Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

help


  • Please log in to reply
1 reply to this topic

#1 jazz

jazz

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:10:03 AM

Posted 06 June 2005 - 07:46 AM

im sorry if ive posted this in the wrong place

hi ive got rid of most of my spyware that i had on my computer but slotchbar and xz still remain on my computer

this is my scan
(Mod edit: split off and deleted member's own reply to this post, and moved the original post to the HJT log Forum for team review.jgweed)
Logfile of HijackThis v1.99.1
Scan saved at 13:43:49, on 06/06/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\WINDOWS\system32\p2pnetworking.exe
C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HJ\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bbc.co.uk/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [winupdate] C:\Program Files\winupdate\winupdate.exe /auto
O4 - HKLM\..\Run: [p2pnetworking] p2pnetworking.exe
O4 - HKLM\..\Run: [Uninstall_WinTools] C:\WINDOWS\Temp\WTuninst.exe /remove
O4 - HKLM\..\RunServices: [p2pnetworking] p2pnetworking.exe
O4 - HKCU\..\Run: [InstantTray] C:\Program Files\Pinnacle\Shared Files\InstantCDDVD\PCLETray.exe
O4 - HKCU\..\Run: [IW_Drop_Icon] C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe /DropDisc
O4 - HKCU\..\Run: [dB0sRRaEU] shmwmi.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://ny.contentmatch.net (HKLM)
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwe...up1.0.0.8-2.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1110116840045
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab
O16 - DPF: {F229AB32-7BF9-4225-B78F-B4680AE6FC23} (Snapfish File Upload ActiveX Control) - http://www.snapfish.co.uk/SnapfishUKUpload.cab
O23 - Service: COM+ System Application (COMSysApp) - Unknown owner - C:\WINDOWS\System32\dllhost.exe (file missing)
O23 - Service: MS Software Shadow Copy Provider (SwPrv) - Unknown owner - C:\WINDOWS\System32\dllhost.exe (file missing)


can somebody please help me i just want to get rid of my remaining spyware,
also my exams are starting in a couple of days and i need my computer to function properly so i can revise. please help me

thanks

Edited by jgweed, 06 June 2005 - 10:58 AM.


BC AdBot (Login to Remove)

 


m

#2 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,388 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:10:03 AM

Posted 07 June 2005 - 03:42 PM

Print out these instructions and then close all windows including Internet Explorer.

Then I want you to fix some of those entries. Please do the following:

Please make sure that you can view all hidden files. Instructions on how to do this can be found here:

How to see hidden files in Windows

Run Hijackthis again, click scan, and Put a checkmark next to each of these. Then click the Fix button:

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O4 - HKLM\..\Run: [p2pnetworking] p2pnetworking.exe
O4 - HKLM\..\Run: [Uninstall_WinTools] C:\WINDOWS\Temp\WTuninst.exe /remove
O4 - HKLM\..\RunServices: [p2pnetworking] p2pnetworking.exe
O4 - HKCU\..\Run: [dB0sRRaEU] shmwmi.exe
O15 - Trusted Zone: http://ny.contentmatch.net (HKLM)
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwe...up1.0.0.8-2.cab

Reboot your computer into Safe Mode

Then delete these files or directories (Do not be concerned if they do not exist)

c:\windows\system32\p2pnetworking.exe
C:\WINDOWS\Temp\WTuninst.exe
c:\windows\system32\shmwmi.exe

Reboot your computer to go back to normal mode and post a new log.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users