aej1973
asked on
Spyware problem!!
I seem to have a bad spyware problem on my computer. It is running very slowly and I am getting a lot of pop ups. Can you help me get rid of this. I have posted my log file below:
Logfile of HijackThis v1.99.1
Scan saved at 8:31:08 AM, on 4/24/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.e
C:\WINDOWS\system32\winlog
C:\WINDOWS\system32\servic
C:\WINDOWS\system32\lsass.
C:\WINDOWS\system32\svchos
C:\WINDOWS\System32\svchos
C:\WINDOWS\system32\spools
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\reals
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_02\bin
C:\WINDOWS\System32\rundll
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\PowerPanel\Program\P
C:\Program Files\OLYMPUS\CAMEDIA Master 4.1\CM_camera.exe
C:\Program Files\eFax Messenger Plus\Dllcmd32.exe
C:\Program Files\eFax Messenger Plus\HotTray.exe
C:\Program Files\PRTG Traffic Grapher 4\prtg4.exe
C:\Program Files\PRTG Traffic Grapher 4\prtg4.exe
C:\WINDOWS\System32\wltrys
C:\WINDOWS\System32\bcmwlt
C:\WINDOWS\System32\svchos
C:\WINDOWS\System32\wuaucl
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\wuaucl
C:\Documents and Settings\Marsha\Local Settings\Temp\Temporary Directory 3 for hijackthis[1].zip\HijackTh
R1 - HKCU\Software\Microsoft\In
R1 - HKCU\Software\Microsoft\In
R1 - HKLM\Software\Microsoft\In
R1 - HKLM\Software\Microsoft\In
R1 - HKLM\Software\Microsoft\In
R1 - HKLM\Software\Microsoft\In
R1 - HKCU\Software\Microsoft\In
R0 - HKLM\Software\Microsoft\In
R1 - HKCU\Software\Microsoft\In
R1 - HKCU\Software\Microsoft\In
R1 - HKLM\Software\Microsoft\In
R1 - HKCU\Software\Microsoft\In
R3 - URLSearchHook: (no name) - {20EC3D2D-33C1-4C9D-BC37-C
O2 - BHO: (no name) - {9C9E9A27-C910-4441-8680-2
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-C
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-0
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-0
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\reals
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin
O4 - HKLM\..\Run: [sp] rundll32 C:\DOCUME~1\Marsha\LOCALS~
O4 - HKLM\..\Run: [Security iGuard] C:\Program Files\Security iGuard\Security iGuard.exe
O4 - HKLM\..\Run: [TV Media] C:\PROGRAM FILES\TV MEDIA\Tvm.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe
O4 - HKCU\..\Run: [TV Media] C:\PROGRAM FILES\TV MEDIA\Tvm.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Ad
O4 - Global Startup: PowerPanel.lnk = C:\Program Files\PowerPanel\Program\P
O4 - Global Startup: VAIO Action Setup (Server).lnk = C:\Program Files\Sony\VAIO Action Setup\VAServ.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0b\aoltray.exe
O4 - Global Startup: AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exe
O4 - Global Startup: ZIPscript.lnk = C:\NavPress\ZIPscrpt.exe
O4 - Global Startup: CAMEDIA Master.lnk = C:\Program Files\OLYMPUS\CAMEDIA Master 4.1\CM_camera.exe
O4 - Global Startup: Live Menu.lnk = C:\Program Files\eFax Messenger Plus\Dllcmd32.exe
O4 - Global Startup: eFax Tray Menu.lnk = C:\Program Files\eFax Messenger Plus\HotTray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-0
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-0
O9 - Extra button: (no name) - {120E090D-9136-4b78-8258-F
O9 - Extra 'Tools' menuitem: MaxSpeed - {120E090D-9136-4b78-8258-F
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-0
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-0
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-0
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-0
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-0
O9 - Extra button: Microsoft AntiSpyware helper - {8517FE74-CC6B-48BF-B2DC-1
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {8517FE74-CC6B-48BF-B2DC-1
O16 - DPF: Win32 Classes -
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0
O16 - DPF: {62475759-9E84-458E-A1AB-5
O16 - DPF: {6414512B-B978-451D-A0D8-F
O16 - DPF: {AA59BA6E-B44F-4514-AB3C-0
O16 - DPF: {CA034DCC-A580-4333-B52F-1
O16 - DPF: {D18F962A-3722-4B59-B08D-2
O18 - Filter: text/html - {FC4F1150-54BA-44E0-8A63-1
O18 - Filter: text/plain - {FC4F1150-54BA-44E0-8A63-1
O23 - Service: PRTG 4 Service - Paessler Router Traffic Grapher (PRTG4Service) - Paessler GmbH - C:\Program Files\PRTG Traffic Grapher 4\prtg4.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\wltrys
Thank you.
A
Logfile of HijackThis v1.99.1
Scan saved at 8:31:08 AM, on 4/24/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.e
C:\WINDOWS\system32\winlog
C:\WINDOWS\system32\servic
C:\WINDOWS\system32\lsass.
C:\WINDOWS\system32\svchos
C:\WINDOWS\System32\svchos
C:\WINDOWS\system32\spools
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\reals
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_02\bin
C:\WINDOWS\System32\rundll
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\PowerPanel\Program\P
C:\Program Files\OLYMPUS\CAMEDIA Master 4.1\CM_camera.exe
C:\Program Files\eFax Messenger Plus\Dllcmd32.exe
C:\Program Files\eFax Messenger Plus\HotTray.exe
C:\Program Files\PRTG Traffic Grapher 4\prtg4.exe
C:\Program Files\PRTG Traffic Grapher 4\prtg4.exe
C:\WINDOWS\System32\wltrys
C:\WINDOWS\System32\bcmwlt
C:\WINDOWS\System32\svchos
C:\WINDOWS\System32\wuaucl
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\wuaucl
C:\Documents and Settings\Marsha\Local Settings\Temp\Temporary Directory 3 for hijackthis[1].zip\HijackTh
R1 - HKCU\Software\Microsoft\In
R1 - HKCU\Software\Microsoft\In
R1 - HKLM\Software\Microsoft\In
R1 - HKLM\Software\Microsoft\In
R1 - HKLM\Software\Microsoft\In
R1 - HKLM\Software\Microsoft\In
R1 - HKCU\Software\Microsoft\In
R0 - HKLM\Software\Microsoft\In
R1 - HKCU\Software\Microsoft\In
R1 - HKCU\Software\Microsoft\In
R1 - HKLM\Software\Microsoft\In
R1 - HKCU\Software\Microsoft\In
R3 - URLSearchHook: (no name) - {20EC3D2D-33C1-4C9D-BC37-C
O2 - BHO: (no name) - {9C9E9A27-C910-4441-8680-2
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-C
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-0
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-0
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\reals
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin
O4 - HKLM\..\Run: [sp] rundll32 C:\DOCUME~1\Marsha\LOCALS~
O4 - HKLM\..\Run: [Security iGuard] C:\Program Files\Security iGuard\Security iGuard.exe
O4 - HKLM\..\Run: [TV Media] C:\PROGRAM FILES\TV MEDIA\Tvm.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe
O4 - HKCU\..\Run: [TV Media] C:\PROGRAM FILES\TV MEDIA\Tvm.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Ad
O4 - Global Startup: PowerPanel.lnk = C:\Program Files\PowerPanel\Program\P
O4 - Global Startup: VAIO Action Setup (Server).lnk = C:\Program Files\Sony\VAIO Action Setup\VAServ.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0b\aoltray.exe
O4 - Global Startup: AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exe
O4 - Global Startup: ZIPscript.lnk = C:\NavPress\ZIPscrpt.exe
O4 - Global Startup: CAMEDIA Master.lnk = C:\Program Files\OLYMPUS\CAMEDIA Master 4.1\CM_camera.exe
O4 - Global Startup: Live Menu.lnk = C:\Program Files\eFax Messenger Plus\Dllcmd32.exe
O4 - Global Startup: eFax Tray Menu.lnk = C:\Program Files\eFax Messenger Plus\HotTray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-0
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-0
O9 - Extra button: (no name) - {120E090D-9136-4b78-8258-F
O9 - Extra 'Tools' menuitem: MaxSpeed - {120E090D-9136-4b78-8258-F
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-0
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-0
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-0
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-0
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-0
O9 - Extra button: Microsoft AntiSpyware helper - {8517FE74-CC6B-48BF-B2DC-1
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {8517FE74-CC6B-48BF-B2DC-1
O16 - DPF: Win32 Classes -
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0
O16 - DPF: {62475759-9E84-458E-A1AB-5
O16 - DPF: {6414512B-B978-451D-A0D8-F
O16 - DPF: {AA59BA6E-B44F-4514-AB3C-0
O16 - DPF: {CA034DCC-A580-4333-B52F-1
O16 - DPF: {D18F962A-3722-4B59-B08D-2
O18 - Filter: text/html - {FC4F1150-54BA-44E0-8A63-1
O18 - Filter: text/plain - {FC4F1150-54BA-44E0-8A63-1
O23 - Service: PRTG 4 Service - Paessler Router Traffic Grapher (PRTG4Service) - Paessler GmbH - C:\Program Files\PRTG Traffic Grapher 4\prtg4.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\wltrys
Thank you.
A
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Is it listed in desktop -> properties ->desktop ->background?
-> Search Button.
Or you simply download it again from the internet.
Tolomir
-> Search Button.
Or you simply download it again from the internet.
Tolomir
Or reactivate the active desktop :)
Righclick the background and set it there.
Lastly:
C:\WINDOWS\System32\rundll
COULD.
The file itsself is 100% windows safe.
Also do NOT run hijackthis from a temp directory,
Create a nice dir for it to run from.
Righclick the background and set it there.
Lastly:
C:\WINDOWS\System32\rundll
COULD.
The file itsself is 100% windows safe.
Also do NOT run hijackthis from a temp directory,
Create a nice dir for it to run from.
ASKER
Hello: I am sorry for the delay in getting back. I was on the road for a few days.
When I get to the desktop properties it gives me a option only to change the screen saver and there is no desktop option.Also when I turn on the computer I get the following message;
c:/document ~/admin/local~?temp/se.dll
Module cannot be found
What is to be done, it takes a lot of time before the system starts up. The spyware problem seems to have been taken care of. Thank you for the help.
A
When I get to the desktop properties it gives me a option only to change the screen saver and there is no desktop option.Also when I turn on the computer I get the following message;
c:/document ~/admin/local~?temp/se.dll
Module cannot be found
What is to be done, it takes a lot of time before the system starts up. The spyware problem seems to have been taken care of. Thank you for the help.
A
Hi!
This is probably a "reach" but -
Run "Regedit" and navigate to this key:
HKEY_CURRENT_USER\Software
What is showing in the right-hand pane?
RF
This is probably a "reach" but -
Run "Regedit" and navigate to this key:
HKEY_CURRENT_USER\Software
What is showing in the right-hand pane?
RF
ASKER
Name: default
Type:REG_SZ
Data: Value not set
This is what is there on the right hand side. Thanks.
Type:REG_SZ
Data: Value not set
This is what is there on the right hand side. Thanks.
Download and run adaware and microsoft anti-spyware. These two together do a great job for me and they're free!!
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I had a back ground picture before my system got infected with the spyware but now as a back ground picture I only have a black screen on my desktop. How do I get my original picture back? Thanks a ton again for all the help.
A