1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Desparate

Discussion in 'Virus & Other Malware Removal' started by Mr_Dutch, Apr 21, 2004.

Thread Status:
Not open for further replies.
Advertisement
  1. Mr_Dutch

    Mr_Dutch Thread Starter

    Joined:
    Apr 21, 2004
    Messages:
    3
    somehow i have picked up some spyware and my computer is very slow and all those funny sides keeps coming up.
    Have tried adware,spyboot,nod and pretty much all of them but nothing help so i wood be very happy if someone could look on my hijacklog

    Best regards Mr_Dutch

    Logfile of HijackThis v1.97.7
    Scan saved at 23:07:55, on 2004-04-21
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe
    C:\Program\Norton AntiVirus\navapsvc.exe
    C:\Program\Eset\nod32krn.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\windows\system\hpsysdrv.exe
    C:\HP\KBD\KBD.EXE
    C:\Program\Delade filer\Symantec Shared\ccApp.exe
    C:\Program\Delade filer\Real\Update_OB\realsched.exe
    C:\Program\Eset\nod32kui.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\Program\Netscape\Netscape\Netscp.exe
    C:\WINDOWS\System32\rundll32.exe
    C:\Program\SpywareGuard\sgmain.exe
    C:\Program\SpywareGuard\sgbhp.exe
    C:\Program\Internet Explorer\iexplore.exe
    C:\Program\Internet Explorer\iexplore.exe
    C:\Program\Internet Explorer\iexplore.exe
    C:\Program\Internet Explorer\iexplore.exe
    C:\Program\Internet Explorer\iexplore.exe
    C:\Documents and Settings\Ägaren\Skrivbord\hijackthis\HijackThis.exe
    C:\Program\Outlook Express\msimn.exe
    C:\Program\Messenger\msmsgs.exe

    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - C:\Program\DELADE~1\Real\Toolbar\realbar.dll
    O2 - BHO: (no name) - {9527D42F-D666-11D3-B8DD-00600838CD5F} - C:\WINDOWS\System32\IETie.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
    O4 - HKLM\..\Run: [StorageGuard] "C:\Program\VERITAS Software\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [WCOLOREAL] C:\Program\COMPAQ\Coloreal\coloreal.exe
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [USB] C:\WINDOWS\system32\usb.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
    O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
    O4 - HKLM\..\Run: [BetOrganizer] C:\Documents and Settings\Ägaren\Skrivbord\BetOrganizer_installation.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program\Delade filer\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [ccRegVfy] "C:\Program\Delade filer\Symantec Shared\ccRegVfy.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program\Delade filer\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [win32.exe] C:\WINDOWS\win32.exe
    O4 - HKLM\..\Run: [nod32kui] C:\Program\Eset\nod32kui.exe /WAITSERVICE
    O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
    O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\Program\Netscape\Netscape\Netscp.exe" -turbo
    O4 - Startup: SpywareGuard.lnk = C:\Program\SpywareGuard\sgmain.exe
    O4 - Global Startup: GhostSurf.lnk = C:\Program\GhostSurf\GhostSurf.exe
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Messenger (HKLM)
    O10 - Broken Internet access because of LSP provider 'imon.dll' missing
    O12 - Plugin for .spop: C:\Program\Internet Explorer\Plugins\NPDocBox.dll
    O14 - IERESET.INF: START_PAGE_URL=http://www.tele2.se/c2i
    O16 - DPF: FreedomAudio - http://www.freedomaudio.com/install/win/iemv.cab
    O16 - DPF: ppctlcab - http://www.pestscan.com/scanner/ppctlcab.cab
    O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.pestscan.com/scanner/axscanner.cab
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/1829249afde1c024b118/netzip/RdxIE601.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
    O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{B8689C2B-99B8-4288-A6B9-00B4AF35984E}: NameServer = 212.181.54.2,212.181.54.3
    O19 - User stylesheet: C:\WINDOWS\win32.bmp
     
  2. Mr_Dutch

    Mr_Dutch Thread Starter

    Joined:
    Apr 21, 2004
    Messages:
    3
    I am a real sucker when its about computer and really could use some help,pls check my log anybody?
     
  3. raybro

    raybro

    Joined:
    Apr 26, 2003
    Messages:
    5,836
    Download CWShredder.exe. Close all windows, including browser. Launch CWShredder and click the Fix button (not Scan). Let it do it's thing.

    Reboot your computer. Run and posta new HJT scan
     
  4. Mr_Dutch

    Mr_Dutch Thread Starter

    Joined:
    Apr 21, 2004
    Messages:
    3
    Ok thx raybro here it is

    Logfile of HijackThis v1.97.7
    Scan saved at 01:22:45, on 2004-04-22
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe
    C:\windows\system\hpsysdrv.exe
    C:\HP\KBD\KBD.EXE
    C:\Program\VERITAS Software\Update Manager\sgtray.exe
    C:\Program\Delade filer\Symantec Shared\ccApp.exe
    C:\Program\Delade filer\Real\Update_OB\realsched.exe
    C:\WINDOWS\win32.exe
    C:\Program\Eset\nod32kui.exe
    C:\Program\Netscape\Netscape\Netscp.exe
    C:\WINDOWS\System32\rundll32.exe
    C:\Program\SpywareGuard\sgmain.exe
    C:\Program\Norton AntiVirus\navapsvc.exe
    C:\Program\Eset\nod32krn.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\Program\SpywareGuard\sgbhp.exe
    C:\Program\Messenger\msmsgs.exe
    C:\Program\Internet Explorer\iexplore.exe
    C:\Documents and Settings\Ägaren\Skrivbord\hijackthis\HijackThis.exe

    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - C:\Program\DELADE~1\Real\Toolbar\realbar.dll
    O2 - BHO: (no name) - {9527D42F-D666-11D3-B8DD-00600838CD5F} - C:\WINDOWS\System32\IETie.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
    O4 - HKLM\..\Run: [StorageGuard] "C:\Program\VERITAS Software\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [WCOLOREAL] C:\Program\COMPAQ\Coloreal\coloreal.exe
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [USB] C:\WINDOWS\system32\usb.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
    O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
    O4 - HKLM\..\Run: [BetOrganizer] C:\Documents and Settings\Ägaren\Skrivbord\BetOrganizer_installation.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program\Delade filer\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [ccRegVfy] "C:\Program\Delade filer\Symantec Shared\ccRegVfy.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program\Delade filer\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [win32.exe] C:\WINDOWS\win32.exe
    O4 - HKLM\..\Run: [nod32kui] C:\Program\Eset\nod32kui.exe /WAITSERVICE
    O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
    O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\Program\Netscape\Netscape\Netscp.exe" -turbo
    O4 - Startup: SpywareGuard.lnk = C:\Program\SpywareGuard\sgmain.exe
    O4 - Global Startup: GhostSurf.lnk = C:\Program\GhostSurf\GhostSurf.exe
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Messenger (HKLM)
    O10 - Broken Internet access because of LSP provider 'imon.dll' missing
    O12 - Plugin for .spop: C:\Program\Internet Explorer\Plugins\NPDocBox.dll
    O14 - IERESET.INF: START_PAGE_URL=http://www.tele2.se/c2i
    O16 - DPF: FreedomAudio - http://www.freedomaudio.com/install/win/iemv.cab
    O16 - DPF: ppctlcab - http://www.pestscan.com/scanner/ppctlcab.cab
    O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.pestscan.com/scanner/axscanner.cab
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/1829249afde1c024b118/netzip/RdxIE601.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
    O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{B8689C2B-99B8-4288-A6B9-00B4AF35984E}: NameServer = 212.181.54.2,212.181.54.3
    O19 - User stylesheet: C:\WINDOWS\win32.bmp
     
  5. raybro

    raybro

    Joined:
    Apr 26, 2003
    Messages:
    5,836
    Run a new HJT scan and put a check beside the following objects in the list.

    O4 - HKLM\..\Run: [win32.exe] C:\WINDOWS\win32.exe

    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/1829249...ip/RdxIE601.cab

    O19 - User stylesheet: C:\WINDOWS\win32.bmp


    Close all application windows except HJT. Close all browser windows, including this one. Click the Fix Checked button.

    Restart your computer.

    Go Here ] to do an online virus scan with HouseCalls:


    Be sure and put a check in the box by "Auto Clean" before you do the scan. If it finds anything that it cannot clean have it delete it or make a note of the file location so you can delete it yourself.

    Restart your computer. Run and post a new HJT scan.

    Any inprovement?
     
  6. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/222682

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice