Jump to content


Photo

Spywars: The Saga Continues


  • Please log in to reply
11 replies to this topic

#1 ebolacola

ebolacola

    Member

  • Full Member
  • Pip
  • 22 posts

Posted 07 June 2004 - 03:08 PM

I have already been helped from this forum on my main computer for where I live.
But at my mother's house the computer here is loaded with spyware (everytime i come back when its idle i get about 50 messenger pop-ups as well as IE pop ups, hijacked browser, the whole works)
On my Other computer Daemon helped me out and it was very helpful as i have no problems with that computer no more, I tried applying that knowledge on this computer but it was unsuccessful (just like my spelling)
anyway, heres the HJT log:

Logfile of HijackThis v1.97.7
Scan saved at 2:44:11 PM, on 6/18/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\crqs.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Creative\ShareDLL\CtNotify.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\NetPumper\NetPumperIEProxy.exe
C:\Program Files\Creative\ShareDLL\MediaDet.Exe
C:\WINDOWS\mfcwh.exe
C:\WINDOWS\System32\RPCX1sq234.exe
C:\WINDOWS\System32\memoptimize.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Creative\SBAudigy\Taskbar\CTLTray.exe
C:\Program Files\Creative\SBAudigy\Taskbar\CTLTask.exe
C:\Program Files\Creative\SBAudigy\RemoteCenter\Rc\Rcman.exe
C:\Program Files\AIM\aim.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\winlogon.exe
C:\PROGRA~1\FASTRE~1\NETFileServer.exe
C:\Program Files\Creative\SBAudigy\RemoteCenter\Rc\OSDMenu.EXE
C:\Program Files\Creative\SBAudigy\RemoteCenter\Rc\EAX.exe
C:\Program Files\Creative\SBAudigy\RemoteCenter\Rc\VRC.exe
C:\Program Files\Creative\SBAudigy\RemoteCenter\Center\RCenter.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Administrator\Desktop\anti spyware\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://find4u.net/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\wulwm.dll/sp.html#795108708
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://wulwm.dll/index.html#795108708
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://wulwm.dll/index.html#795108708
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\wulwm.dll/sp.html#795108708
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://wulwm.dll/index.html#795108708
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\wulwm.dll/sp.html#795108708
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://find4u.net/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://find4u.net/index.htm
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {36CC50DE-E932-3435-B11B-709E3AFE8849} - C:\WINDOWS\sdkeb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\SBAudigy\Program\CTEaxSpl.EXE /run
O4 - HKLM\..\Run: [Jet Detection] C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "C:\Program Files\AIM\\DeadAIM.ocm",ExportedCheckODLs
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NAV CfgWiz] C:\Program Files\Common Files\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NetPumper] "C:\Program Files\NetPumper\NetPumperIEProxy.exe"
O4 - HKLM\..\Run: [windowsupdate] RPCX1sq234.exe
O4 - HKLM\..\Run: [System Service] C:\WINDOWS\System32\msrexe.exe
O4 - HKLM\..\Run: [memory optimizer] memoptimize.exe
O4 - HKLM\..\Run: [Image] rundll32 C:\WINDOWS\sdkqh32.dll,Install
O4 - HKLM\..\Run: [mfcwh.exe] C:\WINDOWS\mfcwh.exe
O4 - HKLM\..\RunServices: [windowsupdate] RPCX1sq234.exe
O4 - HKLM\..\RunServices: [memory optimizer] memoptimize.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [TaskTray] C:\Program Files\Creative\SBAudigy\Taskbar\CTLTray.exe
O4 - HKCU\..\Run: [Taskbar] C:\Program Files\Creative\SBAudigy\Taskbar\CTLTask.exe
O4 - HKCU\..\Run: [RemoteCenter] C:\Program Files\Creative\SBAudigy\RemoteCenter\Rc\Rcman.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Steam] "c:\progra~1\steam\steam.exe" -silent
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - HKCU\..\RunServices: [Image] rundll32 C:\WINDOWS\sdkqh32.dll,Install
O4 - HKLM\..\RunOnce: [msvo32.exe] C:\WINDOWS\msvo32.exe
O4 - HKLM\..\RunOnce: [sdkqp32.exe] C:\WINDOWS\sdkqp32.exe
O4 - HKLM\..\RunOnce: [addnh32.exe] C:\WINDOWS\system32\addnh32.exe
O4 - Startup: Fastream NETFile Server.lnk = C:\Program Files\Fastream NETFile Server\UNWISE.EXE
O4 - Global Startup: winlogon.exe
O9 - Extra button: AIM (HKLM)
O9 - Extra button: PartyPoker.com (HKLM)
O9 - Extra 'Tools' menuitem: PartyPoker.com (HKLM)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macr...director/sw.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.micr...922/wmv9VCM.CAB
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akama...llInstaller.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab


as always, help is greatly appreciated (and hopefully i learn enough about spyware to remove it myself and help others)

Edited by ebolacola, 18 June 2004 - 01:45 PM.


#2 ebolacola

ebolacola

    Member

  • Full Member
  • Pip
  • 22 posts

Posted 08 June 2004 - 05:34 PM

**Bump

#3 ebolacola

ebolacola

    Member

  • Full Member
  • Pip
  • 22 posts

Posted 09 June 2004 - 10:26 AM

bump

#4 ebolacola

ebolacola

    Member

  • Full Member
  • Pip
  • 22 posts

Posted 10 June 2004 - 02:24 AM

bump

#5 ebolacola

ebolacola

    Member

  • Full Member
  • Pip
  • 22 posts

Posted 10 June 2004 - 02:59 PM

bump post

#6 ebolacola

ebolacola

    Member

  • Full Member
  • Pip
  • 22 posts

Posted 11 June 2004 - 07:08 PM

uh... bump!

#7 ebolacola

ebolacola

    Member

  • Full Member
  • Pip
  • 22 posts

Posted 12 June 2004 - 04:09 PM

bump

#8 ebolacola

ebolacola

    Member

  • Full Member
  • Pip
  • 22 posts

Posted 14 June 2004 - 01:39 AM

bump

#9 ebolacola

ebolacola

    Member

  • Full Member
  • Pip
  • 22 posts

Posted 14 June 2004 - 01:59 PM

bump

#10 ebolacola

ebolacola

    Member

  • Full Member
  • Pip
  • 22 posts

Posted 18 June 2004 - 01:45 PM

Bump!

#11 ebolacola

ebolacola

    Member

  • Full Member
  • Pip
  • 22 posts

Posted 20 June 2004 - 05:51 PM

bump!

#12 ebolacola

ebolacola

    Member

  • Full Member
  • Pip
  • 22 posts

Posted 21 June 2004 - 07:36 PM

last bump before new topic




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button