gp_kelly
asked on
Spyware that's impossible to get rid of.........
Hi, each time I open up my IE Explorer 6 I get hijacked by spyware.
2 windows pop up one called "Welcome to the System Performance Wizard" and the other called "Network Administrator Important Notice".
I've ran Ad Aware and Spybot but still I can't get rid of it. I'm able to use Mozilla but prefer IE.
Any suggestions?????
2 windows pop up one called "Welcome to the System Performance Wizard" and the other called "Network Administrator Important Notice".
I've ran Ad Aware and Spybot but still I can't get rid of it. I'm able to use Mozilla but prefer IE.
Any suggestions?????
ASKER
Logfile of HijackThis v1.97.7
Scan saved at 23:16:03, on 13/08/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.e xe
C:\WINDOWS\system32\winlog on.exe
C:\WINDOWS\system32\servic es.exe
C:\WINDOWS\system32\lsass. exe
C:\WINDOWS\system32\svchos t.exe
C:\WINDOWS\System32\svchos t.exe
C:\WINDOWS\system32\spools v.exe
C:\PROGRA~1\Grisoft\AVG6\a vgserv.exe
C:\WINDOWS\System32\gearse c.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc3 2.exe
C:\WINDOWS\System32\svchos t.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Hewlett-Packard\Digi tal Imaging\Unload\hpqcmon.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper. exe
C:\WINDOWS\BCMSMMSG.exe
C:\PROGRA~1\Grisoft\AVG6\a vgcc32.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\iPod\bin\iPodService .exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\wuaucl t.exe
C:\Documents and Settings\Catherine\Desktop \HijackThi s.exe
R1 - HKCU\Software\Microsoft\In ternet Explorer\Main,Search Bar = file://C:\DOCUME~1\CATHER~ 1\LOCALS~1 \Temp\sp.h tml
R1 - HKCU\Software\Microsoft\In ternet Explorer\Main,Search Page = file://C:\DOCUME~1\CATHER~ 1\LOCALS~1 \Temp\sp.h tml
R1 - HKCU\Software\Microsoft\In ternet Explorer\Main,Default_Page _URL = http://www.euro.dell.com/countries/uk/enu/gen/default.htm
R1 - HKCU\Software\Microsoft\In ternet Explorer\Search,SearchAssi stant = file://C:\DOCUME~1\CATHER~ 1\LOCALS~1 \Temp\sp.h tml
R1 - HKLM\Software\Microsoft\In ternet Explorer\Main,Search Bar = file://C:\DOCUME~1\CATHER~ 1\LOCALS~1 \Temp\sp.h tml
R1 - HKLM\Software\Microsoft\In ternet Explorer\Main,Search Page = file://C:\DOCUME~1\CATHER~ 1\LOCALS~1 \Temp\sp.h tml
R1 - HKLM\Software\Microsoft\In ternet Explorer\Main,Default_Page _URL = http://www.eircom.net
R0 - HKLM\Software\Microsoft\In ternet Explorer\Search,SearchAssi stant = file://C:\DOCUME~1\CATHER~ 1\LOCALS~1 \Temp\sp.h tml
R1 - HKCU\Software\Microsoft\In ternet Explorer\SearchURL,(Defaul t) = http://rd.yahoo.com/customize/ymsgr/defaults/su/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Wi ndows\Curr entVersion \Internet Settings,ProxyOverride = 127.0.0.1
R1 - HKCU\Software\Microsoft\In ternet Explorer\Main,HomeOldSP = about:blank
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-2 06D7942484 F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {93F8E8FE-1D92-45D4-901A-F DCE4B71EAD 5} - C:\WINDOWS\System32\egm.dl l
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-F ADC6B08487 2} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7 859DF00B1D 6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-0 0A0C908246 7} - C:\WINDOWS\System32\msdxm. ocx
O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\Hewlett-Packard\Digi tal Imaging\\Unload\hpqcmon.ex e
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe " -atboottime
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper. exe
O4 - HKLM\..\Run: [AceGain LiveUpdate] C:\Program Files\AceGain\LiveUpdate\L iveUpdate. exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl. dll,NvStar tup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\a vgcc32.exe /STARTUP
O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRA~1\Yahoo!\MESSEN~ 1\ypager.e xe -quiet
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O14 - IERESET.INF: START_PAGE_URL=http://www.eircom.net
O16 - DPF: {0246ECA8-996F-11D1-BE2F-0 0A0C9037DF E} (TDServer Control) - http://www.may.ie/wfplayer/tdserver.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-4 4455354000 0} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-F A1D4F56A2A B} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst.cab
O16 - DPF: {8C285F85-0DBD-11D3-8B37-0 0A02459FA0 F} (CuWeb CuWebConf) - http://ic.vcsystem.com/packages/cuweb.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-4 7A8489BB47 F} - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38204.6700462963
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-4 4455354000 0} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D8089245-3211-40F6-819B-9 E5E92CD61A 2} (FlashXControl Object) - https://register3.valueactive.com/458/webolr/OCX/FlashAX.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-5 87CAF3EE8C 6} (MSN Chat Control 4.5) - http://sc.communities.msn.com/controls/chat/msnchat45.cab
Scan saved at 23:16:03, on 13/08/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.e
C:\WINDOWS\system32\winlog
C:\WINDOWS\system32\servic
C:\WINDOWS\system32\lsass.
C:\WINDOWS\system32\svchos
C:\WINDOWS\System32\svchos
C:\WINDOWS\system32\spools
C:\PROGRA~1\Grisoft\AVG6\a
C:\WINDOWS\System32\gearse
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc3
C:\WINDOWS\System32\svchos
C:\WINDOWS\Explorer.EXE
C:\Program Files\Hewlett-Packard\Digi
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.
C:\WINDOWS\BCMSMMSG.exe
C:\PROGRA~1\Grisoft\AVG6\a
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\iPod\bin\iPodService
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\wuaucl
C:\Documents and Settings\Catherine\Desktop
R1 - HKCU\Software\Microsoft\In
R1 - HKCU\Software\Microsoft\In
R1 - HKCU\Software\Microsoft\In
R1 - HKCU\Software\Microsoft\In
R1 - HKLM\Software\Microsoft\In
R1 - HKLM\Software\Microsoft\In
R1 - HKLM\Software\Microsoft\In
R0 - HKLM\Software\Microsoft\In
R1 - HKCU\Software\Microsoft\In
R1 - HKCU\Software\Microsoft\Wi
R1 - HKCU\Software\Microsoft\In
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-2
O2 - BHO: (no name) - {93F8E8FE-1D92-45D4-901A-F
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-F
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-0
O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\Hewlett-Packard\Digi
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.
O4 - HKLM\..\Run: [AceGain LiveUpdate] C:\Program Files\AceGain\LiveUpdate\L
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\a
O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRA~1\Yahoo!\MESSEN~
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O14 - IERESET.INF: START_PAGE_URL=http://www.eircom.net
O16 - DPF: {0246ECA8-996F-11D1-BE2F-0
O16 - DPF: {166B1BCA-3F9C-11CF-8075-4
O16 - DPF: {30528230-99F7-4BB4-88D8-F
O16 - DPF: {8C285F85-0DBD-11D3-8B37-0
O16 - DPF: {9F1C11AA-197B-4942-BA54-4
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-4
O16 - DPF: {D8089245-3211-40F6-819B-9
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-5
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
What do you mean "fix the following entries"? How do I go about fixing them?
put a check mark against those lines in hijakchtis, and then click on Fix Checked !!!!
and its better if u move the hijackthis from Desktop to another new folder :)
and its better if u move the hijackthis from Desktop to another new folder :)
ASKER
Hi SheharyaarSaahil,
That appears to have worked! Thank you very much!
How do I give you the 500 points?
That appears to have worked! Thank you very much!
How do I give you the 500 points?
great :)
u just need to hit the Accept button which u can see infront of each comment,,, hit the one which is infront of that comment which solved ur problem,,,, and then Assign a grade... that's all :)
for more info. on how to close a Question, plzz refer here >> https://www.experts-exchange.com/help.jsp#hs5
!! Good Luck !!
u just need to hit the Accept button which u can see infront of each comment,,, hit the one which is infront of that comment which solved ur problem,,,, and then Assign a grade... that's all :)
for more info. on how to close a Question, plzz refer here >> https://www.experts-exchange.com/help.jsp#hs5
!! Good Luck !!
ASKER
Done, thanks again.
^_^
Download HijackThis v1.98.2, run it, Save the LOG file and Post it here:
http://tools.radiosplace.com/HijackThis.exe