1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

can't fix problem found on Spybot S&D

Discussion in 'Virus & Other Malware Removal' started by nawoo, Feb 4, 2005.

Thread Status:
Not open for further replies.
Advertisement
  1. nawoo

    nawoo Thread Starter

    Joined:
    Dec 1, 2004
    Messages:
    17
    Am using windows XP SP2, IE version 6.0.2900.

    When I run Spybot I can fix selected problems except FunWebProducts, it just won't go away. I searched this site and found other posts about FWP, but I don't know how to do the Hijack thing and it looked very confusing.

    We have multiple users and it's always worse after the kids use it, probably from AIM?

    Any ideas how to get rid of the FunWebProducts?

    Thanks so much.
     
  2. Cadet

    Cadet

    Joined:
    Dec 22, 2004
    Messages:
    81
  3. jd_957

    jd_957 Banned

    Joined:
    Dec 30, 2004
    Messages:
    1,099
  4. tre01

    tre01

    Joined:
    Feb 3, 2005
    Messages:
    5
    its easier just to reformat. i use spybot all the time and to be honest its a long process to get the sites out if they dont come out with spybot. i find it alot easier just to redo everything. alot of people wouldnt agree but thats my way.
     
  5. nawoo

    nawoo Thread Starter

    Joined:
    Dec 1, 2004
    Messages:
    17
    Thankyou to all of you - reformat? That's new to me. I tried running Spybot in safe mode and still could not get rid of the not-so-fun funwebproducts. Thanks to the NetworkWorldFusion link, my kids love smiley faces and cursor sites. I will run the hijack link you sent tomorrow - should I do that in safe mode? Not sure I know how to post results here, but will try.

    I did a trend micro scan tonight and found two trojans I hopefully deleted by following instructions on MajorGeeks supports forum, then the instructions got over my head.

    Will check in tomorrow and thankyou so very much!
     
  6. telecom69

    telecom69 Gone but never forgotten

    Joined:
    Oct 12, 2001
    Messages:
    9,807
    Forget anything about reformatting, I see no mention about adaware if you havent got it go here and download it http://www.majorgeeks.com/download506.html before running it click to update it,then get rid of anything that it finds .....

    Posting a hijack this log is very easy if you just sit down and follow the instructions,but see what adaware does first .....

    Also check out this site http://www.funwebproducts.com/uninstall.html
     
  7. mobo

    mobo

    Joined:
    Feb 23, 2003
    Messages:
    16,274
    Get The latest version of Adaware
    You can download the free version here:
    http://www.lavasoftusa.com/support/download/

    or here (alternate download location)
    http://www.majorgeeks.com/download506.html

    You need to be logged on as Adminstrator through the installation.
    For ease in installation and operation, view the tutorial here http://www.spyware911.net/adaware.htm

    Just download it to your desktop and then to install click on the file you just downloaded (aawsepersonal.exe). You will be guided through the installation. It is recommended to use the default setting of "Protect anyone who uses this computer".

    On the main screen of Adaware please look for the *check for updates now* link, just above the start button in the bottom right corner or you can click on the Webupdate button that looks like a globe icon at the top. Press * connect* to let it check for any recent updates. If any are found, please let it download and install them.

    Now, configure your settings. Click the gear icon at the top. These are the recommended settings:

    AAW SE settings

    General Button
    Safety:
    Check (Green) all three.

    Advanced Button
    Logfile Detail Level:
    All options under this should be checked (Green).

    Tweak Button
    Check (Green) the following:
    Log Files
    Include basic Ad-Aware settings in logfile:
    Include additional Ad-Aware settings in logfile:
    Please do not check (Green): Include Module list in logfile:

    On your first scan, use the Full Scan (Perform full system scan) mode.

    Let Adaware remove any *bad* objects found. Reboot your PC and scan again. Repeat this process until no more bad items are found. It may take several scans to clean everything, depending on the type of infections found.
    ________________________
    Download Spybot - Search & Destroy, from here http://security.kolla.de/: if you haven't already got the program.
    For ease in installation and operation you can opt to view the tutorial here http://www.spyware911.net/spybots&d.htm

    Click on Settings, and Settings again. Go to the Webupdate section, and check Display also available beta versions.

    Now press Online, and search for, and put a check mark next to all updates, and install following the prompts.

    Next, close all Internet Explorer windows, and click Check for Problems. Once the scan is complete, have SpyBot remove all it finds marked in RED.
    ___________________________________________________________________
    Create a directory on your hardrive to save HijackThis.exe. A directory like c:\hijackthis. If you do not do this, you will not be able to use the backup/restore features.

    Download HijackThis from:

    http://www.spywareinfo.com/~merijn/files/hijackthis.zip

    Save this file into the directory you made previously and then run the program named hijackthis.exe. When the program opens click on the Config button, then click on the Misc Tools button, and click on the Check for update online button. When it completes checking/applying updates press the back button.

    Now click on the Scan button and when it is finished click on the Save Log button. A Notepad window will open with the contents of this log. Click on Edit then click on Select all. Then click on Edit and then Click on Copy.

    Create a reply to this post here and right click in message area and select paste to paste the log into the post.
     
  8. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    You do not need to know the HiJack thing and shouldn't try to fix anything unless you get instructions. Post the log here and we will guide you down the path to recovery - a format is WAY over the top!
     
  9. nawoo

    nawoo Thread Starter

    Joined:
    Dec 1, 2004
    Messages:
    17
    Ok, finally got the log done I am so slow!

    Logfile of HijackThis v1.99.0
    Scan saved at 5:18:07 PM, on 2/5/2005
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\netdde.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe
    C:\WINDOWS\StartupMonitor.exe
    C:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
    C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe
    C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\PROGRA~1\AQUATI~1\AQ3HEL~1.EXE
    C:\Program Files\AIM\aim.exe
    c:\progra~1\mcafee.com\vso\mcvsescn.exe
    C:\Program Files\SpywareGuard\sgmain.exe
    C:\Program Files\SpywareGuard\sgbhp.exe
    c:\progra~1\mcafee.com\vso\mcvsftsn.exe
    c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
    C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\wanmpsvc.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\WINDOWS\system32\svchost.exe
    c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
    C:\DOCUME~1\NANCY~1.HOM\LOCALS~1\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe
    C:\DOCUME~1\NANCY~1.HOM\LOCALS~1\Temp\Temporary Directory 3 for hijackthis.zip\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://comcast.net/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://support.dell.com/
    R3 - Default URLSearchHook is missing
    F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,,SKEYS /I
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {0DEE6C2B-A72C-7668-5EB0-988267837523} - C:\WINDOWS\system32\gxhnolui.dll
    O2 - BHO: (no name) - {206E52E0-D52E-11D4-AD54-0000E86C26F6} - C:\PROGRA~1\FRESHD~1\FRESHD~1\fdcatch.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {5D073033-AFDB-8B52-6D43-ADD376B3A368} - C:\WINDOWS\system32\qxjuzsvn.dll
    O2 - BHO: (no name) - {8477618C-6836-08FE-3841-901B295B49F0} - C:\WINDOWS\system32\wywxdkfv.dll
    O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [Dell Photo AIO Printer 922] "C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe"
    O4 - HKLM\..\Run: [Run StartupMonitor] StartupMonitor.exe
    O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
    O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
    O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [AQ3HelperStartUp] C:\PROGRA~1\AQUATI~1\AQ3HEL~1.EXE /partner AQ3
    O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
    O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
    O8 - Extra context menu item: Download all by Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
    O8 - Extra context menu item: Download by Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
    O8 - Extra context menu item: Download selected by Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
    O8 - Extra context menu item: Download web site by Free Download Manager - file://C:\Program Files\Free Download Manager\dlpage.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O10 - Broken Internet access because of LSP provider 'c:\program files\newdotnet\newdotnet6_38.dll' missing
    O16 - DPF: {5F0C30E4-1E72-4DCC-85E5-57810F1CA97B} (McUpdatePortalFactory Class) - http://www.amiuptodate.com/vsc/bin/1,0,0,7/McUpdatePortal.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1093722533523
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
    O16 - DPF: {77712A64-F30B-47C8-A363-CDA1CEC7DC1B} - http://www.advancedsearchbar.com/searchbarsetup2.exe
    O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab
    O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} (Sinstaller Class) - http://dm.screensavers.com/dm/installers/si/1/sinstaller.cab
    O16 - DPF: {9771C160-AD19-11D5-91BE-0048546CB511} - http://www.escorcher.com/webone/supporter5.exe
    O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/activedata/SymAData.cab
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/popcap/zuma/popcaploader_v6.cab
    O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://rcec.webex.com/client/latest/support/ieatgpc.cab
    O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/activedata/ActiveData.cab
    O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/2,0,0,4425/mcfscan.cab
    O23 - Service: dlbt_device - Dell - C:\WINDOWS\System32\dlbtcoms.exe
    O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: McAfee.com McShield - Unknown - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    O23 - Service: McAfee SecurityCenter Update Manager - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
    O23 - Service: McAfee.com VirusScan Online Realtime Engine - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
    O23 - Service: McAfee Personal Firewall Service - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
    O23 - Service: McAfee SpamKiller Server - Networks Associates Technology. Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
    O23 - Service: Miscrosoft Updates Service 5 - Unknown - C:\WINDOWS\system32\msupd5.exe (file missing)
    O23 - Service: NVIDIA Driver Helper Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: WAN Miniport (ATW) Service - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

    Thanks to all who posted and I'll check back to see what to do next!
     
  10. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    While I work on the log, move HiJackThis.exe to a permanent location - Like C:\HJT
     
  11. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    http://www.cexx.org/lspfix.htm

    Launch the application, and click the "I know what I'm doing" checkbox.

    Then click Finish.

    Run this http://www.newdotnet.com/removal.html

    Print this and boot to safe mode
    Fix these with HJT

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank

    R3 - Default URLSearchHook is missing

    F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,,SKEYS /I

    O2 - BHO: (no name) - {0DEE6C2B-A72C-7668-5EB0-988267837523} - C:\WINDOWS\system32\gxhnolui.dll

    O2 - BHO: (no name) - {5D073033-AFDB-8B52-6D43-ADD376B3A368} - C:\WINDOWS\system32\qxjuzsvn.dll

    O2 - BHO: (no name) - {8477618C-6836-08FE-3841-901B295B49F0} - C:\WINDOWS\system32\wywxdkfv.dll

    O4 - HKLM\..\Run: [AQ3HelperStartUp] C:\PROGRA~1\AQUATI~1\AQ3HEL~1.EXE /partner AQ3 ç=== If you know this leave it otherwise delete it

    O10 - Broken Internet access because of LSP provider 'c:\program files\newdotnet\newdotnet6_38.dll' missing

    O16 - DPF: {77712A64-F30B-47C8-A363-CDA1CEC7DC1B} - http://www.advancedsearchbar.com/searchbarsetup2.exe

    O16 - DPF: {9771C160-AD19-11D5-91BE-0048546CB511} - http://www.escorcher.com/webone/supporter5.exe

    O23 - Service: Miscrosoft Updates Service 5 - Unknown - C:\WINDOWS\system32\msupd5.exe (file missing)

    View Hidden Files
    Open Windows Explorer. Go to Tools, Folder Options and click on the View tab.
    Make sure that "Show hidden files and folders" is checked.
    Also uncheck "Hide protected operating system files".
    Now click "Apply to all folders", Click "Apply" then "OK"

    Delete these files

    C:\WINDOWS\system32\gxhnolui.dll
    C:\WINDOWS\system32\qxjuzsvn.dll
    C:\WINDOWS\system32\wywxdkfv.dll


    START – RUN – key in %temp% - Edit – Select all – File – Delete
    Empty the recycle bin
    Boot and post a new log
     
  12. nawoo

    nawoo Thread Starter

    Joined:
    Dec 1, 2004
    Messages:
    17
    I went to cexx.org and have no clue how to launch the application - help please?
     
  13. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    Click on the LSPFix.exe link and it will DL the file, then run that exe
     
  14. nawoo

    nawoo Thread Starter

    Joined:
    Dec 1, 2004
    Messages:
    17
    Ok, all done. Thanks and let me know what to do next - tomorrow.

    I appreciate the help.
     
  15. mobo

    mobo

    Joined:
    Feb 23, 2003
    Messages:
    16,274
    Rescan and post a fresh log.
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/326651

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice