Problem to remove Spyware [RESOLVED]

Need a geek? Geeks to Go offers free, quality tech support -- in terms anyone can understand. Volunteers are waiting to help, friendly, technology experts who have knowledge to share, and enjoy helping others. Feel free to browse the site as a guest. However, you must log in to reply to existing topics, or to start a new topic of your own. Other benefits of joining include richer forum features, and removal of all advertising. Learn more in our Welcome Guide Infected? Malware and Spyware Cleaning Guide. What are you waiting for? Click here to join for free today!

> Geeks to Go! » Security » Virus, Spyware and Trojan Removal

Problem to remove Spyware [RESOLVED]

Options

Popadija58 View Member Profile	May 6 2006, 06:55 PM Post #1
Member Posts: 41 OS: xp	Hi everyone, I am here for the first time and hope you can help me to solve big problem. I have infected computer (don't know how but is infected) and every time going to Internet insted of my home page coming up: about/blank then going to unwanted page /www.guarduptodate.com/. I scan computer with many of programs: my antivirus TrendMicro PC Cillin, with SpiBot, Ewido Malware... None of them can clean infection. AV just noticed spyware and said that infected folder is: windows\system32\winrnt.dll but I cannot delete that folder. Another thinks is that I cannot open Search option - going to Start and there not Search as use to be. Finaly I scan with HijackThis and have: Logfile of HijackThis v1.99.1 Scan saved at 10:54:02 AM, on 5/7/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe C:\Program Files\ewido anti-malware\ewidoctrl.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe C:\Program Files\CyberLink\Shared Files\RichVideo.exe C:\WINDOWS\system32\svchost.exe C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe C:\WINDOWS\system32\wdfmgr.exe C:\WINDOWS\system32\UAService7.exe C:\WINDOWS\kf67rid3.exe C:\Program Files\Innovative Solutions\Advanced Uninstaller PRO 2006 version 7\monitor.exe C:\Program Files\UnHackMe\hackmon.exe C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe C:\PROGRA~1\TRENDM~1\INTERN~1\PccGuide.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\system32\wuauclt.exe C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe C:\DOCUME~1\user\LOCALS~1\Temp\services.exe C:\DOCUME~1\user\LOCALS~1\Temp\services.exe C:\DOCUME~1\user\LOCALS~1\Temp\services.exe C:\DOCUME~1\user\LOCALS~1\Temp\services.exe C:\DOCUME~1\user\LOCALS~1\Temp\services.exe C:\DOCUME~1\user\LOCALS~1\Temp\services.exe C:\DOCUME~1\user\LOCALS~1\Temp\services.exe C:\DOCUME~1\user\LOCALS~1\Temp\services.exe C:\DOCUME~1\user\LOCALS~1\Temp\services.exe C:\Program Files\Spyware Doctor\sdhelp.exe C:\Program Files\Spyware Doctor\swdoctor.exe C:\WINDOWS\system32\atmclk.exe C:\WINDOWS\system32\dcomcfg.exe C:\WINDOWS\explorer.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = google.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.iprimus.com.au R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = google.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.b92.net/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by iPrimus O2 - BHO: (no name) - {b0398eca-0bcd-4645-8261-5e9dc70248d0} - C:\WINDOWS\system32\hpB2BB.tmp O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [SpyStopperPro] C:\Program Files\SpyStopper Pro\ssp.exe O4 - HKCU\..\Run: [Advanced Uninstaller PRO Installation Monitor] "C:\Program Files\Innovative Solutions\Advanced Uninstaller PRO 2006 version 7\monitor.exe" O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: &Save Flash In This Page by Flash Saver - C:\PROGRA~1\Flash saver\save.htm O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\Spyware Doctor\tools\iesdpb.dll O14 - IERESET.INF: START_PAGE_URL=http://www.iprimus.com.au O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} - https://signup.msn.com/pages/MsnInstC.cab O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} - http://download.ewido.net/ewidoOnlineScan.cab O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe Also use Smithfraud Fix and have this: SmitFraudFix v2.40 Scan done at 10:28:44.98, Sun 05/07/2006 Run from C:\Documents and Settings\user\Desktop\SmitfraudFix OS: Microsoft Windows XP [Version 5.1.2600] 换换换换换换换换换换换换 C:\ 换换换换换换换换换换换换 C:\WINDOWS 换换换换换换换换换换换换 C:\WINDOWS\system 换换换换换换换换换换换换 C:\WINDOWS\Web 换换换换换换换换换换换换 C:\WINDOWS\system32 C:\WINDOWS\system32\atmclk.exe FOUND ! C:\WINDOWS\system32\dcomcfg.exe FOUND ! C:\WINDOWS\system32\hp????.tmp FOUND ! C:\WINDOWS\system32\ld????.tmp FOUND ! C:\WINDOWS\system32\reglogs.dll FOUND ! C:\WINDOWS\system32\stdole3.tlb FOUND ! C:\WINDOWS\system32\1024\ FOUND ! 换换换换换换换换换换换换 C:\WINDOWS\system32\LogFiles 换换换换换换换换换换换换 C:\Documents and Settings\user\Application Data 换换换换换换换换换换换换 Start Menu 换换换换换换换换换换换换 C:\DOCUME~1\user\FAVORI~1 换换换换换换换换换换换换 Desktop 换换换换换换换换换换换换 C:\Program Files 换换换换换换换换换换换换 Corrupted keys 换换换换换换换换换换换换 Desktop Components [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0] "Source"="About:Home" "SubscribedURL"="About:Home" "FriendlyName"="My Current Home Page" 换换换换换换换换换换换换 Sharedtaskscheduler !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler] "{35a88e51-b53d-43e9-b8a7-75d4c31b4676}"="Register LogWare" [HKEY_CLASSES_ROOT\CLSID\{35a88e51-b53d-43e9-b8a7-75d4c31b4676}\InProcServer32] @="C:\WINDOWS\system32\reglogs.dll" [HKEY_CURRENT_USER\Software\Classes\CLSID\{35a88e51-b53d-43e9-b8a7-75d4c31b4676}\InProcServer32] @="C:\WINDOWS\system32\reglogs.dll" 换换换换换换换换换换换换 Scanning wininet.dll infection 换换换换换换换换换换换换 End After all I have no idea how to get rid of buster. Please help me.

Replies

RiP View Member Profile	May 20 2006, 11:05 PM Post #2
Malware Expert Posts: 8,429 From: Omaha, Nebraska U.S.A OS: Windows XP Professional/Windows Vista Ultimate x64/x86	Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread. Everyone else please begin a New Topic.

Posts in this topic

Popadija58 Problem to remove Spyware [RESOLVED] May 6 2006, 06:55 PM

__RiP_ChAiN_ Hello, Popadija58. You should print out these ins... May 6 2006, 09:04 PM

Popadija58 __RiP_ChAiN_ You're legend. Folowing your ins... May 7 2006, 11:14 PM

__RiP_ChAiN_ Hello, Popadija58. Please read this post complete... May 8 2006, 04:23 AM

Popadija58 __RiP_ChAiN_ I cannot update my Ewido Malware 3.5... May 8 2006, 02:41 PM

__RiP_ChAiN_ Hello, Popadija58. Try this link: ewido manual up... May 8 2006, 03:50 PM

Popadija58 __RiP_ChAiN_ Here's your requirements: 1. ... May 9 2006, 05:01 AM

__RiP_ChAiN_ Hello, Popadija58. Please download WebRoot SpySwe... May 9 2006, 02:54 PM

Popadija58 Hi __RiP_ChAiN_ Here's my latest doing of you... May 10 2006, 04:15 AM

__RiP_ChAiN_ Hello, Popadija58. Open notepad and copy (Ctrl C)... May 10 2006, 01:58 PM

Popadija58 You're legend, Here's my contents: 1. L... May 11 2006, 02:31 AM

__RiP_ChAiN_ Hello, Popadija58. Your HijackThis log is now cle... May 11 2006, 04:57 PM

Popadija58 NO! Thank you very much! May 11 2006, 05:22 PM

__RiP_ChAiN_ Hello, Popadija58. I'm glad to hear it! ... May 11 2006, 05:29 PM

__RiP_ChAiN_ Since this issue appears to be resolved ... this T... May 20 2006, 11:05 PM

« Next Oldest · Virus, Spyware and Trojan Removal · Next Newest »

1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)

0 Members:

Topic Title	Replies / Views	Topic Information
Virus, Spyware and Trojan Removal How to remove popups. [RESOLVED]	15 / 1,415	20th May 2006 - 10:55 PM Matador8 started - last by RiP
Virus, Spyware and Trojan Removal Trying to remove oinadserver [RESOLVED]	19 / 2,790	19th June 2006 - 04:56 PM Mr. T started - last by RiP
Virus, Spyware and Trojan Removal unable to remove spyware [RESOLVED]	8 / 1,370	15th August 2006 - 05:53 PM nicolak started - last by therock247uk
Virus, Spyware and Trojan Removal Unable to remove spyware/malware [RESOLVED]	17 / 3,145	12th October 2008 - 09:31 AM metalhead75 started - last by fenzodahl512