Jump to content


Tons of spyware/adware

  • This topic is locked This topic is locked
4 replies to this topic

#1 TheChosenOne1123



  • Full Member
  • Pip
  • 41 posts

Posted 25 May 2004 - 10:29 PM

ogfile of HijackThis v1.97.7
Scan saved at 8:15:02 PM, on 5/25/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\Program Files\TOSHIBA\TME3\Tmesbs32.exe
C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe
C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe
C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Winamp3\winampa.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\AIM95\aim.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Yen\Local Settings\Temp\Temporary Directory 2 for hijackthis[1].zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshiba.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://www.toshiba.com/
R3 - URLSearchHook: (no name) - _{8952A998-1E7E-4716-B23D-3DBE03910972} - (no file)
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe
O2 - BHO: (no name) - {000020DD-C72E-4113-AF77-DD56626C6C42} - C:\WINDOWS\twaintec.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [TosHKCW.exe] "C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe"
O4 - HKLM\..\Run: [Tpwrtray] TPWRTRAY.EXE
O4 - HKLM\..\Run: [TMESRV.EXE] C:\Program Files\TOSHIBA\TME3\TMESRV31.EXE /Logon
O4 - HKLM\..\Run: [TMERzCtl.EXE] C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE /Service
O4 - HKLM\..\Run: [TMESBS.EXE] C:\Program Files\TOSHIBA\TME3\TMESBS32.EXE /Client
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [SxgTkBar] SxgTkBar.exe
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [SpyHunter] C:\Program Files\SpyHunter\SpyHunter.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp3\winampa.exe"
O4 - HKLM\..\Run: [LSPFix] C:\Program Files\Common Files\eAcceleration\LSPfix\LSPmonitor.exe normal
O4 - HKLM\..\Run: [SysUpd] C:\WINDOWS\sysupd.exe
O4 - HKLM\..\Run: [cqifH] C:\docume~1\yen\locals~1\temp\cqifH.exe
O4 - HKLM\..\Run: [RwLS] C:\docume~1\yen\locals~1\temp\RwLS.exe
O4 - HKLM\..\Run: [2ZQLKP#2WLSCTL] C:\WINDOWS\System32\MvuC1.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [qbdcopjbtd] C:\WINDOWS\System32\pexvwsi.exe
O4 - HKCU\..\Run: [WNSC] C:\WINDOWS\System32\wnsintsv.exe
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Real.com (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com...ex/qtplugin.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macr...ector/swdir.cab
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540002} (CInstall Class) - http://www.wildtange...ave/Install.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) -
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupd...7646.6992824074
O16 - DPF: {9FC87BC7-7963-4B70-8485-B1A41034C9A1} (CSonyPicturesGameDownloaderCtl Object) - http://www.shockwave...eDownloader.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab
O16 - DPF: {D670D0B3-05AB-4115-9F87-D983EF1AC747} (AOL Downloader Plugin) - http://pak02.picture...ad.
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalci...illama/ampx.cab

THis is for my sister's computer. First of all, i'll tell you the full story.

About 4 weeks ago there was suddenly an outburst of spyware on her computer, she dunno why, and i simply used ad-aware to delete them well most of em but some of em was still there, she said it was ok. about 2 weeks later, wala! another outburst of spyware, then i used ad-aware but it couldn't delete ALL of it, so i downloaded spybot and SpywareBlaster and HijackThis and used spybot to get rid of a lot (most of it), but my sister still complains of getting ads. (btw, every 2 weeks her computer is hijacked by spyware of some kind) and it instals unwanted programs on her computer, too. So i thouht Spybot could get rid of them , but it couldn't get rid of all. no matter what i try, 2 is always there, which are DSO exploit and TSCASH (which i checked info, is 0190 dialor, which i'm really scared of, i mean my parents might get extremely mad at the next phone bill) and sometimes this thing called VX2 may come back. ad-aware 6 detects VX2 as VX2.BetterInternet. with some tracking cookies. Spybot just says VX2 something. well , (i think TSplus and betterinternet thingy may have some relation). so i got fed up and decided to try HijackThis, since there were still annoying pop ups on my sis computer and i knew if i still didn't get rid of them, it would eventually install even more spyware and adware on her labtop. when i first used HijackThis, i saw some programs which said : Host (IP adress here) and a lot of weird sites, like www. worldsex. com and www. gator. com , etc. i didnt know how they got there, since my sister only goes to music sites like mtv.com. i decided to delete some of them right away, not knowing what they were, but ALL of them looked suspicious, i deleted the ones that siad sex and one that said mptraffic, and i scanned a new log and the others were gone (even gator and the ones i didnt delete, lol, they might still be hiding with somethign that says Host: (IP address of Labtop) but Spybot still detects VX2 and DXO Exploit and TSCash. Well hopefully my HijackLog will explain and try to delete all of them, because When i went to the Run file that Spybot said TScash was, i tried to delete it but spybot said it couldn't be deleted cuz it's in use. btw it also said another thing below TScash was a file called 0910 dialor, which is the component dealing with TSCash spyware. I need to get rid of all these ads by deleting All the spyware and adware left, which ad-aware and spybot simply cannot delete now. oh btw i accidently opened the file that spybot said Tscash was in, which was C:\Windows\Sysupd, i dunno if it can damage my computer by opening it lol.
Hopefully someone can help me, my sister can't take it much longer, me and my family are anxious, because i'm worried about it. An overview again, and please help as soon as possible, i cant take it much longer

Ad-Aware detects : VX2.betterinternet. and its components (around 20 in total)
Spybot Detects: TSCash, 5 DXExploit files, and sometimes something called VX2 (doesn't always detect Vx2, it might be hidden) btw, can anyone tell me , if they have any knowledge of where VX2 . betterineternet comes out of? i think it might be the one giving my sis labtop an outbreak of spyware and hijacked homepages every few weeks. well hopefull someone can help. and when i delete all of them (even tho i dunno what happened to the HijackTHis thing that said Host: IP: GATOR and Host:IP:www.gator.com and even more, i simply deleted the porn ones and the others went away lol) i might also have a virus or trojan or worm or joke program making the spyware but my sis does not want to scan using Norton 2004 PRofessional. lol . i hope Spywareblaster can prevent anymore spyware from coming in. Thx in advance anyone, and god bless ! *btw, did i tell you that the 5 DXO exploit is also in my computer? o_O and someone tell me if it is dangerous, also lol*

#2 TheChosenOne1123



  • Full Member
  • Pip
  • 41 posts

Posted 25 May 2004 - 10:37 PM

Oh, and Ad-aware also detects something called "StopPop" and desciption is it Is a Fake pop up blocker and actaully GIVES pop ups. btw, it just took 10 minutes to type this message with all the pop ups lol. and some of the adware it detects have weird and long numbers lol

#3 TheChosenOne1123



  • Full Member
  • Pip
  • 41 posts

Posted 26 May 2004 - 09:25 AM


#4 TheChosenOne1123



  • Full Member
  • Pip
  • 41 posts

Posted 26 May 2004 - 04:11 PM

btw, i checked thru the rest of the forums, and some topics dealing with the same thing said that KillBox (from Broadband medic ) can help track down and delete VX2.BetterInternet.?

#5 cnm


    Mother Lion of SWI

  • Administrators
  • PipPipPipPipPip
  • 25,317 posts

Posted 29 May 2004 - 09:59 AM

Closed. Being helped here: http://www.spywarein...indpost&p=12593
Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of

Support SpywareInfo Forum - click the button
PayPal - The safer, easier way to pay online!