Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help Required To Remove Malware Using Hijackthis


  • Please log in to reply
2 replies to this topic

#1 AJT

AJT

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:08:33 AM

Posted 20 December 2005 - 02:31 PM

Hi i'm new to this forum and need help with the aforementioned problem.
I have performed a system scan using Hijackthis version 1.99.1 and have saved the log file in notepad. This is first time I have used Hijackthis and as recommended by download.com am asking expert advice on what I should delete.Also I am not sure on how to get across the content of the log file to you all-should I just copy and paste the contents and then post them here?

The following details might help:-

My computer seems to have been infected by a variety of adware/spyware/malware ever since i started downloading things with my DSL broadband connection. I earlier had dial-up connection and never faced any problems.

The main/obvious problems are that my IE homepage seems to have been hijacked, I get repeated suspicious offers to clean my computer of spyware (for example a ticker rolling across the top of the screen), whenever i search using google or googletoolbar a window of some suspicious websearch program pops up alongside google search results, I get random pop-ups (pop-up blockers dont seem to work on them) asking me to go to random sites(free songs, cheap shopping, second-hand electric guitars on sale etc etc).I also get the feeling there is a program trying to find my passwords, login ID's, usernames etc and keeping track of my online history. No concrete proof of that-just a feeling- and the fact that when i checked my privacy/security settings all options for saving profiles, saving passwords, autofill entries etc were turned on. I NEVER keep these options on, I didn't change them, and no one uses this computer except me-there is no question of a family member/friend/colleague changing settings. Also in Control Panel , in Add/Remove programs list there is something called 'Home Search Assistent'. I did not install it/download it and cannot remove it.


What I have already tried Net result/effect

AVG Anti-Virus Free Useless
Spybot-Search and Destroy Ineffective
Xoftspy Toothless
Ad-Aware SE Personal Waste of time
sygate personal firewall Doesn't work

All of them seem to detect approximately the same thing/same number of things, go on to delete/heal/quarantine them and then- nothing.Back to square one. (Incidentally all of them are updated)


I use these web browsers:- Mozilla Firefox v1.0.7 and Internet Explorer version 6.





Logfile of HijackThis v1.99.1
Scan saved at 6:38:46 PM, on 12/21/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\System32\RunDll32.exe
D:\Program Files\Winamp\Winampa.exe
D:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
D:\WINDOWS\System32\taskswitch.exe
D:\WINDOWS\System32\fast.exe
D:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
F:\RAM Idle\RAM_XP.exe
D:\DOCUME~1\ARJITP~1\LOCALS~1\Temp\A.tmp.exe
D:\DOCUME~1\ARJITP~1\LOCALS~1\Temp\B.tmp.exe
D:\Program Files\Messenger\msmsgs.exe
D:\WINDOWS\System32\ctfmon.exe
E:\LeechGet 2005\LeechGet.exe
D:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
D:\Program Files\WinZip\WZQKPICK.EXE
D:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
D:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
D:\WINDOWS\FSScrCtl.exe
D:\WINDOWS\system32\pctspk.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\System32\Fast.exe
F:\mis\secretmaker.exe
D:\WINDOWS\System32\wuauclt.exe
C:\unzipped\firefox.exe
D:\WINDOWS\System32\wuauclt.exe
C:\unzipped\hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Class - {55F4BD18-058D-347C-8E7D-A8A1A3B788F3} - D:\WINDOWS\system32\winbg.dll
O2 - BHO: Class - {7B55DFC8-04ED-D77B-9AAD-79F8010DCB30} - D:\WINDOWS\system32\ipoz.dll
O2 - BHO: IeHelper Class - {A491D208-B353-490F-B81A-A8A3DC97042D} - "D:\WINDOWS\System32\smiehlp.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\program files\google\googletoolbar1.dll
O2 - BHO: Class - {F6FA4846-407B-1704-55C6-49034869A8A2} - D:\WINDOWS\javajy32.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.dll,CMICtrlWnd
O4 - HKLM\..\Run: [WinampAgent] "D:\Program Files\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [LVCOMS] D:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
O4 - HKLM\..\Run: [BackgroundSwitcher] D:\WINDOWS\System32\bgswitch.exe
O4 - HKLM\..\Run: [CoolSwitch] D:\WINDOWS\System32\taskswitch.exe
O4 - HKLM\..\Run: [FastUser] D:\WINDOWS\System32\fast.exe
O4 - HKLM\..\Run: [Renovate] D:\WINDOWS\System32\Renovate.exe
O4 - HKLM\..\Run: [AVG7_CC] D:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [RAM Idle Professional] F:\RAM Idle\RAM_XP.exe
O4 - HKLM\..\Run: [SmcService] D:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [apigm32.exe] D:\WINDOWS\system32\apigm32.exe
O4 - HKLM\..\Run: [A.tmp] D:\DOCUME~1\ARJITP~1\LOCALS~1\Temp\A.tmp.exe
O4 - HKLM\..\Run: [B.tmp] D:\DOCUME~1\ARJITP~1\LOCALS~1\Temp\B.tmp.exe
O4 - HKLM\..\Run: [apicy32.exe] D:\WINDOWS\apicy32.exe
O4 - HKLM\..\Run: [A.tmp.exe] D:\DOCUME~1\ARJITP~1\LOCALS~1\Temp\A.tmp.exe
O4 - HKLM\..\Run: [B.tmp.exe] D:\DOCUME~1\ARJITP~1\LOCALS~1\Temp\B.tmp.exe
O4 - HKLM\..\Run: [d3yc.exe] D:\WINDOWS\system32\d3yc.exe
O4 - HKLM\..\Run: [syslt.exe] D:\WINDOWS\syslt.exe
O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [LeechGet] "E:\LeechGet 2005\LeechGet.exe" -intray
O4 - Startup: Screen Saver Control.lnk = D:\WINDOWS\FSScrCtl.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: WinZip Quick Pick.lnk = D:\Program Files\WinZip\WZQKPICK.EXE
O4 - Global Startup: SECRETMAKER.lnk = F:\mis\secretmaker.exe
O8 - Extra context menu item: &Google Search - res://D:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://D:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://D:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://D:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Download using LeechGet - file://E:\LeechGet 2005\\AddUrl.html
O8 - Extra context menu item: Download using LeechGet Wizard - file://E:\LeechGet 2005\\Wizard.html
O8 - Extra context menu item: Parse with LeechGet - file://E:\LeechGet 2005\\Parser.html
O8 - Extra context menu item: Similar Pages - res://D:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://D:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Send Sms - {12344678-1234-1234-1234-1234567890ab} - F:\FlashSms\FlashSms.EXE (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - D:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: PICgrabber - {4964E240-D53C-11D5-BDA9-444553540000} - E:\PICGRABBER.EXE (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: PICgrabber - Movie&Image Search/Download Software - {4964E240-D53C-11D5-BDA9-444553540000} - E:\PICGRABBER.EXE (file missing) (HKCU)
O12 - Plugin for .mp3: D:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for .spop: D:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O12 - Plugin for τε: D:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1128061646911
O17 - HKLM\System\CCS\Services\Tcpip\..\{A1036994-4BD1-4E3A-9F4E-7944063D483D}: NameServer = 202.56.215.6,202.56.230.6
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - D:\WINDOWS\system32\pctspk.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - D:\Program Files\Sygate\SPF\smc.exe

BC AdBot (Login to Remove)

 


#2 AJT

AJT
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:08:33 AM

Posted 21 December 2005 - 01:00 PM

Hi i'm new to this forum and need help with the following problem.
I have performed a system scan using Hijackthis version 1.99.1 and have saved the log file in notepad. This is first time I have used Hijackthis and as recommended by download.com am asking expert advice on what I should delete.

The following details might help:-

My computer seems to have been infected by a variety of adware/spyware/malware ever since i started downloading things with my DSL broadband connection. I earlier had dial-up connection and never faced any problems.

The main/obvious problems are that my IE homepage seems to have been hijacked, I get repeated suspicious offers to clean my computer of spyware (for example a ticker rolling across the top of the screen), whenever i search using google or googletoolbar a window of some suspicious websearch program pops up alongside google search results, I get random pop-ups (pop-up blockers dont seem to work on them) asking me to go to random sites(free songs, cheap shopping, second-hand electric guitars on sale etc etc).I also get the feeling there is a program trying to find my passwords, login ID's, usernames etc and keeping track of my online history. No concrete proof of that-just a feeling- and the fact that when i checked my privacy/security settings all options for saving profiles, saving passwords, autofill entries etc were turned on. I NEVER keep these options on, I didn't change them, and no one uses this computer except me-there is no question of a family member/friend/colleague changing settings. Also in Control Panel , in Add/Remove programs list there is something called 'Home Search Assistent'. I did not install it/download it and cannot remove it. Sometimes when the computer is idle for a while (say like when I am waiting for something to download ) the cursor starts moving on its own and opening applications like calculator, MS-Paint, and sometimes even a game like Civilization 3 or Chessmaster9000. At times it even goes to Run (in start menu)
and starts pinging something or the other. I have been having these problems for 5-6 weeks.


What I have already tried -----------------Net result/effect

AVG Anti-Virus Free ------------------------Useless
Spybot-Search and Destroy ---------------Ineffective
Xoftspy --------------------------------------Toothless
Ad-Aware SE Personal ---------------------Waste of time
sygate personal firewall --------------------Doesn't work

All of them seem to detect approximately the same thing/same number of things, go on to delete/heal/quarantine them and then- nothing.Back to square one. (Incidentally all of the above programs are updated).


I use these web browsers:- Mozilla Firefox v1.0.7 and Internet Explorer version 6.

I would be really greatfull for your help. Thanks in advance.



Logfile of HijackThis v1.99.1
Scan saved at 6:38:46 PM, on 12/21/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\System32\RunDll32.exe
D:\Program Files\Winamp\Winampa.exe
D:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
D:\WINDOWS\System32\taskswitch.exe
D:\WINDOWS\System32\fast.exe
D:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
F:\RAM Idle\RAM_XP.exe
D:\DOCUME~1\ARJITP~1\LOCALS~1\Temp\A.tmp.exe
D:\DOCUME~1\ARJITP~1\LOCALS~1\Temp\B.tmp.exe
D:\Program Files\Messenger\msmsgs.exe
D:\WINDOWS\System32\ctfmon.exe
E:\LeechGet 2005\LeechGet.exe
D:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
D:\Program Files\WinZip\WZQKPICK.EXE
D:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
D:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
D:\WINDOWS\FSScrCtl.exe
D:\WINDOWS\system32\pctspk.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\System32\Fast.exe
F:\mis\secretmaker.exe
D:\WINDOWS\System32\wuauclt.exe
C:\unzipped\firefox.exe
D:\WINDOWS\System32\wuauclt.exe
C:\unzipped\hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Class - {55F4BD18-058D-347C-8E7D-A8A1A3B788F3} - D:\WINDOWS\system32\winbg.dll
O2 - BHO: Class - {7B55DFC8-04ED-D77B-9AAD-79F8010DCB30} - D:\WINDOWS\system32\ipoz.dll
O2 - BHO: IeHelper Class - {A491D208-B353-490F-B81A-A8A3DC97042D} - "D:\WINDOWS\System32\smiehlp.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\program files\google\googletoolbar1.dll
O2 - BHO: Class - {F6FA4846-407B-1704-55C6-49034869A8A2} - D:\WINDOWS\javajy32.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.dll,CMICtrlWnd
O4 - HKLM\..\Run: [WinampAgent] "D:\Program Files\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [LVCOMS] D:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
O4 - HKLM\..\Run: [BackgroundSwitcher] D:\WINDOWS\System32\bgswitch.exe
O4 - HKLM\..\Run: [CoolSwitch] D:\WINDOWS\System32\taskswitch.exe
O4 - HKLM\..\Run: [FastUser] D:\WINDOWS\System32\fast.exe
O4 - HKLM\..\Run: [Renovate] D:\WINDOWS\System32\Renovate.exe
O4 - HKLM\..\Run: [AVG7_CC] D:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [RAM Idle Professional] F:\RAM Idle\RAM_XP.exe
O4 - HKLM\..\Run: [SmcService] D:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [apigm32.exe] D:\WINDOWS\system32\apigm32.exe
O4 - HKLM\..\Run: [A.tmp] D:\DOCUME~1\ARJITP~1\LOCALS~1\Temp\A.tmp.exe
O4 - HKLM\..\Run: [B.tmp] D:\DOCUME~1\ARJITP~1\LOCALS~1\Temp\B.tmp.exe
O4 - HKLM\..\Run: [apicy32.exe] D:\WINDOWS\apicy32.exe
O4 - HKLM\..\Run: [A.tmp.exe] D:\DOCUME~1\ARJITP~1\LOCALS~1\Temp\A.tmp.exe
O4 - HKLM\..\Run: [B.tmp.exe] D:\DOCUME~1\ARJITP~1\LOCALS~1\Temp\B.tmp.exe
O4 - HKLM\..\Run: [d3yc.exe] D:\WINDOWS\system32\d3yc.exe
O4 - HKLM\..\Run: [syslt.exe] D:\WINDOWS\syslt.exe
O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [LeechGet] "E:\LeechGet 2005\LeechGet.exe" -intray
O4 - Startup: Screen Saver Control.lnk = D:\WINDOWS\FSScrCtl.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: WinZip Quick Pick.lnk = D:\Program Files\WinZip\WZQKPICK.EXE
O4 - Global Startup: SECRETMAKER.lnk = F:\mis\secretmaker.exe
O8 - Extra context menu item: &Google Search - res://D:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://D:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://D:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://D:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Download using LeechGet - file://E:\LeechGet 2005\\AddUrl.html
O8 - Extra context menu item: Download using LeechGet Wizard - file://E:\LeechGet 2005\\Wizard.html
O8 - Extra context menu item: Parse with LeechGet - file://E:\LeechGet 2005\\Parser.html
O8 - Extra context menu item: Similar Pages - res://D:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://D:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Send Sms - {12344678-1234-1234-1234-1234567890ab} - F:\FlashSms\FlashSms.EXE (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - D:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: PICgrabber - {4964E240-D53C-11D5-BDA9-444553540000} - E:\PICGRABBER.EXE (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: PICgrabber - Movie&Image Search/Download Software - {4964E240-D53C-11D5-BDA9-444553540000} - E:\PICGRABBER.EXE (file missing) (HKCU)
O12 - Plugin for .mp3: D:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for .spop: D:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O12 - Plugin for τε: D:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1128061646911
O17 - HKLM\System\CCS\Services\Tcpip\..\{A1036994-4BD1-4E3A-9F4E-7944063D483D}: NameServer = 202.56.215.6,202.56.230.6
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - D:\WINDOWS\system32\pctspk.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - D:\Program Files\Sygate\SPF\smc.exe

#3 MFDnSC

MFDnSC

    Ret. Director I/T


  • Members
  • 4,310 posts
  • OFFLINE
  •  
  • Local time:10:03 PM

Posted 21 December 2005 - 02:40 PM

DownLoad http://www.intermute.com/spysubtract/cwshr...r_download.html
Close all browser windows,UnZip the file, click on the cwshredder.exe then click "Fix"



Download the trial version of Ewido Security Suite http://www.ewido.net/en/download/ (W2K/XP Only)
· Install ewido.
· During the installation, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
· Launch ewido
· It will prompt you to update click the OK button and it will go to the main screen
· On the left side of the main screen click update
· Click on Start and let it update.
· DO NOT run a scan yet. You will do that later in safe mode.

Restart your computer into safe mode now. Perform the following steps in safe mode:
(Start tapping F8 at the first black screen after power up)

Run Ewido:
· Click on scanner
· Click Complete System Scan and the scan will begin.
· During the scan it will prompt you to clean files, click OK
· When the scan is finished, look at the bottom of the screen and click the Save report button.
· Save the report to your C: Drive
This will take some time to run!
Boot to normal mode
Post that log and a new HiJack log
"Nothing could be finer than to be in South Carolina ............"

Member ASAP




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users