gp_kelly
asked on
Spyware that's impossible to get rid of.........
Hi, each time I open up my IE Explorer 6 I get hijacked by spyware.
2 windows pop up one called "Welcome to the System Performance Wizard" and the other called "Network Administrator Important Notice".
I've ran Ad Aware and Spybot but still I can't get rid of it. I'm able to use Mozilla but prefer IE.
Any suggestions?????
2 windows pop up one called "Welcome to the System Performance Wizard" and the other called "Network Administrator Important Notice".
I've ran Ad Aware and Spybot but still I can't get rid of it. I'm able to use Mozilla but prefer IE.
Any suggestions?????
ASKER
Logfile of HijackThis v1.97.7
Scan saved at 23:16:03, on 13/08/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.e
C:\WINDOWS\system32\winlog
C:\WINDOWS\system32\servic
C:\WINDOWS\system32\lsass.
C:\WINDOWS\system32\svchos
C:\WINDOWS\System32\svchos
C:\WINDOWS\system32\spools
C:\PROGRA~1\Grisoft\AVG6\a
C:\WINDOWS\System32\gearse
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc3
C:\WINDOWS\System32\svchos
C:\WINDOWS\Explorer.EXE
C:\Program Files\Hewlett-Packard\Digi
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.
C:\WINDOWS\BCMSMMSG.exe
C:\PROGRA~1\Grisoft\AVG6\a
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\iPod\bin\iPodService
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\wuaucl
C:\Documents and Settings\Catherine\Desktop
R1 - HKCU\Software\Microsoft\In
R1 - HKCU\Software\Microsoft\In
R1 - HKCU\Software\Microsoft\In
R1 - HKCU\Software\Microsoft\In
R1 - HKLM\Software\Microsoft\In
R1 - HKLM\Software\Microsoft\In
R1 - HKLM\Software\Microsoft\In
R0 - HKLM\Software\Microsoft\In
R1 - HKCU\Software\Microsoft\In
R1 - HKCU\Software\Microsoft\Wi
R1 - HKCU\Software\Microsoft\In
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-2
O2 - BHO: (no name) - {93F8E8FE-1D92-45D4-901A-F
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-F
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-0
O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\Hewlett-Packard\Digi
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.
O4 - HKLM\..\Run: [AceGain LiveUpdate] C:\Program Files\AceGain\LiveUpdate\L
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\a
O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRA~1\Yahoo!\MESSEN~
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O14 - IERESET.INF: START_PAGE_URL=http://www.eircom.net
O16 - DPF: {0246ECA8-996F-11D1-BE2F-0
O16 - DPF: {166B1BCA-3F9C-11CF-8075-4
O16 - DPF: {30528230-99F7-4BB4-88D8-F
O16 - DPF: {8C285F85-0DBD-11D3-8B37-0
O16 - DPF: {9F1C11AA-197B-4942-BA54-4
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-4
O16 - DPF: {D8089245-3211-40F6-819B-9
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-5
Scan saved at 23:16:03, on 13/08/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.e
C:\WINDOWS\system32\winlog
C:\WINDOWS\system32\servic
C:\WINDOWS\system32\lsass.
C:\WINDOWS\system32\svchos
C:\WINDOWS\System32\svchos
C:\WINDOWS\system32\spools
C:\PROGRA~1\Grisoft\AVG6\a
C:\WINDOWS\System32\gearse
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc3
C:\WINDOWS\System32\svchos
C:\WINDOWS\Explorer.EXE
C:\Program Files\Hewlett-Packard\Digi
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.
C:\WINDOWS\BCMSMMSG.exe
C:\PROGRA~1\Grisoft\AVG6\a
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\iPod\bin\iPodService
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\wuaucl
C:\Documents and Settings\Catherine\Desktop
R1 - HKCU\Software\Microsoft\In
R1 - HKCU\Software\Microsoft\In
R1 - HKCU\Software\Microsoft\In
R1 - HKCU\Software\Microsoft\In
R1 - HKLM\Software\Microsoft\In
R1 - HKLM\Software\Microsoft\In
R1 - HKLM\Software\Microsoft\In
R0 - HKLM\Software\Microsoft\In
R1 - HKCU\Software\Microsoft\In
R1 - HKCU\Software\Microsoft\Wi
R1 - HKCU\Software\Microsoft\In
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-2
O2 - BHO: (no name) - {93F8E8FE-1D92-45D4-901A-F
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-F
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-0
O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\Hewlett-Packard\Digi
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.
O4 - HKLM\..\Run: [AceGain LiveUpdate] C:\Program Files\AceGain\LiveUpdate\L
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\a
O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRA~1\Yahoo!\MESSEN~
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O14 - IERESET.INF: START_PAGE_URL=http://www.eircom.net
O16 - DPF: {0246ECA8-996F-11D1-BE2F-0
O16 - DPF: {166B1BCA-3F9C-11CF-8075-4
O16 - DPF: {30528230-99F7-4BB4-88D8-F
O16 - DPF: {8C285F85-0DBD-11D3-8B37-0
O16 - DPF: {9F1C11AA-197B-4942-BA54-4
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-4
O16 - DPF: {D8089245-3211-40F6-819B-9
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-5
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
What do you mean "fix the following entries"? How do I go about fixing them?
put a check mark against those lines in hijakchtis, and then click on Fix Checked !!!!
and its better if u move the hijackthis from Desktop to another new folder :)
and its better if u move the hijackthis from Desktop to another new folder :)
ASKER
Hi SheharyaarSaahil,
That appears to have worked! Thank you very much!
How do I give you the 500 points?
That appears to have worked! Thank you very much!
How do I give you the 500 points?
great :)
u just need to hit the Accept button which u can see infront of each comment,,, hit the one which is infront of that comment which solved ur problem,,,, and then Assign a grade... that's all :)
for more info. on how to close a Question, plzz refer here >> https://www.experts-exchange.com/help.jsp#hs5
!! Good Luck !!
u just need to hit the Accept button which u can see infront of each comment,,, hit the one which is infront of that comment which solved ur problem,,,, and then Assign a grade... that's all :)
for more info. on how to close a Question, plzz refer here >> https://www.experts-exchange.com/help.jsp#hs5
!! Good Luck !!
ASKER
Done, thanks again.
^_^
Download HijackThis v1.98.2, run it, Save the LOG file and Post it here:
http://tools.radiosplace.com/HijackThis.exe