Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Hellz Little Spy/ help in removal

Started by elite , Jul 02 2005 08:49 AM

  • Please log in to reply

#1
elite
Posted 02 July 2005 - 08:49 AM

elite

    Member

  • Member
  • PipPip
  • 35 posts
I used spy sweeper to find various spyware on my pc here is the log:

9:41 AM: |··· Start of Session, Saturday, July 02, 2005 ···|
9:41 AM: Spy Sweeper started
9:41 AM: Sweep initiated using definitions version 501
9:41 AM: Starting Memory Sweep
9:43 AM: Memory Sweep Complete, Elapsed Time: 00:01:09
9:43 AM: Starting Registry Sweep
9:43 AM: Found Adware: ieplugin
9:43 AM: HKU\WRSS_Profile_S-1-5-21-2052111302-492894223-725345543-1004\software\intexp\ (9 subtraces) (ID = 4106507)
9:43 AM: HKU\WRSS_Profile_S-1-5-21-2052111302-492894223-725345543-501\software\intexp\ (7 subtraces) (ID = 4106507)
9:43 AM: Found Adware: drsnsrch.com hijacker
9:43 AM: HKU\WRSS_Profile_S-1-5-21-2052111302-492894223-725345543-1004\software\microsoft\search assistant\ || defaultsearchurl (ID = 4106539)
9:43 AM: HKU\WRSS_Profile_S-1-5-21-2052111302-492894223-725345543-501\software\microsoft\search assistant\ || defaultsearchurl (ID = 4106539)
9:43 AM: HKU\WRSS_Profile_S-1-5-21-2052111302-492894223-725345543-501\software\microsoft\internet explorer\main\ || search bar (ID = 4106540)
9:43 AM: HKU\WRSS_Profile_S-1-5-21-2052111302-492894223-725345543-501\software\microsoft\internet explorer\main\ || search page (ID = 4106541)
9:43 AM: HKU\WRSS_Profile_S-1-5-21-2052111302-492894223-725345543-501\software\microsoft\internet explorer\searchurl\ (2 subtraces) (ID = 4106546)
9:43 AM: Found Adware: 180search assistant
9:43 AM: HKU\WRSS_Profile_S-1-5-21-2052111302-492894223-725345543-1004\software\msbb\ (13 subtraces) (ID = 4114226)
9:43 AM: Found Adware: twain-tech
9:43 AM: HKU\WRSS_Profile_S-1-5-21-2052111302-492894223-725345543-1004\software\mxtarget\ (26 subtraces) (ID = 4124060)
9:43 AM: HKU\WRSS_Profile_S-1-5-21-2052111302-492894223-725345543-501\software\mxtarget\ (29 subtraces) (ID = 4124060)
9:43 AM: Found Adware: abetterinternet
9:43 AM: HKU\S-1-5-18\software\voiceip\ (5 subtraces) (ID = 4124889)
9:43 AM: HKU\WRSS_Profile_S-1-5-21-2052111302-492894223-725345543-501\software\voiceip\ (25 subtraces) (ID = 4124889)
9:43 AM: Found Adware: websearch toolbar
9:43 AM: HKCR\protocols\name-space handler\res\ (ID = 4125151)
9:43 AM: HKLM\software\classes\protocols\name-space handler\res\ (ID = 4125214)
9:43 AM: Registry Sweep Complete, Elapsed Time:00:00:06
9:43 AM: Starting Cookie Sweep
9:43 AM: Found Cookie: offeroptimizer cookie
9:43 AM: mustafa@offeroptimizer[2].txt (ID = 170241)
9:43 AM: Cookie Sweep Complete, Elapsed Time: 00:00:00
9:43 AM: Starting File Sweep
9:43 AM: Found System Monitor: win-spy monitor
9:43 AM: urlhist.tlb (ID = 3847015)
9:43 AM: Found Trojan Horse: hellz little spy
9:43 AM: hellzlittlespy.zip (ID = 3817320)
9:44 AM: Sweep Canceled
9:44 AM: File Sweep Complete, Elapsed Time: 00:01:46
9:44 AM: Traces Found: 133
9:45 AM: Removal process initiated
9:45 AM: Quarantining All Traces: ieplugin
9:45 AM: Quarantining All Traces: drsnsrch.com hijacker
9:45 AM: Quarantining All Traces: 180search assistant
9:45 AM: Quarantining All Traces: twain-tech
9:45 AM: Quarantining All Traces: abetterinternet
9:45 AM: Quarantining All Traces: websearch toolbar
9:45 AM: Quarantining All Traces: offeroptimizer cookie
9:45 AM: Quarantining All Traces: win-spy monitor
9:45 AM: Quarantining All Traces: hellz little spy
9:45 AM: Removal process completed. Elapsed time 00:00:02



however everytime i run spy sweeper it picks up:
ie plugin
drsnsrch.com hijacker
180searchassistant
twain tech
hellz little spy
win spy monito
offeroptimizer cookie
abetterinternet


I need help in removing all these spywares PERMANENTLY as my pc is constantly randomly shutting down.

thank you.
  • 0

Advertisements

#2
elite
Posted 02 July 2005 - 09:49 AM

elite

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts
here's the HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 11:48:00 AM, on 07/02/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\RFA\rfagent.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\WINDOWS\PCHEALTH\HELPCTR\System\panels\blank.htm
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [rfagent] "C:\Program Files\RFA\rfagent.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: ppctlcab - http://ppupdates.ca....er/ppctlcab.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab30149.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....467&clcid=0x409
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://ppupdates.ca....r/axscanner.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.co...ad/MsnPUpld.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://www.nick.com/.../GrooveAX27.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab30149.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real...ArcadeRdxIE.cab
O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} (Downloader Class) - http://www.stopzilla...ller/dwnldr.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://anu.popcap.co...aploader_v6.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E475D6DC-81B7-4148-ABF0-32A300888E82}: NameServer = 207.136.100.40 209.148.64.40
O23 - Service: BWVMTDHIE - Unknown owner - C:\DOCUME~1\Mustafa\LOCALS~1\Temp\BWVMTDHIE.exe (file missing)
O23 - Service: EWTASYAWNNAGMWEO - Unknown owner - C:\DOCUME~1\Mustafa\LOCALS~1\Temp\EWTASYAWNNAGMWEO.exe (file missing)
O23 - Service: HCDAWSWXE - Unknown owner - C:\DOCUME~1\Mustafa\LOCALS~1\Temp\HCDAWSWXE.exe (file missing)
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: TMCIFGAVEJX - Unknown owner - C:\DOCUME~1\Mustafa\LOCALS~1\Temp\TMCIFGAVEJX.exe (file missing)
  • 0

#3
Besttechie
Posted 02 July 2005 - 10:00 AM

Besttechie

    Visiting Staff

  • Member
  • PipPipPip
  • 386 posts
User being helped in chat by Atri and Myself.

B
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP