Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

topantispyware taskbar icon and desktop


  • Please log in to reply

#1
jbsmee

jbsmee

    New Member

  • Member
  • Pip
  • 2 posts
I just recently freshly reinstalled WinXP Sp1 and have already bin infected with spyware. I've tried everything listed in the "You Must Read This Before Posting A Hijackthis Log" post but to no avail. Please help.


Logfile of HijackThis v1.99.1
Scan saved at 11:55:13 AM, on 2/20/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\spoolsv.exe
E:\WINDOWS\System32\nvsvc32.exe
E:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe
E:\Program Files\0025 - Stardock\Object Desktop\WindowBlinds\wbload.exe
E:\WINDOWS\Explorer.EXE
E:\Program Files\Common Files\stardock\TrayServer.exe
E:\WINDOWS\System32\RUNDLL32.EXE
E:\WINDOWS\System32\RunDll32.exe
E:\Program Files\0009 - Itunes\iTunesHelper.exe
E:\Program Files\Logitech\iTouch\iTouch.exe
E:\Program Files\MSN Messenger\MsnMsgr.Exe
E:\Program Files\0025 - Stardock\DesktopX\DesktopX.exe
E:\Program Files\CursorXP\CursorXP.exe
E:\Program Files\0023 - Adobe\Adobe Reader\Reader\reader_sl.exe
C:\Program Files\interMute\SpySubtract\SpySub.exe
E:\Program Files\iPod\bin\iPodService.exe
E:\Program Files\Logitech\MouseWare\system\em_exec.exe
E:\WINDOWS\System32\wuauclt.exe
E:\WINDOWS\System32\wuauclt.exe
E:\Program Files\Internet Explorer\iexplore.exe
C:\New PC - Program Files\0025 - Window Blinds\hijackthis\HijackThis.exe

R3 - Default URLSearchHook is missing
O1 - Hosts: 64.91.255.87 www.dcsresearch.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\0023 - Adobe\Adobe Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - E:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [1A:Stardock TrayMonitor] "E:\Program Files\Common Files\stardock\TrayServer.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE E:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NeroFilterCheck] E:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] E:\Program Files\0009 - Itunes\iTunesHelper.exe
O4 - HKLM\..\Run: [zBrowser Launcher] E:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [LogonStudio] "E:\Program Files\0025 - Stardock\LogonStudio\logonstudio.exe" /RANDOM
O4 - HKLM\..\RunOnce: [Srv32 spool service] E:\WINDOWS\System32\spoolsrv32.exe
O4 - HKCU\..\Run: [MsnMsgr] "E:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DesktopX] "E:\Program Files\0025 - Stardock\DesktopX\DesktopX.exe"
O4 - HKCU\..\Run: [CursorXP] "E:\Program Files\CursorXP\CursorXP.exe" -s
O4 - HKCU\..\RunOnce: [Srv32 spool service] E:\WINDOWS\System32\spoolsrv32.exe
O4 - Startup: Stardock ObjectBar.lnk = E:\Program Files\0025 - Stardock\ObjectBar\ObjectBar.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = E:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = E:\Program Files\0023 - Adobe\Adobe Reader\Reader\reader_sl.exe
O4 - Global Startup: RAID Manager.lnk = ?
O4 - Global Startup: SpySubtract.lnk = C:\Program Files\interMute\SpySubtract\SpySub.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1108896423593
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://camera.primor...sCamControl.ocx
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O20 - Winlogon Notify: MCPClient - E:\PROGRA~1\COMMON~1\Stardock\mcpstub.dll
O20 - Winlogon Notify: WB - E:\PROGRA~1\0025-S~1\OBJECT~1\WINDOW~1\fastload.dll
O23 - Service: Adobe LM Service - Unknown owner - E:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - E:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - E:\WINDOWS\system32\ati2sgag.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - E:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - E:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\System32\nvsvc32.exe
  • 0

Advertisements


#2
jbsmee

jbsmee

    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts
Hmmm...I went into safe-mode and deleted E:\WINDOWS\system32\spoolsv.exe, rebooted and now topantispyware is gone. I'm planning to install SP2 soon but read that it's unwise to install if trojans/viruses/spyware are on the pc. Here is my updated Hijack log. Is it safe to install Sp2?

Logfile of HijackThis v1.99.1
Scan saved at 12:32:49 PM, on 2/20/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\System32\nvsvc32.exe
E:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe
E:\Program Files\0025 - Stardock\Object Desktop\WindowBlinds\wbload.exe
E:\WINDOWS\Explorer.EXE
E:\WINDOWS\System32\wuauclt.exe
E:\Program Files\Common Files\stardock\TrayServer.exe
E:\WINDOWS\System32\RUNDLL32.EXE
E:\WINDOWS\System32\RunDll32.exe
E:\Program Files\0009 - Itunes\iTunesHelper.exe
E:\Program Files\Logitech\iTouch\iTouch.exe
E:\Program Files\iPod\bin\iPodService.exe
E:\Program Files\MSN Messenger\MsnMsgr.Exe
E:\Program Files\0025 - Stardock\DesktopX\DesktopX.exe
E:\Program Files\CursorXP\CursorXP.exe
E:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\interMute\SpySubtract\SpySub.exe
E:\WINDOWS\System32\wuauclt.exe
E:\WINDOWS\system32\notepad.exe
C:\New PC - Program Files\0025 - Window Blinds\hijackthis\HijackThis.exe

R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\0023 - Adobe\Adobe Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - E:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [1A:Stardock TrayMonitor] "E:\Program Files\Common Files\stardock\TrayServer.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE E:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NeroFilterCheck] E:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] E:\Program Files\0009 - Itunes\iTunesHelper.exe
O4 - HKLM\..\Run: [zBrowser Launcher] E:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [LogonStudio] "E:\Program Files\0025 - Stardock\LogonStudio\logonstudio.exe" /RANDOM
O4 - HKCU\..\Run: [MsnMsgr] "E:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DesktopX] "E:\Program Files\0025 - Stardock\DesktopX\DesktopX.exe"
O4 - HKCU\..\Run: [CursorXP] "E:\Program Files\CursorXP\CursorXP.exe" -s
O4 - Startup: Stardock ObjectBar.lnk = E:\Program Files\0025 - Stardock\ObjectBar\ObjectBar.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = E:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = E:\Program Files\0023 - Adobe\Adobe Reader\Reader\reader_sl.exe
O4 - Global Startup: RAID Manager.lnk = ?
O4 - Global Startup: SpySubtract.lnk = C:\Program Files\interMute\SpySubtract\SpySub.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1108896423593
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://camera.primor...sCamControl.ocx
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O20 - Winlogon Notify: MCPClient - E:\PROGRA~1\COMMON~1\Stardock\mcpstub.dll
O20 - Winlogon Notify: WB - E:\PROGRA~1\0025-S~1\OBJECT~1\WINDOW~1\fastload.dll
O23 - Service: Adobe LM Service - Unknown owner - E:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - E:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - E:\WINDOWS\system32\ati2sgag.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - E:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - E:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Print Spooler (Spooler) - Unknown owner - E:\WINDOWS\system32\spoolsv.exe (file missing)
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP