4 - Global Startup: Digital Line Detect.lnk = ?



    O23 - Service: System Startup Service ?(SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe (file missing)

    O23 - Service: InstallProcessing - Unknown owner - C:\WINDOWS\system32\InstallProcessing.exe
    Then run Ccleaner AGAIN, and then Nailfix. After that manually delete the files in bold in the fix list above.

    Then run Hoster to restore your Hosts files as a precaution.

    Now run ewido and allow it to fix anything that it finds.
    Save the log and reboot into Normal Mode.

    Once in Normal Mode, run RegSupremePro. Select Registry Cleaner, it will want to make a back up of your registry, let it. It may take a bit. Once it is finished choose Aggressive in the dialog box and let it run. When it is finished, click on Select, and choose All. Then click on Fix.

    Finally, run HJT once more and Attache the new log.

    I know this is a lot. But you have a lot of stuff on there. We'll be looking for your reply,

    TTFN

    T

Reply
New! Norton Internet Security 2008 – Download Now Click Here
Page 1 of 11 1 2 3 4 5 > Last »

Bookmarks

« [FIXED] My HijackThis Log | [FIXED] Need Malware Help »
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are On

Contact Us - PC Help Forum - Site Map - Privacy Statement - Top

All times are GMT +1. The time now is 11:31 PM.
Powered by vBulletin
Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
SEO by vBSEO 3.2.0 RC7
All Graphics & Content Copyright © 2004-2008 - PC Help Forum.com


Back to Top