my friend has some spyware and trojans, I think I got them but am not sure. I did get some of the ###### off the hijackthis log, but I don't know if there is any more stuff I need to delete.
ogfile of HijackThis v1.99.1
Scan saved at 12:24:07 PM, on 5/30/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Trend Micro\PC-cillin 2000\Pop3trap.exe
C:\Program Files\Trend Micro\PC-cillin 2000\WebTrapNT.exe
C:\program files\support.com\client\bin\tgcmd.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\LiveUpdate\LiveUpdate.exe
C:\Program Files\PowerPanel\Program\PcfMgr.exe
C:\Program Files\Sony\VAIO Action Setup\VAServ.exe
C:\Program Files\Linksys\Wireless-B Notebook Adapter\WPC11Cfg.exe
C:\Program Files\PCPhone\PCPhone.exe
C:\Program Files\OLYMPUS\DeviceDetector\DevDtct2.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\System32\PackethSvc.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\PC-cillin 2000\Tmntsrv.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\YAHOO!\COMPAN~1\INSTALLS\cpn\ycomp5_3_12_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\YAHOO!\COMPAN~1\INSTALLS\cpn\ycomp5_3_12_0.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [Pop3trap.exe] "C:\Program Files\Trend Micro\PC-cillin 2000\Pop3trap.exe"
O4 - HKLM\..\Run: [WebTrapNT.exe] "C:\Program Files\Trend Micro\PC-cillin 2000\WebTrapNT.exe"
O4 - HKLM\..\Run: [ZTgServerSwitch] c:\program files\support.com\client\bin\tgcmd.exe /server
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [AIM] F:\Program Files\AIM95\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [BTCLiveUpdate] "C:\Program Files\LiveUpdate\LiveUpdate.exe" /autostart
O4 - Global Startup: PowerPanel.lnk = ?
O4 - Global Startup: VAIO Action Setup (Server).lnk = ?
O4 - Global Startup: Wireless-B Notebook Adapter Utility.lnk = C:\Program Files\Linksys\Wireless-B Notebook Adapter\WPC11Cfg.exe
O4 - Global Startup: PCPhone.lnk = C:\Program Files\PCPhone\PCPhone.exe
O4 - Global Startup: Device Detector 2.lnk = C:\Program Files\OLYMPUS\DeviceDetector\DevDtct2.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540006} (CInstall Class) - http://www.errorguard.com/installation/Install.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Virtual NIC Service (PackethSvc) - America Online, Inc. - C:\WINDOWS\System32\PackethSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Inc. - C:\Program Files\Trend Micro\PC-cillin 2000\Tmntsrv.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
also, the cursor is weird. instead of the |, it has a black square box that covers about 2-3 letters.
Thanks for your help!
Full Version: friends hijackthis log
Get Paid Forum - Get Paid Discussion > Internet & Online Business Related General Interest Topics (Miscellaneous) > Internet & Computer Related Topics
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540006} (CInstall Class) - http://www.errorguard.com/installation/Install.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab
I think theese are something like spyware,because they are sites that seems to be against virus and co..but is all a fake..
I think the best thing he can do is to uninstall the current antivirus and install the Norton Internet Security 2005, update it until no more updates are available and run a full system scan under Windows Safe mode (pushing F8 key while booting).
Then go to http://v5.windowsupdate.microsoft.com and perform all updates of windows and try some spyware removal as SpyBot S&D AND Ad-Aware.
I work in a computer shop, I do theese things every day and no computer comes back with a virus!
See you!
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab
I think theese are something like spyware,because they are sites that seems to be against virus and co..but is all a fake..
I think the best thing he can do is to uninstall the current antivirus and install the Norton Internet Security 2005, update it until no more updates are available and run a full system scan under Windows Safe mode (pushing F8 key while booting).
Then go to http://v5.windowsupdate.microsoft.com and perform all updates of windows and try some spyware removal as SpyBot S&D AND Ad-Aware.
I work in a computer shop, I do theese things every day and no computer comes back with a virus!
See you!
I found some spyware. A better internet, webrebates, ie plugin, twain tech. I tried dl'ing proggy that promised free scan and to rid it. grrrrr-----only free dl; in order to get rid of it, purchase required.
I had spybot on here, and he must have deleted it. Grrr.
back to downloads again!
Thanks for your help.
I had spybot on here, and he must have deleted it. Grrr.
back to downloads again!Thanks for your help.
Get avast, that's free.
will Avast get rid of these specific ones mentioned above? Along with coolwebsearch, but I do know how to get rid of that one.
Avast is an very good antivirus and runs quite nice and is setup different then most regular antivirus.
I am not sure if it is able to remove all stuff (some might need microsoft antispyware, spybot search and destroy, adaware).
Be also safe and have an firewall on your computer, there are many good ones like sygate personal firewall.
I would not recommend zonelabs alarm anymore as it has been reported numerous times that this firewall is responsible for more instability on windows computers.
Anyway you might also try starting the computer in safe mode (press F8 key before the loading screen with the windows logo appears) and run some scan tools from there as sometimes those virus and malware might have certain switches build in to prevent their removal on any normal way.
hope this helps you out
I am not sure if it is able to remove all stuff (some might need microsoft antispyware, spybot search and destroy, adaware).
Be also safe and have an firewall on your computer, there are many good ones like sygate personal firewall.
I would not recommend zonelabs alarm anymore as it has been reported numerous times that this firewall is responsible for more instability on windows computers.
Anyway you might also try starting the computer in safe mode (press F8 key before the loading screen with the windows logo appears) and run some scan tools from there as sometimes those virus and malware might have certain switches build in to prevent their removal on any normal way.
hope this helps you out
ran everything in safe mode earlier. Come to find coolwebsearch is part of the mix too. At least i know how to get rid of that one. :|
Hoping to find some removal tools for the others, too.
Thanks!
Hoping to find some removal tools for the others, too.
Thanks!
This should be the removal tool for the coolwebsearch:
http://www.filesforfree.com/files/CWShredder.exe
This is the las version of spybot S&D (v 1.4 released 3 days ago)
http://hestiasn.cachefly.net/spybotsd14.exe
and this is the last version of adaware personal
ftp://ftp.download.com/pub/windows/aawsepersonal.exe
AVG is fast and free..but I always think Norton is better..
I hope I helped you.
http://www.filesforfree.com/files/CWShredder.exe
This is the las version of spybot S&D (v 1.4 released 3 days ago)
http://hestiasn.cachefly.net/spybotsd14.exe
and this is the last version of adaware personal
ftp://ftp.download.com/pub/windows/aawsepersonal.exe
AVG is fast and free..but I always think Norton is better..
I hope I helped you.
QUOTE(M3talG3ar @ May 30 2005, 09:19 PM)
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab
I think theese are something like spyware,because they are sites that seems to be against virus and co..but is all a fake..
[right][snapback]3597597[/snapback][/right]
I think theese are something like spyware,because they are sites that seems to be against virus and co..but is all a fake..
[right][snapback]3597597[/snapback][/right]
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.