Please help!
Spyware removal
Started by
atain
, Feb 07 2008 10:11 AM
#1
Posted 07 February 2008 - 10:11 AM
Please help!
#2
Posted 07 February 2008 - 12:02 PM
Hello atain
Welcome to G2Go.
=================
Do the following for the first machine then we will go on to the other one.
Please download Deckard's System Scanner (DSS) and save it to your Desktop.
Welcome to G2Go.
=================
Do the following for the first machine then we will go on to the other one.
Please download Deckard's System Scanner (DSS) and save it to your Desktop.
- Close all other windows before proceeding.
- Double-click on dss.exe and follow the prompts.
- When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.
#3
Posted 07 February 2008 - 01:51 PM
I tired running DSS but the program crashes... I tired renaming it and still crashes..
#4
Posted 07 February 2008 - 01:54 PM
I was able to get hijackthis to run by renaming it... Here is the log file
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINNT\system32\cisvc.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\hidserv.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Program Files\Microsoft SQL Server\MSSQL$ARRANGE\Binn\sqlservr.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\system32\UStorSrv.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Sharp\Sharpdesk\IndexTray.exe
C:\Program Files\Sharp\Sharpdesk\SharpTray.exe
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\Sharp\Sharpdesk\sdFTP.exe
C:\Novell\GroupWise\Notify.exe
C:\Program Files\Palm\Hotsync.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\PROGRA~1\Sharp\SHARPD~1\Indexer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
C:\WINNT\system32\cidaemon.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
J:\Apps\Spyware\HiJackThis_v2.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
Settings,ProxyOverride = localhost
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:
\Program Files\McAfee\VirusScan Enterprise\Scriptcl.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:
\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [QuickFinder Scheduler] "C:\Program Files\Corel
\WordPerfect Office 2002\Programs\QFSCHD100.EXE"
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM
\EM_EXEC.EXE
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files
\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [IndexTray] "C:\Program Files\Sharp\Sharpdesk
\IndexTray.exe"
O4 - HKLM\..\Run: [SharpTray] "C:\Program Files\Sharp\Sharpdesk
\SharpTray.exe"
O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE
\opware32.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes
\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime
\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD
\PDVDServ.exe"
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan
Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common
Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
"C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files
\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User
'Default user')
O4 - Global Startup: Start Network Scanner Tool.lnk = C:\Program Files
\Sharp\Sharpdesk\sdFTP.exe
O4 - Global Startup: GroupWise Notify.lnk = C:\Novell\GroupWise
\Notify.exe
O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = C:\Program Files\Palm
\Hotsync.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files
\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501}
- C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-
AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} -
C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-
a20b-00aa003c157a} - C:\WINNT\web\related.htm
O16 - DPF: {156BF4B7-AE3A-4365-BD88-95A75AF8F09D} (HPSDDX Class) -
http://www.hp.com/cp...ddObjSigned.cab
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) -
http://h20270.www2.h...staller_gmn.cab
O16 - DPF: {2C52AF58-B9B1-11D5-9DF6-00508B755B44} (AXClientUtil2
Control) - http://www.smartforc...ivex/AXClient...
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) -
http://www2.snapfish...fishActivia.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) -
http://software-dl.r...ip/RdxIE601.cab
O16 - DPF: {60EFC337-15C2-4369-B2A0-3429B071D8B8} (Hewlett-Packard
Printer Diagnostics) - http://ispe.sdc.hp.c...SWebManager.CAB
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class)
- http://update.micros...en/x86/client...
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload
Manager Class) - http://www.kodakgall..._1/axofupld.cab
O16 - DPF: {72C23FEC-3AF9-48FC-9597-241A8EBDFE0A} (InstallShield
International Setup Player) - http://ftp.hp.com/pu...er/isetupML.cab
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) -
http://a19.g.akamai....3123/cpbrkpie...
O16 - DPF: {E9348280-2D74-4933-BE25-73D946926795} (DeviceEnum Class) -
http://h20270.www2.h...cdetection3.cab
O16 - DPF: {F137B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin
Class) - http://cvs.pnimedia....upv2.0.0.10.cab?
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) -
http://www.gamespot....ownload/kdx.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = scs.edu
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = scs.edu
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = scs.edu
O20 - AppInit_DLLs: C:\WINNT\system32\cru629.dat
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-
B96B-00A0C90312E1} - C:\WINNT\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon -
{8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINNT
\System32\browseui.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:
\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) -
VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision
Corporation - C:\Program Files\Common Files\InstallShield\Driver
\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files
\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman
Kodak Company - C:\WINNT\system32\drivers\KodakCCS.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee,
Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program
Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:
\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: UStorage Server Service - OTi - C:\WINNT
\system32\UStorSrv.exe
--
End of file - 8077 bytes
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINNT\system32\cisvc.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\hidserv.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Program Files\Microsoft SQL Server\MSSQL$ARRANGE\Binn\sqlservr.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\system32\UStorSrv.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Sharp\Sharpdesk\IndexTray.exe
C:\Program Files\Sharp\Sharpdesk\SharpTray.exe
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\Sharp\Sharpdesk\sdFTP.exe
C:\Novell\GroupWise\Notify.exe
C:\Program Files\Palm\Hotsync.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\PROGRA~1\Sharp\SHARPD~1\Indexer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
C:\WINNT\system32\cidaemon.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
J:\Apps\Spyware\HiJackThis_v2.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
Settings,ProxyOverride = localhost
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:
\Program Files\McAfee\VirusScan Enterprise\Scriptcl.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:
\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [QuickFinder Scheduler] "C:\Program Files\Corel
\WordPerfect Office 2002\Programs\QFSCHD100.EXE"
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM
\EM_EXEC.EXE
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files
\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [IndexTray] "C:\Program Files\Sharp\Sharpdesk
\IndexTray.exe"
O4 - HKLM\..\Run: [SharpTray] "C:\Program Files\Sharp\Sharpdesk
\SharpTray.exe"
O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE
\opware32.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes
\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime
\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD
\PDVDServ.exe"
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan
Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common
Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
"C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files
\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User
'Default user')
O4 - Global Startup: Start Network Scanner Tool.lnk = C:\Program Files
\Sharp\Sharpdesk\sdFTP.exe
O4 - Global Startup: GroupWise Notify.lnk = C:\Novell\GroupWise
\Notify.exe
O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = C:\Program Files\Palm
\Hotsync.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files
\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501}
- C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-
AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} -
C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-
a20b-00aa003c157a} - C:\WINNT\web\related.htm
O16 - DPF: {156BF4B7-AE3A-4365-BD88-95A75AF8F09D} (HPSDDX Class) -
http://www.hp.com/cp...ddObjSigned.cab
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) -
http://h20270.www2.h...staller_gmn.cab
O16 - DPF: {2C52AF58-B9B1-11D5-9DF6-00508B755B44} (AXClientUtil2
Control) - http://www.smartforc...ivex/AXClient...
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) -
http://www2.snapfish...fishActivia.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) -
http://software-dl.r...ip/RdxIE601.cab
O16 - DPF: {60EFC337-15C2-4369-B2A0-3429B071D8B8} (Hewlett-Packard
Printer Diagnostics) - http://ispe.sdc.hp.c...SWebManager.CAB
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class)
- http://update.micros...en/x86/client...
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload
Manager Class) - http://www.kodakgall..._1/axofupld.cab
O16 - DPF: {72C23FEC-3AF9-48FC-9597-241A8EBDFE0A} (InstallShield
International Setup Player) - http://ftp.hp.com/pu...er/isetupML.cab
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) -
http://a19.g.akamai....3123/cpbrkpie...
O16 - DPF: {E9348280-2D74-4933-BE25-73D946926795} (DeviceEnum Class) -
http://h20270.www2.h...cdetection3.cab
O16 - DPF: {F137B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin
Class) - http://cvs.pnimedia....upv2.0.0.10.cab?
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) -
http://www.gamespot....ownload/kdx.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = scs.edu
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = scs.edu
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = scs.edu
O20 - AppInit_DLLs: C:\WINNT\system32\cru629.dat
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-
B96B-00A0C90312E1} - C:\WINNT\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon -
{8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINNT
\System32\browseui.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:
\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) -
VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision
Corporation - C:\Program Files\Common Files\InstallShield\Driver
\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files
\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman
Kodak Company - C:\WINNT\system32\drivers\KodakCCS.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee,
Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program
Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:
\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: UStorage Server Service - OTi - C:\WINNT
\system32\UStorSrv.exe
--
End of file - 8077 bytes
#5
Posted 07 February 2008 - 05:24 PM
Download ComboFix from one of the locations below, and save it to your Desktop.
Double click combofix.exe and follow the prompts. Please, never rename Combofix unless instructed.
When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
Note: Do not mouseclick combofix's window while its running. That may cause it to stall
Double click combofix.exe and follow the prompts. Please, never rename Combofix unless instructed.
When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
Note: Do not mouseclick combofix's window while its running. That may cause it to stall
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users