Skip to main content
Start a Conversation

Unsolved

This post is more than 5 years old

gregandtammy

11 Posts

3209

October 13th, 2004 13:00

I need help I have a spyware adware problem I think......

Here is my Hijack This log.....can someone please help me.  I can not even install windows updates.
 
 
 
Logfile of HijackThis v1.98.2
Scan saved at 10:27:55 AM, on 10/13/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Windows SyncroAd\SyncroAd.exe
C:\WINDOWS\system32\tbctray.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\Hewlett-Packard\AiO\hp psc 900 series\Bin\hpobrt07.exe
C:\Program Files\Intuit\QuickBooks Pro\Components\QBAgent\qbdagent2002.exe
C:\Program Files\Windows SyncroAd\WinSync.exe
C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe
C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe
C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOFXM07.exe
C:\WINDOWS\System32\hpoipm07.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Trend Micro\Internet Security\tmproxy.exe
C:\Program Files\Trend Micro\Internet Security\PccPfw.exe
C:\Program Files\Trend Micro\Internet Security\Tmntsrv.exe
C:\Program Files\Trend Micro\Internet Security\PCClient.EXE
C:\Program Files\Trend Micro\Internet Security\PCCGUIDE.EXE
C:\Program Files\Trend Micro\Internet Security\TMOAgent.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\New Folder\HijackThis.exe
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.02.3000.1002\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O2 - BHO: ADP UrlCatcher Class - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - C:\WINDOWS\System32\msbe.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe"
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security\pccguide.exe"
O4 - HKLM\..\Run: [PCClient.exe] "C:\Program Files\Trend Micro\Internet Security\PCClient.exe"
O4 - HKLM\..\Run: [TM Outbreak Agent] "C:\Program Files\Trend Micro\Internet Security\TMOAgent.exe" /run
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "C:\PROGRA~1\AIM\\DeadAIM.ocm",ExportedCheckODLs
O4 - HKLM\..\Run: [Windows SyncroAd] C:\Program Files\Windows SyncroAd\SyncroAd.exe
O4 - HKLM\..\Run: [WebRebates0] "C:\Program Files\Web_Rebates\WebRebates0.exe"
O4 - HKLM\..\Run: [TraySantaCruz] C:\WINDOWS\system32\tbctray.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\RunOnce: [RemoveTempFiles] C:\PROGRA~1\MUSICM~1\MUSICM~2\rundll32.exe C:\PROGRA~1\MUSICM~1\MUSICM~2\mminstall.dll,_ExportRemDirAndContents@16 C:\WINDOWS\temp\mmjb_temp
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Global Startup: HPAiODevice(hp psc 900 series) - 1.lnk = C:\Program Files\Hewlett-Packard\AiO\hp psc 900 series\Bin\hpobrt07.exe
O4 - Global Startup: QuickBooks 2002 Delivery Agent.lnk = C:\Program Files\Intuit\QuickBooks Pro\Components\QBAgent\qbdagent2002.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Web Rebates - file://C:\Program Files\Web_Rebates\Sy1150\Tp1150\scri1150a.htm
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: Yahoo! Freecell Solitaire - http://yog55.games.scd.yahoo.com/yog/y/fs10_x.cab
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_file.php?bt=ie&p=4e2fe0f01d3c952e6d384697f56ea291d476d6a5c3fb7feba963d66d2d60b787f8baff8b35c2c5cfc39ca44b4686764c90ad2d0ea95e2dc68c0c85897c6d99a421:1616f1ee1695779646f1667345607db7
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab

jamez kann

2 Intern

 • 

860 Posts

October 13th, 2004 16:00

Getting the Essential tools to get rid of spyware and protecting your system (Mandatory
everyone needs theses tools)
The presence of bulk parasites can make it very difficult to detect critical symptoms of major
infections. We need to clear them out first. Please co-operate when asked to run Spybot . We have
to create a level playing field to work with.
Install Spybot - Search and Destroy - Install and download Spybot - Search and Destroy with its
TeaTimer option. This will provide real-time spyware & hijacker protection on your computer
alongside your virus protection. You should also scan your computer with program on a regular
basis just as you would an antivirus software.
A. Download Spybot Search and Destroy
Once downloaded, install it and choose the appropriate language. Before running a full system
scan it is crucial that you update Spybot’s database for additions of known threats, this
increases your chances of solving your problem. Once it has updated run a full system scan and
fix anything in red.

B Download Ad-aware SE Personal 1.03 and install it.
This is the only general-purpose parasite detector and cleaner that I can unconditionally
recommend to users of all levels. Not only is it a great program, it is also the safest of them
all. I have never known Ad-Aware to seriously damage a computer (except one time on a highly
compromised computer, and then the damage was easily reversible), and can’t say that about other
similar programs. NOTE: The latest version, Ad-Aware SE, no longer works with Windows 95.
Every one of you should download Ad-Aware, install it, update it, and run it now if you don’t
already have it. In my experience, it is always safe to let Ad-Aware remove anything it finds.
(On Windows 2000 or XP you will need to have administrator privileges to run it.)
Ad-Aware, like all similar software, at least has the potential of causing serious problems.
Though I have never encountered such problems, minor issues, such as loss of network or Internet
connectivity, have been reported by others. In the unlikely event that some such problem occurs
on your system, open the quarantine list and selectively restore quarantined items.
Tutorial using Ad-aware to remove Spyware & Hijackers from Your Computer.
 
Hijackthis is an  Advanced Tools needed to be run ONLY If asked by the Experts at the Sites listed below ask you to run it and you have run all the essential programs listed above
Site 2 Kill Spyware
Hijackthis removal forum at Kill Spyware Forums
http://forums.subratam.org/index.php?showforum=7
Tools needed to get help http://forums.subratam.org/index.php?showtopic=7
Forum Led by: Forum Moderators,subratam,baskar1234(DELL REGULAR),efwis,Metallica,psyne, SpyDie,
normmork, Admin,chrisRLG(DELL REGULAR)

Site 3. Bleeping Computers
Hijackthis removal forum at Bleeping Computers
http://www.bleepingcomputer.com/forums/forum22.html
Tutorials at Bleeping computers
HijackThis Tutorial - How to use HijackThis to remove Browser Hijackers & Spyware
http://www.bleepingcomputer.com/forums/tutorial42.html

Forum Led by: Moderators, Global Moderator, groovicus,Grinler(DELL REGULAR),harrywaldron,Papakid,

Dave Lyle

2 Intern

 • 

2K Posts

October 13th, 2004 18:00

Hello Greg or Tammy and welcome to DCF.

Open Control Panel then Add/Remove Programs. Look for the following and uninstall them if found:

Webrebates
Viewpoint Media Player <-- Optional, see Kephyr.com info
SyncroAd
WindUpdates

Start HJT and click on the SCAN button. Put a check mark in front of the following lines if they
still show:

O2 - BHO: ADP UrlCatcher Class - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - C:\WINDOWS\System32\msbe.dll
O4 - HKLM\..\Run: [Windows SyncroAd] C:\Program Files\Windows SyncroAd\SyncroAd.exe
O4 - HKLM\..\Run: [WebRebates0] "C:\Program Files\Web_Rebates\WebRebates0.exe"

O8 - Extra context menu item: Web Rebates - file://C:\Program Files\Web_Rebates\Sy1150\Tp1150\scri1150a.htm

O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_file.php?bt=ie&p=
4e2fe0f01d3c952e6d384697f56ea291d476d6a5c3fb7feba963d66d2d60b787f8baff8b35c2c5cfc39ca44b4686764
c90ad2d0ea95e2dc68c0c85897c6d99a421:1616f1ee1695779646f1667345607db7

If removing Viewpoint Media Player, also check this line if it still shows:

O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

With ALL OTHER WINDOWS CLOSED, click on Fix Checked.

Reboot into Safe Mode and enable viewing of Hidden and System files. Open Windows Explorer (Windows key+e), drill down
and delete the following files and folders if found:

C:\WINDOWS\System32\ msbe.dll <--File
C:\Program Files\ Windows SyncroAd <--Folder
C:\Program Files\ Web_Rebates <--Folder
C:\Program Files\ Viewpoint <--Folder Only if removing Viewpoint Media Player

Reboot and post a new HJT log.

Was this post helpful?

View All

No Events found!

Top