Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

quick websearch removal and other unknown spyware? help!

Started by betterdays , Nov 09 2005 12:22 PM

  • Please log in to reply

#1
betterdays
Posted 09 November 2005 - 12:22 PM

betterdays

    New Member

  • Member
  • Pip
  • 1 posts
I've gone through about 5-6 different ways to clean this spyware... everytime i start up internet explorer it goes to something called quick web search on the startup address bar it says about:blank...

res://C:\WINDOWS\system32\vnwun.dll/sp.html#17702 i pulled this from startup page from ad-aware.. seems to me the spywares changing .dlls... and creating new ones everytime it gets deleted... Please! help! i can't remove it!.. even if it does it keeps replicating in to some other form!!

this is my HJTlog.

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbload.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\apiqh32.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\SysMetrix\SysMetrix.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\CursorXP\CursorXP.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\conime.exe
C:\WINDOWS\ntoo.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\Tmas\tmas.exe
C:\Program Files\TrojanHunter 4.2\TrojanHunter.exe
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
C:\hijackthis\HijackThis1991.exe

R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Class - {A1478393-27A6-A004-43B7-4A801508772A} - C:\WINDOWS\system32\atlpa32.dll
O2 - BHO: Class - {A47C546E-3AFF-B796-C2D3-84570C207938} - C:\WINDOWS\system32\winpv32.dll
O2 - BHO: (no name) - {D61F758B-DC8C-76A6-2ECE-8034F77A90F8} - (no file)
O2 - BHO: Class - {D7B58010-ECB4-2AAF-C757-B2B10463170A} - C:\WINDOWS\ntlv.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [LogonStudio] "C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM
O4 - HKLM\..\Run: [SysMetrix] C:\Program Files\SysMetrix\SysMetrix.exe
O4 - HKLM\..\Run: [ipuc32.exe] C:\WINDOWS\ipuc32.exe
O4 - HKLM\..\Run: [ieak32.exe] C:\WINDOWS\system32\ieak32.exe
O4 - HKLM\..\Run: [syskm32.exe] C:\WINDOWS\system32\syskm32.exe
O4 - HKLM\..\Run: [ntoo.exe] C:\WINDOWS\ntoo.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKLM\..\RunOnce: [apiqh32.exe] C:\WINDOWS\apiqh32.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [CursorXP] "C:\Program Files\CursorXP\CursorXP.exe" -s
O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: Trend Micro Anti-Spyware.lnk = C:\Program Files\Trend Micro\Tmas\Tmas.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://box1.clubbox.co.kr
O15 - Trusted Zone: www.clubbox.co.kr
O15 - Trusted Zone: http://*.clubbox.co.kr
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {072039AB-2117-4ED5-A85F-9B9EB903E021} (NowStarter Control) - http://www.clubbox.c.../NowStarter.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1131558771343
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O20 - Winlogon Notify: WB - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\fastload.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP