Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Help! My computer is screwed up

Started by sarah00201 , Aug 19 2004 02:18 PM

  • Please log in to reply

#1
sarah00201
Posted 19 August 2004 - 02:18 PM

sarah00201

    New Member

  • Member
  • Pip
  • 8 posts
Help me please! My computer has spyware, adware and it keeps coming up with the same trojan virus and none of it will go away! I have used Spybot and AdAware and Norton Antivirus and removed what they find. Everytime I turn my computer back on it is all there again! Also, today my computer kept rebooting on its own. I have found some of the adware and spyware in my Add/Remove Programs and one of them I can't uninstall...everytime I click on it my computer restarts! I am so annoyed. My dad has tried to help and we just don't know what to do. Can you guys help me? I would appreciate it sooo much!
  • 0

Advertisements

#2
Smokey
Posted 19 August 2004 - 03:54 PM

Smokey

    Member 1K

  • Retired Staff
  • 1,423 posts
Welcome to GTG sarah00201 <_<

Your computer has a number of spyware programs that we need to remove. For more info on spyware see the Spyware FAQ link in my signature.

Let's start with a couple free programs.

Ad-aware. Open Ad-Aware and use the Check for updates now link. Download and accept the latest reference file. When finished click the Start button. When done scanning, the Abort button will change to Next. Click the Next button. Right-click in the Scanning Results window and click "Select all objects". Then click the "Next" button and confirm that you want to delete the selected entries.

Spybot Search & Destroy Download and install. Start Spybot S&D using the "Spybot-S&D (easy mode)" link from your Start menu . Click the Search for updates button, if any are found then click the Download Updates button. After all updates are downloaded, click the Check for problems button. When the scan is complete, place a check next to anything marked in red, then click the Fix selected problems button. You may need to run Spybot S&D multiple times to remove all infections.

When finished, Reboot your computer. Finally, reply to this post with a new HiJackThis log so we can look for any nasties that may have been missed. :D

CLICK HERE to download Ad-aware
CLICK HERE to download Spybot S&D
  • 0

#3
sarah00201
Posted 20 August 2004 - 10:11 AM

sarah00201

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Hey. I am at work right now so I cannot send you my HijackThis log until I get home. I will do so ASAP. Also, I have already used Spybot and Ad-Aware and everything just keeps coming back. I have been using those programs for quite some time and they just don't fix anything. They remove what they find and then when I reboot my computer or run a scan later on, the same things are there again! Why do they keep coming back? I will send you my log later today.
  • 0

#4
sarah00201
Posted 20 August 2004 - 02:31 PM

sarah00201

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Here is my HiJack This Log.

Logfile of HijackThis v1.98.1
Scan saved at 4:25:34 PM, on 8/20/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\HPConfig.exe
C:\Program Files\Hewlett-Packard\HP Notebook Utilities\HPWirelessMgr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Belkin Bulldog Plus\upsd.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\atiptaxx.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Notebook Utilities\hptasks.exe
C:\PROGRA~1\HEWLET~1\ONE-TO~1\OneTouch.EXE
C:\windows\system\hpsysdrv.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\TWAIN_32\SiPix\SC-2300\SC23Exec.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
C:\Program Files\Winamp3\winampa.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\carpserv.exe
C:\WINDOWS\gmjry.exe
C:\WINDOWS\iepyeadn.exe
C:\WINDOWS\hmbrqq.exe
C:\WINDOWS\olwzkaytp.exe
C:\WINDOWS\yjaw.exe
C:\WINDOWS\tbkfhvdgw.exe
C:\WINDOWS\jhlxpn.exe
C:\WINDOWS\fnmt.exe
C:\WINDOWS\kdecfkp.exe
C:\WINDOWS\hrwxve.exe
C:\WINDOWS\ijpmwvzhx.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\AIM\aim.exe
C:\Program Files\D-Link\AirPlus G Wireless Adapter Utility\AirPlus.exe
C:\Program Files\Belkin Bulldog Plus\MUPS.exe
C:\WINDOWS\TWAIN_32\SiPix\SC-2300\SC23CamC.exe
C:\Program Files\Symantec\LiveUpdate\AUpdate.exe
C:\Program Files\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us4nb.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ucf.edu/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;http://localhost;
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: jimmyhelp.CBrowserHelper - {C97C5E27-19F8-4145-8E84-4700408CD930} - C:\WINDOWS\jjsmca.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.1629.0\en-us\msntb.dll
O3 - Toolbar: (no name) - {BDF6CE3D-F5C5-4462-9814-3C8EAC330CA8} - (no file)
O3 - Toolbar: 411 Ferret Toolbar - {12F02779-6D88-4958-8AD3-83C12D86ADC7} - C:\Program Files\411Ferret\toolbar.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [HP TV Now] C:\Program Files\Hewlett-Packard\HP TV Now\HpTvNow.exe /RK
O4 - HKLM\..\Run: [HP Display Settings] C:\Program Files\Hewlett-Packard\HP Notebook Utilities\hptasks.exe /s
O4 - HKLM\..\Run: [PreloadApp] c:\hp\drivers\printers\photosmart\hphprld.exe c:\hp\drivers\printers\photosmart\setup.exe -d
O4 - HKLM\..\Run: [QT4HPOT] C:\PROGRA~1\HEWLET~1\ONE-TO~1\OneTouch.EXE
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [SC2300CamCheck] C:\WINDOWS\TWAIN_32\SiPix\SC-2300\SC23Exec.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp3\winampa.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [Spyware remover] C:\WINDOWS\Remove_spyware.exe
O4 - HKLM\..\Run: [ugsdyvg] C:\WINDOWS\gmjry.exe
O4 - HKLM\..\Run: [gkze] C:\WINDOWS\iepyeadn.exe
O4 - HKLM\..\Run: [rccrvw] C:\WINDOWS\hmbrqq.exe
O4 - HKLM\..\Run: [dzpjmg] C:\WINDOWS\olwzkaytp.exe
O4 - HKLM\..\Run: [cdxtwbqig] C:\WINDOWS\yjaw.exe
O4 - HKLM\..\Run: [whecd] C:\WINDOWS\tbkfhvdgw.exe
O4 - HKLM\..\Run: [xvmxzq] C:\WINDOWS\jhlxpn.exe
O4 - HKLM\..\Run: [yygkzp] C:\WINDOWS\fnmt.exe
O4 - HKLM\..\Run: [uzddt] C:\WINDOWS\kdecfkp.exe
O4 - HKLM\..\Run: [ayte] C:\WINDOWS\hrwxve.exe
O4 - HKLM\..\Run: [ooksoev] C:\WINDOWS\ijpmwvzhx.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - Global Startup: D-Link AirPlus G Wireless Utility.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: MUPS.lnk = C:\Program Files\Belkin Bulldog Plus\MUPS.exe
O8 - Extra context menu item: &411 Ferret Toolbar search - res://C:\Program Files\411Ferret\toolbar.dll/SEARCH.HTML
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com/info/e-center-p
O16 - DPF: {E0CE16CB-741C-4B24-8D04-A817856E07F4} - http://cabs.media-mo...t/cabs/mmed.cab


I hope this helps! <_<
  • 0

#5
admin
Posted 21 August 2004 - 01:47 PM

admin

    Founder Geek

  • Community Leader
  • 24,639 posts
Please go offline, close all browsers and any open Windows, making sure that only HijackThis is open. Scan and when it finishes, put an X in the boxes, only next to these following items, then click fix checked.
O2 - BHO: jimmyhelp.CBrowserHelper - {C97C5E27-19F8-4145-8E84-4700408CD930} - C:\WINDOWS\jjsmca.dll
O3 - Toolbar: (no name) - {BDF6CE3D-F5C5-4462-9814-3C8EAC330CA8} - (no file)
O3 - Toolbar: 411 Ferret Toolbar - {12F02779-6D88-4958-8AD3-83C12D86ADC7} - C:\Program Files\411Ferret\toolbar.dll
O4 - HKLM\..\Run: [Spyware remover] C:\WINDOWS\Remove_spyware.exe
O4 - HKLM\..\Run: [ugsdyvg] C:\WINDOWS\gmjry.exe
O4 - HKLM\..\Run: [gkze] C:\WINDOWS\iepyeadn.exe
O4 - HKLM\..\Run: [rccrvw] C:\WINDOWS\hmbrqq.exe
O4 - HKLM\..\Run: [dzpjmg] C:\WINDOWS\olwzkaytp.exe
O4 - HKLM\..\Run: [cdxtwbqig] C:\WINDOWS\yjaw.exe
O4 - HKLM\..\Run: [whecd] C:\WINDOWS\tbkfhvdgw.exe
O4 - HKLM\..\Run: [xvmxzq] C:\WINDOWS\jhlxpn.exe
O4 - HKLM\..\Run: [yygkzp] C:\WINDOWS\fnmt.exe
O4 - HKLM\..\Run: [uzddt] C:\WINDOWS\kdecfkp.exe
O4 - HKLM\..\Run: [ayte] C:\WINDOWS\hrwxve.exe
O4 - HKLM\..\Run: [ooksoev] C:\WINDOWS\ijpmwvzhx.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O16 - DPF: {E0CE16CB-741C-4B24-8D04-A817856E07F4} - http://cabs.media-mo...t/cabs/mmed.cab

Reboot in safe mode (by tapping F8 at startup and select safe mode from the menu).
Be sure you're able to view hidden files, and remove the following files in bold (if found):
C:\WINDOWS\jjsmca.dll
C:\Program Files\411Ferret\toolbar.dll
C:\WINDOWS\Remove_spyware.exe
C:\WINDOWS\gmjry.exe
C:\WINDOWS\iepyeadn.exe
C:\WINDOWS\hmbrqq.exe
C:\WINDOWS\olwzkaytp.exe
C:\WINDOWS\yjaw.exe
C:\WINDOWS\tbkfhvdgw.exe
C:\WINDOWS\jhlxpn.exe
C:\WINDOWS\fnmt.exe
C:\WINDOWS\kdecfkp.exe
C:\WINDOWS\hrwxve.exe
C:\WINDOWS\ijpmwvzhx.exe

Reboot your PC.

If you would please, rescan with HijackThis and post a fresh log, and let us know how your system's working. <_<
  • 0

#6
sarah00201
Posted 22 August 2004 - 02:41 PM

sarah00201

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Here is my new log. I have done all that you told me to and my computer is still getting tons of pop-ups and AdAware and SpyBot are still finding things. Also, every now and then my Internet Explorer says that it cannot find the server but my internet connection is fine. Please help! My computer is sooo messed up. It seems like everytime I reboot my computer it all comes back. Also, on my Add/Remove Programs I have this program called ShopAtHome Agent and whenever I say to remove it, my computer reboots. Am I ever going to be able to get rid of this stuff?

Logfile of HijackThis v1.98.1
Scan saved at 4:35:52 PM, on 8/22/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\HPConfig.exe
C:\Program Files\Hewlett-Packard\HP Notebook Utilities\HPWirelessMgr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Belkin Bulldog Plus\upsd.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\atiptaxx.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Notebook Utilities\hptasks.exe
C:\PROGRA~1\HEWLET~1\ONE-TO~1\OneTouch.EXE
C:\windows\system\hpsysdrv.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\TWAIN_32\SiPix\SC-2300\SC23Exec.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
C:\Program Files\Winamp3\winampa.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\carpserv.exe
C:\WINDOWS\efuqkckev.exe
C:\WINDOWS\kgkmqgsy.exe
C:\WINDOWS\fwkwgfmw.exe
C:\WINDOWS\knusu.exe
C:\WINDOWS\lqtzp.exe
C:\WINDOWS\fgfwcavd.exe
C:\WINDOWS\yylbyhkjs.exe
C:\WINDOWS\hubpzf.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\AIM\aim.exe
C:\Program Files\Belkin Bulldog Plus\MUPS.exe
C:\WINDOWS\TWAIN_32\SiPix\SC-2300\SC23CamC.exe
C:\Program Files\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us4nb.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ucf.edu/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;http://localhost;
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.1629.0\en-us\msntb.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [HP TV Now] C:\Program Files\Hewlett-Packard\HP TV Now\HpTvNow.exe /RK
O4 - HKLM\..\Run: [HP Display Settings] C:\Program Files\Hewlett-Packard\HP Notebook Utilities\hptasks.exe /s
O4 - HKLM\..\Run: [PreloadApp] c:\hp\drivers\printers\photosmart\hphprld.exe c:\hp\drivers\printers\photosmart\setup.exe -d
O4 - HKLM\..\Run: [QT4HPOT] C:\PROGRA~1\HEWLET~1\ONE-TO~1\OneTouch.EXE
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [SC2300CamCheck] C:\WINDOWS\TWAIN_32\SiPix\SC-2300\SC23Exec.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp3\winampa.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [fflmp] C:\WINDOWS\efuqkckev.exe
O4 - HKLM\..\Run: [yxxdd] C:\WINDOWS\kgkmqgsy.exe
O4 - HKLM\..\Run: [dpswgcebg] C:\WINDOWS\fwkwgfmw.exe
O4 - HKLM\..\Run: [arczn] C:\WINDOWS\knusu.exe
O4 - HKLM\..\Run: [kjlqjbcuw] C:\WINDOWS\lqtzp.exe
O4 - HKLM\..\Run: [lqzxlkqmi] C:\WINDOWS\fgfwcavd.exe
O4 - HKLM\..\Run: [zvtw] C:\WINDOWS\yylbyhkjs.exe
O4 - HKLM\..\Run: [imsihdqkx] C:\WINDOWS\hubpzf.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - Global Startup: D-Link AirPlus G Wireless Utility.lnk = ?
O4 - Global Startup: MUPS.lnk = C:\Program Files\Belkin Bulldog Plus\MUPS.exe
O8 - Extra context menu item: &411 Ferret Toolbar search - res://C:\Program Files\411Ferret\toolbar.dll/SEARCH.HTML
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com/info/e-center-p
  • 0

#7
Smokey
Posted 22 August 2004 - 02:47 PM

Smokey

    Member 1K

  • Retired Staff
  • 1,423 posts
Did you reboot in safe mode?
http://www.xtra.co.n...1916458,00.html

If not, do exactly as admin suggested. If you did, please run a free online virus scan here:
http://housecall.antivirus.com/

And a free trojan scan here:
http://www.moosoft.com/
  • 0

#8
sarah00201
Posted 23 August 2004 - 06:30 PM

sarah00201

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Ok. I have done everything you have asked me to. I double checked the items that I deleted before in safe mode and I did a virus check and I did a trojan check. There was stuff found and I deleted it. But I am still getting pop-ups....here is my hijack this log. What should I do now?
  • 0

#9
sarah00201
Posted 23 August 2004 - 06:31 PM

sarah00201

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Oops. <_< I hit add before adding my hijack this log....here it is.

Logfile of HijackThis v1.98.1
Scan saved at 8:28:01 PM, on 8/23/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\HPConfig.exe
C:\Program Files\Hewlett-Packard\HP Notebook Utilities\HPWirelessMgr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Belkin Bulldog Plus\upsd.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\atiptaxx.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Notebook Utilities\hptasks.exe
C:\PROGRA~1\HEWLET~1\ONE-TO~1\OneTouch.EXE
C:\windows\system\hpsysdrv.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\TWAIN_32\SiPix\SC-2300\SC23Exec.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
C:\Program Files\Winamp3\winampa.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\carpserv.exe
C:\WINDOWS\efuqkckev.exe
C:\WINDOWS\kgkmqgsy.exe
C:\WINDOWS\fwkwgfmw.exe
C:\WINDOWS\knusu.exe
C:\WINDOWS\lqtzp.exe
C:\WINDOWS\fgfwcavd.exe
C:\WINDOWS\yylbyhkjs.exe
C:\WINDOWS\hubpzf.exe
C:\WINDOWS\lnolqpovm.exe
C:\WINDOWS\TWAIN_32\SiPix\SC-2300\SC23CamC.exe
C:\WINDOWS\sftxa.exe
C:\Program Files\The Cleaner\tca.exe
C:\Program Files\The Cleaner\tcm.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\AIM\aim.exe
C:\Program Files\Belkin Bulldog Plus\MUPS.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us4nb.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ucf.edu/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;http://localhost;
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.1629.0\en-us\msntb.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [HP TV Now] C:\Program Files\Hewlett-Packard\HP TV Now\HpTvNow.exe /RK
O4 - HKLM\..\Run: [HP Display Settings] C:\Program Files\Hewlett-Packard\HP Notebook Utilities\hptasks.exe /s
O4 - HKLM\..\Run: [PreloadApp] c:\hp\drivers\printers\photosmart\hphprld.exe c:\hp\drivers\printers\photosmart\setup.exe -d
O4 - HKLM\..\Run: [QT4HPOT] C:\PROGRA~1\HEWLET~1\ONE-TO~1\OneTouch.EXE
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [SC2300CamCheck] C:\WINDOWS\TWAIN_32\SiPix\SC-2300\SC23Exec.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp3\winampa.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [fflmp] C:\WINDOWS\efuqkckev.exe
O4 - HKLM\..\Run: [yxxdd] C:\WINDOWS\kgkmqgsy.exe
O4 - HKLM\..\Run: [dpswgcebg] C:\WINDOWS\fwkwgfmw.exe
O4 - HKLM\..\Run: [arczn] C:\WINDOWS\knusu.exe
O4 - HKLM\..\Run: [kjlqjbcuw] C:\WINDOWS\lqtzp.exe
O4 - HKLM\..\Run: [lqzxlkqmi] C:\WINDOWS\fgfwcavd.exe
O4 - HKLM\..\Run: [zvtw] C:\WINDOWS\yylbyhkjs.exe
O4 - HKLM\..\Run: [imsihdqkx] C:\WINDOWS\hubpzf.exe
O4 - HKLM\..\Run: [ojpcjc] C:\WINDOWS\lnolqpovm.exe
O4 - HKLM\..\Run: [sknwhealp] C:\WINDOWS\sftxa.exe
O4 - HKLM\..\Run: [tcactive] C:\Program Files\The Cleaner\tca.exe
O4 - HKLM\..\Run: [tcmonitor] C:\Program Files\The Cleaner\tcm.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - Global Startup: D-Link AirPlus G Wireless Utility.lnk = ?
O4 - Global Startup: MUPS.lnk = C:\Program Files\Belkin Bulldog Plus\MUPS.exe
O8 - Extra context menu item: &411 Ferret Toolbar search - res://C:\Program Files\411Ferret\toolbar.dll/SEARCH.HTML
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com/info/e-center-p
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
  • 0

#10
sarah00201
Posted 27 August 2004 - 02:24 PM

sarah00201

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
are you there? I really need your help.
  • 0

#11
admin
Posted 27 August 2004 - 02:32 PM

admin

    Founder Geek

  • Community Leader
  • 24,639 posts
Please go offline, close all browsers and any open Windows, making sure that only HijackThis is open. Scan and when it finishes, put an X in the boxes, only next to these following items, then click fix checked.
R3 - Default URLSearchHook is missing
O4 - HKLM\..\Run: [fflmp] C:\WINDOWS\efuqkckev.exe
O4 - HKLM\..\Run: [yxxdd] C:\WINDOWS\kgkmqgsy.exe
O4 - HKLM\..\Run: [dpswgcebg] C:\WINDOWS\fwkwgfmw.exe
O4 - HKLM\..\Run: [arczn] C:\WINDOWS\knusu.exe
O4 - HKLM\..\Run: [kjlqjbcuw] C:\WINDOWS\lqtzp.exe
O4 - HKLM\..\Run: [lqzxlkqmi] C:\WINDOWS\fgfwcavd.exe
O4 - HKLM\..\Run: [zvtw] C:\WINDOWS\yylbyhkjs.exe
O4 - HKLM\..\Run: [imsihdqkx] C:\WINDOWS\hubpzf.exe
O4 - HKLM\..\Run: [ojpcjc] C:\WINDOWS\lnolqpovm.exe
O4 - HKLM\..\Run: [sknwhealp] C:\WINDOWS\sftxa.exe

Reboot in safe mode (by tapping F8 at startup and select safe mode from the menu).
Be sure you're able to view hidden files, and remove the following files (if found):
C:\WINDOWS\efuqkckev.exe
C:\WINDOWS\kgkmqgsy.exe
C:\WINDOWS\fwkwgfmw.exe
C:\WINDOWS\knusu.exe
C:\WINDOWS\lqtzp.exe
C:\WINDOWS\fgfwcavd.exe
C:\WINDOWS\yylbyhkjs.exe
C:\WINDOWS\hubpzf.exe
C:\WINDOWS\lnolqpovm.exe
C:\WINDOWS\sftxa.exe

Reboot your PC.

If you would please, rescan with HijackThis and post a fresh log in this same topic, and let us know how your system's working. <_<
  • 0

#12
sarah00201
Posted 27 August 2004 - 10:28 PM

sarah00201

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Ok, here is my new hijack this log. See anything else? Spybot still detected some stuff after I did what you told me to do...
Logfile of HijackThis v1.98.1
Scan saved at 10:46:04 PM, on 8/27/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\HPConfig.exe
C:\Program Files\Hewlett-Packard\HP Notebook Utilities\HPWirelessMgr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Belkin Bulldog Plus\upsd.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\atiptaxx.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Notebook Utilities\hptasks.exe
C:\PROGRA~1\HEWLET~1\ONE-TO~1\OneTouch.EXE
C:\windows\system\hpsysdrv.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\TWAIN_32\SiPix\SC-2300\SC23Exec.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
C:\Program Files\Winamp3\winampa.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\carpserv.exe
C:\Program Files\The Cleaner\tca.exe
C:\Program Files\The Cleaner\tcm.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Belkin Bulldog Plus\MUPS.exe
C:\WINDOWS\TWAIN_32\SiPix\SC-2300\SC23CamC.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us4nb.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ucf.edu/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;http://localhost;
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.1629.0\en-us\msntb.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [HP TV Now] C:\Program Files\Hewlett-Packard\HP TV Now\HpTvNow.exe /RK
O4 - HKLM\..\Run: [HP Display Settings] C:\Program Files\Hewlett-Packard\HP Notebook Utilities\hptasks.exe /s
O4 - HKLM\..\Run: [PreloadApp] c:\hp\drivers\printers\photosmart\hphprld.exe c:\hp\drivers\printers\photosmart\setup.exe -d
O4 - HKLM\..\Run: [QT4HPOT] C:\PROGRA~1\HEWLET~1\ONE-TO~1\OneTouch.EXE
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [SC2300CamCheck] C:\WINDOWS\TWAIN_32\SiPix\SC-2300\SC23Exec.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp3\winampa.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [tcactive] C:\Program Files\The Cleaner\tca.exe
O4 - HKLM\..\Run: [tcmonitor] C:\Program Files\The Cleaner\tcm.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - Global Startup: D-Link AirPlus G Wireless Utility.lnk = ?
O4 - Global Startup: MUPS.lnk = C:\Program Files\Belkin Bulldog Plus\MUPS.exe
O8 - Extra context menu item: &411 Ferret Toolbar search - res://C:\Program Files\411Ferret\toolbar.dll/SEARCH.HTML
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com/info/e-center-p
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
  • 0

#13
Smokey
Posted 27 August 2004 - 10:39 PM

Smokey

    Member 1K

  • Retired Staff
  • 1,423 posts
Congratulations! Your system is CLEAN <_<

How do you prevent spyware from being installed again? We strongly recommend installing SpywareBlaster (it's free for personal use).

Prevent the installation of ActiveX-based spyware, adware, browser hijackers, dialers, and other potentially unwanted pests.
Block spyware/tracking cookies in Internet Explorer and Mozilla/Firefox.
Restrict the actions of potentially dangerous sites in Internet Explorer.
Consumes no system resources.

Download, run, check for updates, download updates, select all, protect against checked. All done. Check for updates every couple of weeks. If you have any errors running the program like a missing file see the link at the bottom of the javacool page.
Link to SpywareBlaster: http://www.geekstogo...tion=show&id=12

It's also very important to keep your system up to date to avoid unnecessary security risks. Click Here to make sure that you have the latest patches for Windows.

It's okay to delete the Hijack This folder in a couple weeks if everything is working okay.

If you ever get tired of paying for antivirus, AVG offers a great free program:
http://free.grisoft....us/doc/2/tpl/v5

Also, make sure your Windows Firewall is turned on. To do this:

1. Go to "Start", then "Control Panel"
2. Click on "Network and Internet Connections", then "Network Connections" at the bottom
3. Right-click on your internet connection and choose "Properties"
4. Click the "Advanced" tab and make sure "Protect my computer..." is checked
5. Hit "OK" and you will now be protected from hackers

These next two steps are optional, but will provide the greatest protection.
1. Use ANY browser besides Internet Explorer, almost every exploit is crafted to take advantage of an IE weakness. We usually recommend Firefox.
2. Install Sun's Java. It's much more secure than Microsoft's Java Virtual Machine .

After doing all these, your system will be thoroughly protected from future threats. :D
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP