« previous next »
Pages: [1]

Author Topic: Spyware help plz...  (Read 3143 times)

Offline tcsoatas

  • Newbie
  • *
  • Posts: 2
  • Karma: +0/-0
    • View Profile
Spyware help plz...
« on: April 24, 2005, 08:08:55 AM »
i have a pop-up problem. i've tried spybot, adware, spyhunter. but its not helping. i also have this wupdt file in the C:/Windows/temp/THI2344.tmp. i have tried deleting this file in safe mode too, but it won't let me. plz help


Logfile of HijackThis v1.99.1
Scan saved at 9:05:23 AM, on 4/24/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\MATLAB701\webserver\bin\win32\matlabserver.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system\fkpnrdhvu.exe
C:\Program Files\Yahoo!\Messenger\ypager.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Adobe\Acrobat 6.0\Reader\AcroRd32.exe
C:\WINDOWS\system32\WISPTIS.EXE
C:\MATLAB701\bin\win32\MATLAB.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\HIjackTHis\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [LDM] \Program\
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O16 - DPF: FreedomAudio - http://www.freedomaudio.com/install/win/mv...ominstaller.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1106954587687
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {CE8267C2-D41A-4A50-A69D-F32B5C289F14} (FileOpenInstaller) - http://www.cramster.com/RightsServer/Client/FileOpen.CAB
O18 - Protocol: bw+0 - {6479A288-2A12-4632-9B98-441CC14063AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {6479A288-2A12-4632-9B98-441CC14063AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {6479A288-2A12-4632-9B98-441CC14063AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {6479A288-2A12-4632-9B98-441CC14063AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {6479A288-2A12-4632-9B98-441CC14063AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {6479A288-2A12-4632-9B98-441CC14063AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {6479A288-2A12-4632-9B98-441CC14063AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {6479A288-2A12-4632-9B98-441CC14063AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {6479A288-2A12-4632-9B98-441CC14063AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {6479A288-2A12-4632-9B98-441CC14063AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {6479A288-2A12-4632-9B98-441CC14063AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {6479A288-2A12-4632-9B98-441CC14063AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {6479A288-2A12-4632-9B98-441CC14063AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {6479A288-2A12-4632-9B98-441CC14063AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {6479A288-2A12-4632-9B98-441CC14063AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {6479A288-2A12-4632-9B98-441CC14063AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {6479A288-2A12-4632-9B98-441CC14063AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {6479A288-2A12-4632-9B98-441CC14063AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {6479A288-2A12-4632-9B98-441CC14063AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {6479A288-2A12-4632-9B98-441CC14063AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {6479A288-2A12-4632-9B98-441CC14063AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {6479A288-2A12-4632-9B98-441CC14063AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {6479A288-2A12-4632-9B98-441CC14063AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {6479A288-2A12-4632-9B98-441CC14063AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {6479A288-2A12-4632-9B98-441CC14063AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {6479A288-2A12-4632-9B98-441CC14063AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {6479A288-2A12-4632-9B98-441CC14063AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {6479A288-2A12-4632-9B98-441CC14063AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {6479A288-2A12-4632-9B98-441CC14063AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {6479A288-2A12-4632-9B98-441CC14063AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {6479A288-2A12-4632-9B98-441CC14063AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {6479A288-2A12-4632-9B98-441CC14063AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {6479A288-2A12-4632-9B98-441CC14063AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {6479A288-2A12-4632-9B98-441CC14063AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {6479A288-2A12-4632-9B98-441CC14063AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {6479A288-2A12-4632-9B98-441CC14063AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {6479A288-2A12-4632-9B98-441CC14063AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {6479A288-2A12-4632-9B98-441CC14063AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {6479A288-2A12-4632-9B98-441CC14063AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {6479A288-2A12-4632-9B98-441CC14063AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {6479A288-2A12-4632-9B98-441CC14063AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {6479A288-2A12-4632-9B98-441CC14063AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {6479A288-2A12-4632-9B98-441CC14063AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {6479A288-2A12-4632-9B98-441CC14063AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {6479A288-2A12-4632-9B98-441CC14063AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {6479A288-2A12-4632-9B98-441CC14063AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {6479A288-2A12-4632-9B98-441CC14063AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {6479A288-2A12-4632-9B98-441CC14063AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {6479A288-2A12-4632-9B98-441CC14063AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {6479A288-2A12-4632-9B98-441CC14063AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {6479A288-2A12-4632-9B98-441CC14063AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {6479A288-2A12-4632-9B98-441CC14063AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {6479A288-2A12-4632-9B98-441CC14063AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {6479A288-2A12-4632-9B98-441CC14063AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {6479A288-2A12-4632-9B98-441CC14063AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {6479A288-2A12-4632-9B98-441CC14063AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {6479A288-2A12-4632-9B98-441CC14063AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {6479A288-2A12-4632-9B98-441CC14063AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {6479A288-2A12-4632-9B98-441CC14063AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {6479A288-2A12-4632-9B98-441CC14063AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {6479A288-2A12-4632-9B98-441CC14063AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {6479A288-2A12-4632-9B98-441CC14063AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {6479A288-2A12-4632-9B98-441CC14063AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {6479A288-2A12-4632-9B98-441CC14063AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {6479A288-2A12-4632-9B98-441CC14063AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {6479A288-2A12-4632-9B98-441CC14063AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {6479A288-2A12-4632-9B98-441CC14063AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {6479A288-2A12-4632-9B98-441CC14063AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {6479A288-2A12-4632-9B98-441CC14063AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {6479A288-2A12-4632-9B98-441CC14063AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {6479A288-2A12-4632-9B98-441CC14063AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {6479A288-2A12-4632-9B98-441CC14063AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {6479A288-2A12-4632-9B98-441CC14063AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {6479A288-2A12-4632-9B98-441CC14063AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {6479A288-2A12-4632-9B98-441CC14063AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {6479A288-2A12-4632-9B98-441CC14063AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {6479A288-2A12-4632-9B98-441CC14063AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: MATLAB Server (matlabserver) - Unknown owner - C:\MATLAB701\webserver\bin\win32\matlabserver.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: WinTools for IE service (WinToolsSvc) - Unknown owner - C:\Program Files\Common Files\WinTools\WToolsS.exe (file missing)
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
Spyware help plz...
« Reply #1 on: April 24, 2005, 11:27:32 AM »
==Download and Install this small program
to help clean your temp folders,cookies, recylebin, etc..
Windows Cleanup
Install for now, don't run a scan yet

Access your Add/Remove programs and remove if found
WinTools for IE service

Please Print this out or save these instructions to a Notepad file and save it to your Desktop
Restart Back into SAFE MODE

Go to START>>>RUN>>>type in services.msc
Hit OK
In the next window, look on the right hand side for this service
name---- WinTools for IE service

Double click on it--- STOP the service--If running
In the drop down menu, change the startup type to Disabled

Delete this file
C:\WINDOWS\system\fkpnrdhvu.exe <-file

and this folder
C:\ProgramFiles\Common Files\WinTools <-folder

Open Hijackthis>>Open Misc Tools Sections>>Open "Delete an NT Service"
In the new box that opens, copy and paste or type the bold line below into the blank field and hit OK

WinToolsSvc

Stay in safe mode

Open Windows CleanUp!>>START>>All programs>>Cleanup!
Click on the CleanUp button, let it finish scanning for files, when it's done

Restart back to Normal mode

Post back a fresh Hijackthis log afterwards
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Guest

  • Guest
Spyware help plz...
« Reply #2 on: April 25, 2005, 07:10:46 AM »
Thanks alot for your help. I still have the wupdt.exe file in my C:\WINDOWS\Temp\THI2344.tmp which i can't delete. AND i also have a file named 1536 in C:\WINDOWS\Temp\hsperfdata_SYSTEM which i can't delete either.

Here's my updated hijackthis log.


Logfile of HijackThis v1.99.1
Scan saved at 8:07:17 AM, on 4/25/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\MATLAB701\webserver\bin\win32\matlabserver.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Yahoo!\Messenger\ypager.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Adobe\Acrobat 6.0\Reader\AcroRd32.exe
C:\WINDOWS\system32\WISPTIS.EXE
C:\HIjackTHis\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [LDM] \Program\
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O16 - DPF: FreedomAudio - http://www.freedomaudio.com/install/win/mv...ominstaller.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1106954587687
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {CE8267C2-D41A-4A50-A69D-F32B5C289F14} (FileOpenInstaller) - http://www.cramster.com/RightsServer/Client/FileOpen.CAB
O18 - Protocol: bw+0 - {6479A288-2A12-4632-9B98-441CC14063AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {6479A288-2A12-4632-9B98-441CC14063AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {6479A288-2A12-4632-9B98-441CC14063AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {6479A288-2A12-4632-9B98-441CC14063AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {6479A288-2A12-4632-9B98-441CC14063AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {6479A288-2A12-4632-9B98-441CC14063AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {6479A288-2A12-4632-9B98-441CC14063AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {6479A288-2A12-4632-9B98-441CC14063AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {6479A288-2A12-4632-9B98-441CC14063AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {6479A288-2A12-4632-9B98-441CC14063AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {6479A288-2A12-4632-9B98-441CC14063AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {6479A288-2A12-4632-9B98-441CC14063AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {6479A288-2A12-4632-9B98-441CC14063AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {6479A288-2A12-4632-9B98-441CC14063AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {6479A288-2A12-4632-9B98-441CC14063AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {6479A288-2A12-4632-9B98-441CC14063AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {6479A288-2A12-4632-9B98-441CC14063AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {6479A288-2A12-4632-9B98-441CC14063AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {6479A288-2A12-4632-9B98-441CC14063AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {6479A288-2A12-4632-9B98-441CC14063AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {6479A288-2A12-4632-9B98-441CC14063AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {6479A288-2A12-4632-9B98-441CC14063AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {6479A288-2A12-4632-9B98-441CC14063AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {6479A288-2A12-4632-9B98-441CC14063AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {6479A288-2A12-4632-9B98-441CC14063AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {6479A288-2A12-4632-9B98-441CC14063AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {6479A288-2A12-4632-9B98-441CC14063AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {6479A288-2A12-4632-9B98-441CC14063AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {6479A288-2A12-4632-9B98-441CC14063AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {6479A288-2A12-4632-9B98-441CC14063AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {6479A288-2A12-4632-9B98-441CC14063AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {6479A288-2A12-4632-9B98-441CC14063AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {6479A288-2A12-4632-9B98-441CC14063AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {6479A288-2A12-4632-9B98-441CC14063AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {6479A288-2A12-4632-9B98-441CC14063AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {6479A288-2A12-4632-9B98-441CC14063AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {6479A288-2A12-4632-9B98-441CC14063AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {6479A288-2A12-4632-9B98-441CC14063AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {6479A288-2A12-4632-9B98-441CC14063AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {6479A288-2A12-4632-9B98-441CC14063AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {6479A288-2A12-4632-9B98-441CC14063AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {6479A288-2A12-4632-9B98-441CC14063AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {6479A288-2A12-4632-9B98-441CC14063AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {6479A288-2A12-4632-9B98-441CC14063AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {6479A288-2A12-4632-9B98-441CC14063AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {6479A288-2A12-4632-9B98-441CC14063AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {6479A288-2A12-4632-9B98-441CC14063AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {6479A288-2A12-4632-9B98-441CC14063AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {6479A288-2A12-4632-9B98-441CC14063AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {6479A288-2A12-4632-9B98-441CC14063AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {6479A288-2A12-4632-9B98-441CC14063AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {6479A288-2A12-4632-9B98-441CC14063AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {6479A288-2A12-4632-9B98-441CC14063AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {6479A288-2A12-4632-9B98-441CC14063AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {6479A288-2A12-4632-9B98-441CC14063AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {6479A288-2A12-4632-9B98-441CC14063AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {6479A288-2A12-4632-9B98-441CC14063AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {6479A288-2A12-4632-9B98-441CC14063AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {6479A288-2A12-4632-9B98-441CC14063AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {6479A288-2A12-4632-9B98-441CC14063AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {6479A288-2A12-4632-9B98-441CC14063AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {6479A288-2A12-4632-9B98-441CC14063AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {6479A288-2A12-4632-9B98-441CC14063AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {6479A288-2A12-4632-9B98-441CC14063AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {6479A288-2A12-4632-9B98-441CC14063AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {6479A288-2A12-4632-9B98-441CC14063AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {6479A288-2A12-4632-9B98-441CC14063AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {6479A288-2A12-4632-9B98-441CC14063AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {6479A288-2A12-4632-9B98-441CC14063AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {6479A288-2A12-4632-9B98-441CC14063AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {6479A288-2A12-4632-9B98-441CC14063AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {6479A288-2A12-4632-9B98-441CC14063AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {6479A288-2A12-4632-9B98-441CC14063AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {6479A288-2A12-4632-9B98-441CC14063AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {6479A288-2A12-4632-9B98-441CC14063AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {6479A288-2A12-4632-9B98-441CC14063AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {6479A288-2A12-4632-9B98-441CC14063AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: MATLAB Server (matlabserver) - Unknown owner - C:\MATLAB701\webserver\bin\win32\matlabserver.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
Spyware help plz...
« Reply #3 on: April 25, 2005, 10:31:17 AM »
Did you run Windows CleanUp! in safe mode?

Look for the presence of these files on your computer
Do a search for them
Winserv.exe and Wupdt.exe
Excluding the temp folder

Do you have other users on this computer, if so post a hijackthis log from another user
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Guest

  • Guest
Spyware help plz...
« Reply #4 on: April 25, 2005, 02:12:40 PM »
[quote name=\'guestolo\' date=\'Apr 25 2005, 09:31 AM\']Did you run Windows CleanUp! in safe mode?

Look for the presence of these files on your computer
Do a search for them
Winserv.exe and Wupdt.exe
Excluding the temp folder

Do you have other users on this computer, if so post a hijackthis log from another user
[post=\"36994\"]<{POST_SNAPBACK}>[/post]
[/quote]

yup, i ran it in safe mode.

i don't have winserve.exe on my system. and the wupdt.exe is only in the temp folder.

i am the only user on my system, but there is a guest account made. its never in use though.
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
Spyware help plz...
« Reply #5 on: April 25, 2005, 02:30:26 PM »
Can you use the delete file on reboot option

Open Hijackthis>>Open Misc tools section>>Open "Delet File on Reboot"

Copy and paste the below in bold to the file name field and then click OPEN
C:\WINDOWS\Temp\THI2344.tmp

Restart the computer afterwards

Does that help?

If not, I would venture that there may be other files hiding on the computer

You could try the following
Download this virus checker from eScan
Mwav.exe
There's nothing to install, save it and then double click to run
It will self extract
Temporarily disable Norton's Autoprotect
In Mwav
Select all local drives, scan all files, press 'SCAN' and when it is completed, anything found will be displayed in the lower pane.
Give this scan time to finish, it's very thorough
In the Virus Log Information Pane
Left click and Highlight all the info in the Lower pane---  Use "CTRL and the  C" keys  on your Keyboard to copy all found in the lower pane  and paste it back here in your reply

****If prompted that a Virus was found and you need to purchase the product  to remove the malware, just close out the prompt and let it continue scanning
We just want to see where the bad guys are
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Guest

  • Guest
Spyware help plz...
« Reply #6 on: April 25, 2005, 09:12:39 PM »
here's the scan log:-



File System Found infected by "eZula Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "eZula Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "Alexa Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "ElitebarBHO Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "BetterInternet Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "BetterInternet Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "BetterInternet Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "ameopt Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "avenue media Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "lq Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "Narrator Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "dealhelper Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "dlmax Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "ezula Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "AdDestroyer Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "AdDestroyer Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "AdDestroyer Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "AdDestroyer Spyware/Adware" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\dlmax.dll infected by "not-a-virus:AdWare.DlMax.a" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\1802.dll infected by "Trojan-Downloader.Win32.Miewer.a" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\20007.exe infected by "not-a-virus:AdWare.WildTangent.DownloadWare" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\cxtpls_loader.exe infected by "Trojan-Downloader.Win32.Apropo.ab" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\delfin.dll infected by "Trojan-Downloader.Win32.Miewer.a" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\dist001.exe infected by "Trojan-Downloader.Win32.VB.eu" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\dun.exe infected by "not-a-virus:AdWare.DealHelper.x" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\elitevos32.exe infected by "Trojan.Win32.StartPage.nk" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\elitevpz32.exe infected by "Trojan.Win32.StartPage.nk" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\eX32eOsv.exe infected by "not-a-virus:AdWare.WinFetcher.g" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\exp.exe infected by "Trojan-Downloader.Win32.Small.abd" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\goldnew2b.dll infected by "Trojan-Dropper.Win32.Miewer.f" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\HookPopup.dll infected by "not-a-virus:AdWare.DealHelper.ab" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\installer_MARKETING18.exe infected by "Trojan-Dropper.Win32.Agent.hl" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\jldmfwb.exe infected by "Trojan.Win32.Agent.ay" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\lfgayx.exe infected by "Trojan-Downloader.Win32.Apropo.t" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\lmhctr.exe infected by "Trojan-Downloader.Win32.Apropo.t" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\main.exe infected by "Trojan-Downloader.Win32.Agent.hw" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\midad.dll infected by "Trojan-Downloader.Win32.Miewer.a" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\mqexdlm.srg infected by "not-a-virus:AdWare.BargianBuddy.n" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\nmp.dll infected by "Trojan-Dropper.Win32.Miewer.f" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\nsd8E.dll infected by "not-a-virus:AdWare.ToolBar.HotSearchBar.e" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\nsx191.dll infected by "not-a-virus:AdWare.Beginto.c" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\pacis.exe infected by "not-a-virus:AdWare.Pacer.a" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\Pop2.exe infected by "Trojan-Dropper.Win32.Agent.hl" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\pop317.dll infected by "Trojan-Dropper.Win32.Miewer.f" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\pop5.dll infected by "Trojan-Downloader.Win32.Miewer.a" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\PopOops.dll infected by "not-a-virus:AdWare.VirtualBouncer.g" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\PopOops2.dll infected by "not-a-virus:AdWare.VirtualBouncer.g" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\sskden2.dll infected by "Trojan-Dropper.Win32.Miewer.f" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\SWLAD1.dll infected by "not-a-virus:AdWare.VirtualBouncer.g" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\SWLAD2.dll infected by "not-a-virus:AdWare.VirtualBouncer.g" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\temperror32.dat infected by "Trojan.Win32.StartPage.nk" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\tool5-fran-two.exe infected by "not-a-virus:AdWare.ToolBar.HotSearchBar.e" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\tvnew.dll infected by "Trojan-Downloader.Win32.Miewer.a" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\wintask.exe infected by "Trojan-Downloader.Win32.Small.abd" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\wrapperouter.exe infected by "Trojan-Dropper.Win32.Agent.hl" Virus. Action Taken: No Action Taken.
File C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\Content.IE5\WT8TYZSD\stats25[1].htm infected by "Exploit.HTML.Mht" Virus. Action Taken: No Action Taken.
File C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\WT8TYZSD\stats25[1].htm infected by "Exploit.HTML.Mht" Virus. Action Taken: No Action Taken.
File C:\Program Files\Common Files\Java\bpt.cfg infected by "not-a-virus:AdWare.Broadcap.a" Virus. Action Taken: No Action Taken.
File C:\Program Files\Common Files\Java\bptre.exe infected by "not-a-virus:AdWare.Broadcap.a" Virus. Action Taken: No Action Taken.
File C:\Program Files\Common Files\Java\xclean.exe infected by "not-a-virus:AdWare.Broadcap.b" Virus. Action Taken: No Action Taken.
File C:\Program Files\Common Files\Java\Xcpy1.cfg infected by "not-a-virus:AdWare.FlashTrack.b" Virus. Action Taken: No Action Taken.
File C:\Program Files\Common Files\Java\Xcpy1.exe infected by "not-a-virus:AdWare.Broadcap.b" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\dlmax.dll infected by "not-a-virus:AdWare.DlMax.a" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\Downloaded Program Files\actsetup.dll infected by "Trojan-Dropper.Win32.BHO.a" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\Downloaded Program Files\installer_MEDIAWHIZ3.exe infected by "Trojan-Downloader.Win32.Adload.a" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\1802.dll infected by "Trojan-Downloader.Win32.Miewer.a" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\20007.exe infected by "not-a-virus:AdWare.WildTangent.DownloadWare" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\ajnlkodj\djwmb.exe infected by "Trojan-Downloader.Win32.Agent.lg" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\cxtpls_loader.exe infected by "Trojan-Downloader.Win32.Apropo.ab" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\delfin.dll infected by "Trojan-Downloader.Win32.Miewer.a" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\dist001.exe infected by "Trojan-Downloader.Win32.VB.eu" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\dun.exe infected by "not-a-virus:AdWare.DealHelper.x" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\elitevos32.exe infected by "Trojan.Win32.StartPage.nk" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\elitevpz32.exe infected by "Trojan.Win32.StartPage.nk" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\eX32eOsv.exe infected by "not-a-virus:AdWare.WinFetcher.g" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\exp.exe infected by "Trojan-Downloader.Win32.Small.abd" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\gfyfqv\eaeffi.exe infected by "Trojan-Downloader.Win32.Agent.lg" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\goldnew2b.dll infected by "Trojan-Dropper.Win32.Miewer.f" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\HookPopup.dll infected by "not-a-virus:AdWare.DealHelper.ab" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\installer_MARKETING18.exe infected by "Trojan-Dropper.Win32.Agent.hl" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\jldmfwb.exe infected by "Trojan.Win32.Agent.ay" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\lfgayx.exe infected by "Trojan-Downloader.Win32.Apropo.t" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\lmhctr.exe infected by "Trojan-Downloader.Win32.Apropo.t" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\main.exe infected by "Trojan-Downloader.Win32.Agent.hw" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\mhkfroy\vgdxohyl.exe infected by "Trojan-Downloader.Win32.Agent.lg" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\midad.dll infected by "Trojan-Downloader.Win32.Miewer.a" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\mqexdlm.srg infected by "not-a-virus:AdWare.BargianBuddy.n" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\nmp.dll infected by "Trojan-Dropper.Win32.Miewer.f" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\nsd8E.dll infected by "not-a-virus:AdWare.ToolBar.HotSearchBar.e" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\nsx191.dll infected by "not-a-virus:AdWare.Beginto.c" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\pacis.exe infected by "not-a-virus:AdWare.Pacer.a" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\Pop2.exe infected by "Trojan-Dropper.Win32.Agent.hl" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\pop317.dll infected by "Trojan-Dropper.Win32.Miewer.f" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\pop5.dll infected by "Trojan-Downloader.Win32.Miewer.a" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\PopOops.dll infected by "not-a-virus:AdWare.VirtualBouncer.g" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\PopOops2.dll infected by "not-a-virus:AdWare.VirtualBouncer.g" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\sskden2.dll infected by "Trojan-Dropper.Win32.Miewer.f" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\SWLAD1.dll infected by "not-a-virus:AdWare.VirtualBouncer.g" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\SWLAD2.dll infected by "not-a-virus:AdWare.VirtualBouncer.g" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\temperror32.dat infected by "Trojan.Win32.StartPage.nk" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\tool5-fran-two.exe infected by "not-a-virus:AdWare.ToolBar.HotSearchBar.e" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\tvnew.dll infected by "Trojan-Downloader.Win32.Miewer.a" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\vmss\vmss.exe infected by "not-a-virus:AdWare.DelphinMediaViewer.c" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\wintask.exe infected by "Trojan-Downloader.Win32.Small.abd" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\wrapperouter.exe infected by "Trojan-Dropper.Win32.Agent.hl" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\wsxsvc\wsx.dll infected by "not-a-virus:AdWare.DelphinMediaViewer.c" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\wsxsvc\wsx.ocx infected by "not-a-virus:AdWare.DelphinMediaViewer.c" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\wsxsvc\wsxsvc.exe infected by "not-a-virus:AdWare.DelphinMediaViewer.c" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\Temp\THI2344.tmp\wupdt.exe infected by "Trojan-Downloader.Win32.Intexp.c" Virus. Action Taken: No Action Taken.
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
Spyware help plz...
« Reply #7 on: April 25, 2005, 09:52:29 PM »
Some work to do

==Download the Pocket Killbox
UNZIP it to a folder of your choice

Could you copy and paste the rest of these instructions too a Notepad file and save it too desktop
Follow the instructions closely
Disconnect from the Internet>>Close out all browser windows, including this one

Run Pocket KillBox>>Now killbox and this notepad file is open
Click on Tools>>Delete Temp files

In the Full Path of File to Delete box, copy and paste the entire line directly below in bold, do not type this in

C:\WINDOWS\dlmax.dll

Click the Delete file button
The Red circle and a white X
Do the same for the rest of the full paths to the file names below
Keep track of any files that won't delete, we'll need those in a bit

C:\WINDOWS\system32\1802.dll
C:\WINDOWS\system32\20007.exe
C:\WINDOWS\system32\cxtpls_loader.exe
C:\WINDOWS\system32\delfin.dll
C:\WINDOWS\system32\dist001.exe

C:\WINDOWS\system32\dun.exe
C:\WINDOWS\system32\elitevos32.exe
C:\WINDOWS\system32\elitevpz32.exe
C:\WINDOWS\system32\eX32eOsv.exe
C:\WINDOWS\system32\exp.exe

C:\WINDOWS\system32\goldnew2b.dll
C:\WINDOWS\system32\HookPopup.dll
C:\WINDOWS\system32\installer_MARKETING18.exe
C:\WINDOWS\system32\jldmfwb.exe
C:\WINDOWS\system32\lfgayx.exe
C:\WINDOWS\system32\lmhctr.exe

C:\WINDOWS\system32\main.exe
C:\WINDOWS\system32\midad.dll
C:\WINDOWS\system32\mqexdlm.srg
C:\WINDOWS\system32\nmp.dll
C:\WINDOWS\system32\nsd8E.dll
C:\WINDOWS\system32\nsx191.dll

C:\WINDOWS\system32\pacis.exe
C:\WINDOWS\system32\Pop2.exe
C:\WINDOWS\system32\pop317.dll
C:\WINDOWS\system32\pop5.dll
C:\WINDOWS\system32\PopOops.dll
C:\WINDOWS\system32\PopOops2.dll

C:\WINDOWS\system32\sskden2.dll
C:\WINDOWS\system32\SWLAD1.dll
C:\WINDOWS\system32\SWLAD2.dll
C:\WINDOWS\system32\temperror32.dat
C:\WINDOWS\system32\tool5-fran-two.exe
C:\WINDOWS\system32\tvnew.dll
C:\WINDOWS\system32\wintask.exe

C:\WINDOWS\system32\wrapperouter.exe
C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\Content.IE5\WT8TYZSD\stats25[1].htm
C:\Program Files\Common Files\Java\bpt.cfg
C:\Program Files\Common Files\Java\bptre.exe
C:\Program Files\Common Files\Java\xclean.exe
C:\Program Files\Common Files\Java\Xcpy1.cfg
C:\Program Files\Common Files\Java\Xcpy1.exe

C:\WINDOWS\Downloaded Program Files\actsetup.dll
C:\WINDOWS\Downloaded Program Files\installer_MEDIAWHIZ3.exe
C:\WINDOWS\system32\vmss\vmss.exe
C:\WINDOWS\system32\wsxsvc\wsx.dll
C:\WINDOWS\system32\wsxsvc\wsx.ocx
C:\WINDOWS\system32\wsxsvc\wsxsvc.exe
C:\WINDOWS\Temp\THI2344.tmp\wupdt.exe

For any file that would delete
Again enter it into Killbox, but this time
Select the radio button to
 Delete on Reboot
Click The Red circle and a white X
When prompted to Delete on Reboot, click YES
If prompted to Reboot Now, Click NO
Until you have entered all of them into Killbox
At which time allow Killbox to Reboot the computer
Or restart anyways>>Don't worry about any error messages

Back in Windows

Go ahead and delete these folders
C:\WINDOWS\system32\vmss <-folder
C:\WINDOWS\system32\wsxsvc <-folder

You had a large number of files to deal with
I would again run mwav scan and post the log
You may even want to delete your version and redownload it from the link I supplied earlier,  as it may of updated by the time you rescan
« Last Edit: April 25, 2005, 09:57:35 PM by guestolo »
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline tcsoatas

  • Newbie
  • *
  • Posts: 2
  • Karma: +0/-0
    • View Profile
Spyware help plz...
« Reply #8 on: April 26, 2005, 12:00:06 AM »
i downloaded it again, and scanned it. still have the wupdt.exe. and all these...


[edit]: sorry..forgot to delete the !SUBMIT folder. here's the updated log.



File System Found infected by "eZula Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "eZula Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "Alexa Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "ElitebarBHO Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "BetterInternet Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "BetterInternet Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "BetterInternet Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "ameopt Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "avenue media Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "lq Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "Narrator Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "dealhelper Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "dlmax Spyware/Adware" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\ajnlkodj\djwmb.exe infected by "Trojan-Downloader.Win32.Agent.lg" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\gfyfqv\eaeffi.exe infected by "Trojan-Downloader.Win32.Agent.lg" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\mhkfroy\vgdxohyl.exe infected by "Trojan-Downloader.Win32.Agent.lg" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\Temp\THI2344.tmp\wupdt.exe infected by "Trojan-Downloader.Win32.Intexp.c" Virus. Action Taken: No Action Taken.
« Last Edit: April 26, 2005, 12:56:56 AM by tcsoatas »
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
Spyware help plz...
« Reply #9 on: April 26, 2005, 12:46:55 AM »
Don't worry about the files in the !Submit folder for now, they are put there by Killbox
There safe there

Can you reboot into Safe mode

Delete these folders
C:\WINDOWS\system32\ajnlkodj <-folder
C:\WINDOWS\system32\gfyfqv <-folder
C:\WINDOWS\system32\mhkfroy <-folder


are you able to right click on wupdt.exe and rename it
something like wupdt.old
Then delete everything in the Temp folder, all files and subfolders

Use Windows Cleanup! again in safe mode

Restart back to Normal mode

Download and save to Desktop
FindQoologic2.zip, Unzip the contents within to desktop
Open the folder and double click on FindQoologic2.bat
Wait for this too finish, a log will be produced
Post that log back here
[attachment=171:attachment]

Also,Download SilentRunners from here:
If using the Mozilla browser, right click on that link and SAVE LINK AS
http://www.silentrunners.org/Silent%20Runners.vbs
Save it to the desktop and double-click to run it. If prompted by your Anti-Virus, allow this to run, we are just collecting information
When the scan is finished, it will create a logfile on the desktop. Please post the entire contents of this logfile back here
You will be prompted when the complete scan is done, give it time, it won't take too long

EDIT>>By the way, well your in safe mode, this link should help guide you on how to Take ownership of a file or folder in XP
http://support.microsoft.com/default.aspx?...;308421&sd=tech
« Last Edit: April 26, 2005, 12:51:43 AM by guestolo »
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Guest_Tom_*

  • Guest
Spyware help plz...
« Reply #10 on: May 07, 2005, 05:18:15 AM »
You might want to consider doing a Clean Install.  Format your hard drive and reload Windows and all other software.

www.consumermethods.info
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
Spyware help plz...
« Reply #11 on: May 10, 2005, 12:07:49 AM »
Closing this topic as the original poster has not responded
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Pages: [1]
« previous next »