Spyware removal / tried ad-aware and spybot

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

-AnDi-

Thread Starter
Joined
Jan 18, 2005
Messages
32
Ok i thought those would help because spybot found 8 spywares and ad-aware found 366 critical objects.

However there is still a problem. The background wont go away.

Also i cannot rite click anyone on the desktop, even the icons.

Anyway I went to display in Control panel but I cant click anything under background.

Here is what the background looks like:

http://e.domaindlx.com/kimchifreak/spyware.JPG

Also I cannot use the rite click at all anywhere =(

Hijack Log:
Logfile of HijackThis v1.99.1
Scan saved at 2:33:00 PM, on 3/18/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\WINDOWS\Rhc.exe
C:\WINDOWS\System32\ntddetect.exe
C:\WINDOWS\System32\gah95on6.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Documents and Settings\Kim\Application Data\eetu.exe
C:\WINDOWS\System32\?еxplore.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\conime.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Kim\My Documents\Andrew Kim\HijackThis.exe

R3 - Default URLSearchHook is missing
O1 - Hosts: 127.0.0.3 n-glx.s-redirect.com
O1 - Hosts: 127.0.0.3 x.full-tgp.net
O1 - Hosts: 127.0.0.3 counter.sexmaniack.com
O1 - Hosts: 127.0.0.3 autoescrowpay.com
O1 - Hosts: 127.0.0.3 www.autoescrowpay.com
O1 - Hosts: 127.0.0.3 www.awmdabest.com
O1 - Hosts: 127.0.0.3 www.sexfiles.nu
O1 - Hosts: 127.0.0.3 awmdabest.com
O1 - Hosts: 127.0.0.3 sexfiles.nu
O1 - Hosts: 127.0.0.3 allforadult.com
O1 - Hosts: 127.0.0.3 www.allforadult.com
O1 - Hosts: 127.0.0.3 www.iframe.biz
O1 - Hosts: 127.0.0.3 iframe.biz
O1 - Hosts: 127.0.0.3 www.newiframe.biz
O1 - Hosts: 127.0.0.3 newiframe.biz
O1 - Hosts: 127.0.0.3 www.vesbiz.biz
O1 - Hosts: 127.0.0.3 vesbiz.biz
O1 - Hosts: 127.0.0.3 www.pizdato.biz
O1 - Hosts: 127.0.0.3 pizdato.biz
O1 - Hosts: 127.0.0.3 www.aaasexypics.com
O1 - Hosts: 127.0.0.3 aaasexypics.com
O1 - Hosts: 127.0.0.3 www.virgin-tgp.net
O1 - Hosts: 127.0.0.3 virgin-tgp.net
O1 - Hosts: 127.0.0.3 www.awmcash.biz
O1 - Hosts: 127.0.0.3 awmcash.biz
O1 - Hosts: 127.0.0.3 buldog-stats.com
O1 - Hosts: 127.0.0.3 www.buldog-stats.com
O1 - Hosts: 127.0.0.3 fregat.drocherway.com
O1 - Hosts: 127.0.0.3 slutmania.biz
O1 - Hosts: 127.0.0.3 www.slutmania.biz
O1 - Hosts: 127.0.0.3 toolbarpartner.com
O1 - Hosts: 127.0.0.3 www.toolbarpartner.com
O1 - Hosts: 127.0.0.3 www.megapornix.com
O1 - Hosts: 127.0.0.3 megapornix.com
O1 - Hosts: 127.0.0.3 www.sp2****ed.biz
O1 - Hosts: 127.0.0.3 sp2****ed.biz
O1 - Hosts: 127.0.0.3 greg-tut.com
O1 - Hosts: 127.0.0.3 www.greg-tut.com
O1 - Hosts: 127.0.0.3 nylonsexy.com
O1 - Hosts: 127.0.0.3 www.nylonsexy.com
O1 - Hosts: 127.0.0.3 vparivalka.com
O1 - Hosts: 127.0.0.3 www.vparivalka.com
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {B06D8251-6FED-4D1A-CFD0-44819AC65FC1} - C:\WINDOWS\System32\gkxb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [Qpe] C:\WINDOWS\Rhc.exe
O4 - HKLM\..\Run: [ntddetect] C:\WINDOWS\System32\ntddetect.exe
O4 - HKLM\..\Run: [gah95on6] C:\WINDOWS\System32\gah95on6.exe
O4 - HKLM\..\Run: [Cjg] C:\WINDOWS\Ged.exe
O4 - HKLM\..\Run: [Fhc] C:\WINDOWS\Ttv.exe
O4 - HKLM\..\Run: [Vup] C:\WINDOWS\System32\Mpj.exe
O4 - HKLM\..\Run: [Qqu] C:\WINDOWS\System32\Qkj.exe
O4 - HKLM\..\Run: [Tna] C:\WINDOWS\System32\Duu.exe
O4 - HKLM\..\Run: [Ace] C:\WINDOWS\Tgu.exe
O4 - HKLM\..\Run: [Ekv] C:\WINDOWS\System32\Lbf.exe
O4 - HKLM\..\Run: [Etu] C:\WINDOWS\Feh.exe
O4 - HKLM\..\Run: [Bti] C:\WINDOWS\Vhd.exe
O4 - HKLM\..\Run: [Vsi] C:\WINDOWS\Psk.exe
O4 - HKLM\..\Run: [Dnl] C:\WINDOWS\Jts.exe
O4 - HKLM\..\Run: [Cok] C:\WINDOWS\Bch.exe
O4 - HKLM\..\RunServices: [ntddetect] C:\WINDOWS\System32\ntddetect.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Qpe] C:\WINDOWS\Rhc.exe
O4 - HKCU\..\Run: [ntddetect] C:\WINDOWS\System32\ntddetect.exe
O4 - HKCU\..\Run: [Aida] C:\Documents and Settings\Kim\Application Data\eetu.exe
O4 - HKCU\..\Run: [Vfr] C:\WINDOWS\System32\?¬Oxplore.exe
O4 - HKCU\..\Run: [Cjg] C:\WINDOWS\Ged.exe
O4 - HKCU\..\Run: [Fhc] C:\WINDOWS\Ttv.exe
O4 - HKCU\..\Run: [Vup] C:\WINDOWS\System32\Mpj.exe
O4 - HKCU\..\Run: [Qqu] C:\WINDOWS\System32\Qkj.exe
O4 - HKCU\..\Run: [Tna] C:\WINDOWS\System32\Duu.exe
O4 - HKCU\..\Run: [Ace] C:\WINDOWS\Tgu.exe
O4 - HKCU\..\Run: [Ekv] C:\WINDOWS\System32\Lbf.exe
O4 - HKCU\..\Run: [Etu] C:\WINDOWS\Feh.exe
O4 - HKCU\..\Run: [Bti] C:\WINDOWS\Vhd.exe
O4 - HKCU\..\Run: [Vsi] C:\WINDOWS\Psk.exe
O4 - HKCU\..\Run: [Dnl] C:\WINDOWS\Jts.exe
O4 - HKCU\..\Run: [Cok] C:\WINDOWS\Bch.exe
O4 - Startup: Paint.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O15 - Trusted Zone: *.iframedollars.biz
O15 - Trusted Zone: *.skoobidoo.com
O15 - Trusted Zone: *.slotchbar.com
O15 - Trusted Zone: *.windupdates.com
O15 - Trusted Zone: *.iframedollars.biz (HKLM)
O15 - Trusted Zone: *.skoobidoo.com (HKLM)
O15 - Trusted Zone: *.slotchbar.com (HKLM)
O15 - Trusted Zone: *.windupdates.com (HKLM)
O15 - Trusted IP range: 213.159.117.202
O16 - DPF: {099501E5-E7D7-4B70-AEAB-E91E8F580AF0} (IntraMap2DSeoPortal Control) - http://gis.seoul.go.kr/ocx/IntraMap2DSeoPortal.cab
O16 - DPF: {1DE9BB01-B121-401D-8877-BCD5ED5B7EE5} (Tpwin Control) - http://www.crezio.com/test/leeyunho/AlwaysOn/AlwaysOn.CAB
O16 - DPF: {5AA3139C-2579-407E-B74D-742D709C16CE} (DaumGameStarter Control) - http://211.172.252.226/Launcher/DaumGameStarter.cab
O16 - DPF: {6AD92401-CE2D-452B-AA63-1291D60EC2D2} (AxINIplugin40 Control) - http://crew.asiana.co.kr/initech/plugin/axINIplugin40.cab
O16 - DPF: {79849612-A98F-45B8-95E9-4D13C7B6B35C} - http://iframedollars.biz/tb/loader2.ocx
O16 - DPF: {938527D1-CDB7-4147-998A-B20FCA5CC976} (Cdmcco Class) - http://cafeimg.hanmail.net/cab9/dmcc2.cab
O16 - DPF: {97745861-F1A6-45B2-8AD1-0C17334550E6} (YahooCabinet Control) - http://img.yahoo.co.kr/ycabinet/cab/YahooCabinet.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {EC5D5118-9FDE-4A3E-84F3-C2B711740E70} (SKCommAX Control) - http://www.youfirst.co.kr/web/Common/download/SignKorea/SKCommAX.cab
O20 - AppInit_DLLs: hn5uv8ebtm6ooj.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll
O20 - Winlogon Notify: draw32 - C:\WINDOWS\SYSTEM32\draw32.dll
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: ZESOFT - Unknown owner - C:\WINDOWS\zeta.exe (file missing)
 
Joined
Sep 7, 2004
Messages
49,014
Go to Control Panel > Display.
Click on the "Desktop" tab then click the "Customize Desktop" button.
Click on the "Web" tab.
Under "Web Pages" you should see an entry checked called something like "Security" or similar.
Select that entry and click the "Delete" button. Click OK then Apply and OK.

download http://www.mvps.org/winhelp2002/DelDomains.inf

Right click the DelDomains.inf file and click Install, making sure Internet Explorer is closed. You won't see anything happen. Give it a minute.

Note, if you use SpywareBlaster and/or IE/Spyads, it will be necessary to re-install the protection both afford. For SpywareBlaster, run the program and re-protect all items. For IE/Spyads, run the batch file and reinstall the protection.

Download About:Buster from:
http://downloads.subratam.org/AboutBuster.zip
Double click aboutbuster.exe, click Update, click OK, click Start, then click OK.

Add/remove programs remove all occurrences of viewpoint

Print this and boot to safe mode
Fix these with HJT

O2 - BHO: (no name) - {B06D8251-6FED-4D1A-CFD0-44819AC65FC1} - C:\WINDOWS\System32\gkxb.dll

O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

O4 - HKLM\..\Run: [Qpe] C:\WINDOWS\Rhc.exe
O4 - HKLM\..\Run: [ntddetect] C:\WINDOWS\System32\ntddetect.exe
O4 - HKLM\..\Run: [gah95on6] C:\WINDOWS\System32\gah95on6.exe
O4 - HKLM\..\Run: [Cjg] C:\WINDOWS\Ged.exe
O4 - HKLM\..\Run: [Fhc] C:\WINDOWS\Ttv.exe
O4 - HKLM\..\Run: [Vup] C:\WINDOWS\System32\Mpj.exe
O4 - HKLM\..\Run: [Qqu] C:\WINDOWS\System32\Qkj.exe
O4 - HKLM\..\Run: [Tna] C:\WINDOWS\System32\Duu.exe
O4 - HKLM\..\Run: [Ace] C:\WINDOWS\Tgu.exe
O4 - HKLM\..\Run: [Ekv] C:\WINDOWS\System32\Lbf.exe
O4 - HKLM\..\Run: [Etu] C:\WINDOWS\Feh.exe
O4 - HKLM\..\Run: [Bti] C:\WINDOWS\Vhd.exe
O4 - HKLM\..\Run: [Vsi] C:\WINDOWS\Psk.exe
O4 - HKLM\..\Run: [Dnl] C:\WINDOWS\Jts.exe
O4 - HKLM\..\Run: [Cok] C:\WINDOWS\Bch.exe
O4 - HKLM\..\RunServices: [ntddetect] C:\WINDOWS\System32\ntddetect.exe

O4 - HKCU\..\Run: [Qpe] C:\WINDOWS\Rhc.exe
O4 - HKCU\..\Run: [ntddetect] C:\WINDOWS\System32\ntddetect.exe
O4 - HKCU\..\Run: [Aida] C:\Documents and Settings\Kim\Application Data\eetu.exe
O4 - HKCU\..\Run: [Vfr] C:\WINDOWS\System32\?¬Oxplore.exe
O4 - HKCU\..\Run: [Cjg] C:\WINDOWS\Ged.exe
O4 - HKCU\..\Run: [Fhc] C:\WINDOWS\Ttv.exe
O4 - HKCU\..\Run: [Vup] C:\WINDOWS\System32\Mpj.exe
O4 - HKCU\..\Run: [Qqu] C:\WINDOWS\System32\Qkj.exe
O4 - HKCU\..\Run: [Tna] C:\WINDOWS\System32\Duu.exe
O4 - HKCU\..\Run: [Ace] C:\WINDOWS\Tgu.exe
O4 - HKCU\..\Run: [Ekv] C:\WINDOWS\System32\Lbf.exe
O4 - HKCU\..\Run: [Etu] C:\WINDOWS\Feh.exe
O4 - HKCU\..\Run: [Bti] C:\WINDOWS\Vhd.exe
O4 - HKCU\..\Run: [Vsi] C:\WINDOWS\Psk.exe
O4 - HKCU\..\Run: [Dnl] C:\WINDOWS\Jts.exe
O4 - HKCU\..\Run: [Cok] C:\WINDOWS\Bch.exe
O4 - Startup: Paint.exe

O15 - Trusted Zone: *.iframedollars.biz
O15 - Trusted Zone: *.skoobidoo.com
O15 - Trusted Zone: *.slotchbar.com
O15 - Trusted Zone: *.windupdates.com
O15 - Trusted Zone: *.iframedollars.biz (HKLM)
O15 - Trusted Zone: *.skoobidoo.com (HKLM)
O15 - Trusted Zone: *.slotchbar.com (HKLM)
O15 - Trusted Zone: *.windupdates.com (HKLM)
O15 - Trusted IP range: 213.159.117.202

O16 - DPF: {79849612-A98F-45B8-95E9-4D13C7B6B35C} - http://iframedollars.biz/tb/loader2.ocx

O20 - AppInit_DLLs: hn5uv8ebtm6ooj.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll. dll.dll.dll.dll.dll

O20 - Winlogon Notify: draw32 - C:\WINDOWS\SYSTEM32\draw32.dll

O23 - Service: ZESOFT - Unknown owner - C:\WINDOWS\zeta.exe (file missing)

View Hidden Files
Open Windows Explorer. Go to Tools, Folder Options and click on the View tab.
Make sure that "Show hidden files and folders" is checked.
Also uncheck "Hide protected operating system files".
Uncheck hide extensions
Now click "Apply to all folders", Click "Apply" then "OK"

Delete these files

C:\WINDOWS\System32\gkxb.dll
C:\WINDOWS\Rhc.exe
C:\WINDOWS\System32\ntddetect.exe
C:\WINDOWS\System32\gah95on6.exe
C:\WINDOWS\Ged.exe
C:\WINDOWS\Ttv.exe
C:\WINDOWS\System32\Mpj.exe
C:\WINDOWS\System32\Qkj.exe
C:\WINDOWS\System32\Duu.exe
C:\WINDOWS\Tgu.exe
C:\WINDOWS\System32\Lbf.exe
C:\WINDOWS\Feh.exe
C:\WINDOWS\Vhd.exe
C:\WINDOWS\Psk.exe
C:\WINDOWS\Jts.exe
C:\WINDOWS\Bch.exe
C:\WINDOWS\System32\ntddetect.exe
C:\Documents and Settings\Kim\Application Data\eetu.exe
C:\WINDOWS\System32\?¬Oxplore.exe
C:\WINDOWS\System32\Paint.exe
C:\WINDOWS\System32\ hn5uv8ebtm6ooj.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll. dll.dll.dll.dll.dll
C:\WINDOWS\SYSTEM32\draw32.dll

START – RUN – key in %temp% OK - Edit – Select all – File – Delete
Delete everything in the C:\Windows\Temp folder or C:\WINNT\temp
Empty the recycle bin
Boot and post a new log
 

-AnDi-

Thread Starter
Joined
Jan 18, 2005
Messages
32
"Select that entry and click the "Delete" button. Click OK then Apply and OK."

There is nothing there.

also I cant rite click anything on the computer anything excpet start button icons and stuff on the internet.
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Members online

Top