Jump to content


Photo

Spyware!!!! AAAH!


  • Please log in to reply
9 replies to this topic

#1 CelestialHippo

CelestialHippo

    Member

  • Full Member
  • Pip
  • 9 posts

Posted 30 May 2004 - 06:07 AM

I think I have spyware from 'mysearchnow.com'. Wheneva i go on my homepage i have to be redirected thru them first and then an annoyin toolbar called 'pollaxis' pops up and another one without a name appears along the bottom of the screen. I also have a load of weird favourites.

How can I remove this? For now i've blocked cookies from this website so everything seems more normal but I want the whole thing out of my system!

Here are my current running system processes:

dslagent.exe
MsgPlus.exe
mad.exe
gsicon.exe
MOTIVE~1.EXE
msnmsgr.exe
taskmgr.exe
FINDFAST.EXE
explorer.exe
svchost.exe
winampa.exe
nvsvc32.exe
avgserv.exe
spoolsv.exe
mpbtn.exe
svchost.exe
IEXPLORE.EXE
svchost.exe
QuickDCF.exe
rundll32.exe
svchost.exe
svchost.exe
iTouch.exe
ctfmon.exe
Isass.exe
services.exe
winlogon.exe
csrss.exe
smss.exe
OSA.EXE
avgcc32.exe
opware32.exe
System
System Idle Process

If you need to know anything else, just ask.

Thanks in advance. :D

Edited by CelestialHippo, 01 June 2004 - 05:48 AM.


#2 CelestialHippo

CelestialHippo

    Member

  • Full Member
  • Pip
  • 9 posts

Posted 30 May 2004 - 07:27 AM

bump :huh:

#3 dave38

dave38

    Devout Murphyite!

  • Emeritus
  • PipPipPipPipPip
  • 8,508 posts

Posted 30 May 2004 - 11:21 AM

We need a closer look at what's happening.
Please download Hijack this
Copy it into its own folder, doubleclick HijackThis.exe, and hit "Scan".

When the scan is finished, the "Scan" button will change into a "Save Log" button.
Press that, save the log, do Ctrl-A to Select All, and copy its contents here. Most of what it lists will be harmless or even essential, don't fix anything yet.

Please ensure that the entire log is posted.

Also please keep to this thread. you other posting has been closed.
Be wary of strong drink. It may make you shoot at tax collectors, and miss!
Please support SWI forum

#4 CelestialHippo

CelestialHippo

    Member

  • Full Member
  • Pip
  • 9 posts

Posted 30 May 2004 - 01:09 PM

Thnx, here u go:

Logfile of HijackThis v1.97.7
Scan saved at 19:09:01, on 30/05/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\spoolsv.exe
E:\PROGRA~1\Grisoft\AVG6\avgserv.exe
E:\WINDOWS\System32\nvsvc32.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\Explorer.EXE
E:\Program Files\Logitech\iTouch\iTouch.exe
E:\Program Files\ScanSoft\OmniPageSE\opware32.exe
E:\WINDOWS\System32\gsicon.exe
E:\WINDOWS\System32\dslagent.exe
E:\Program Files\Winamp\winampa.exe
E:\WINDOWS\System32\RUNDLL32.EXE
E:\PROGRA~1\Grisoft\AVG6\avgcc32.exe
E:\Program Files\Messenger Plus! 3\MsgPlus.exe
E:\WINDOWS\System32\ctfmon.exe
E:\Program Files\Exif Launcher\QuickDCF.exe
E:\Program Files\BT Broadband\Help\bin\mad.exe
E:\Program Files\Microsoft Office\Office\FINDFAST.EXE
E:\Program Files\Microsoft Office\Office\OSA.EXE
E:\Program Files\BT Broadband\Help\bin\mpbtn.exe
E:\PROGRA~1\Motive\ASSTCO~1\MOTIVE~1.EXE
E:\Program Files\MSN Messenger\msnmsgr.exe
E:\Program Files\Internet Explorer\IEXPLORE.EXE
E:\Documents and Settings\James\My Documents\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://mysearchnow.com/searchbar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://mysearchnow.com/searchbar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://mysearchnow.com/searchbar.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchweb2.com/searchbar.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchweb2.com/searchbar.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchweb2.com/searchbar.html
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: (no name) - {0352960F-47BE-11D5-AB93-00D0B760B4EB} - E:\Program Files\ToPicks\Bin\HtCheck2.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {15FBEEE6-F5F7-0C7D-D933-51231F033B9B} - E:\PROGRA~1\MFCDIS~1\MODE TOOL.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - e:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - E:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - E:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - e:\program files\google\googletoolbar1.dll
O3 - Toolbar: pollaxis - {DA9FDD51-6E90-1B45-78EE-59654BAEB6B9} - E:\PROGRA~1\MFCDIS~1\MODE TOOL.dll
O4 - HKLM\..\Run: [Microsoft Update] wuamgrd.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [zBrowser Launcher] E:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Omnipage] E:\Program Files\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [GSICONEXE] gsicon.exe
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [WinampAgent] E:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE E:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVG_CC] E:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP
O4 - HKLM\..\Run: [ToPicks Starter] E:\Program Files\ToPicks\Bin\Idhost.exe
O4 - HKLM\..\Run: [MessengerPlus3] "E:\Program Files\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [Bleh Exit] E:\PROGRA~1\JOYFOR~1\Window Soap Creative.exe
O4 - HKLM\..\RunServices: [Microsoft Update] wuamgrd.exe
O4 - HKCU\..\Run: [CTFMON.EXE] E:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Microsoft Update] wuamgrd.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE E:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - Startup: Microsoft Find Fast.lnk = E:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Startup: Office Startup.lnk = E:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: BT Broadband Help.lnk = E:\Program Files\BT Broadband\Help\bin\matcli.exe
O4 - Global Startup: Exif Launcher.lnk = E:\Program Files\Exif Launcher\QuickDCF.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = E:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: &Google Search - res://E:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://E:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://E:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://E:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://E:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://E:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://E:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Si&milar Pages - res://E:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://E:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O12 - Plugin for .spop: E:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab28177.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macr...director/sw.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...er.cab28177.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab28177.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupd...8112.3726967593
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.ma...ash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C3439D2E-73B8-46D9-9FFF-F3429E318E6B}: NameServer = 217.35.209.180 194.74.65.68

#5 CelestialHippo

CelestialHippo

    Member

  • Full Member
  • Pip
  • 9 posts

Posted 30 May 2004 - 01:13 PM

Bump :huh:

#6 CelestialHippo

CelestialHippo

    Member

  • Full Member
  • Pip
  • 9 posts

Posted 30 May 2004 - 01:18 PM

Bump (again) :unsure:

#7 CelestialHippo

CelestialHippo

    Member

  • Full Member
  • Pip
  • 9 posts

Posted 30 May 2004 - 02:49 PM

Bump

#8 CelestialHippo

CelestialHippo

    Member

  • Full Member
  • Pip
  • 9 posts

Posted 31 May 2004 - 06:28 AM

bump

#9 CelestialHippo

CelestialHippo

    Member

  • Full Member
  • Pip
  • 9 posts

Posted 01 June 2004 - 05:35 AM

bump (Plz sum1!!! I need help!!!)

#10 Diva190

Diva190

    Member

  • New Member
  • Pip
  • 1 posts

Posted 04 June 2004 - 11:09 PM

I feel your pain. I posted on June first, and haven't got ONE reply. Maybe I did something wrong? But what I ended up doing was printing a copy of my hijack this log, going to google.com, and looking up every single thing it said it was running, for example..sms.exw. That is something I made up. But, if it was something that said it was a virus, etc..i just checked it in hijack this, and got rid of it. I also got rid of Microsoft Java and downloaded Sun Java at their website. I'm not sure if I did it all right, but my computer is now running a LOT better...and I stilll have no reply from this forum. I hope this helps you.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button