You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an alternative browser.
You should upgrade or use an alternative browser.
I get this error, sometimes alot of times.
- Thread starter BlackPHat
- Start date
- Status
- Not open for further replies.
What should i do.kk
Logfile of HijackThis v1.99.1
Scan saved at 2:03:00 PM, on 8/7/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\zHotkey.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\a06ac0e4.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\SEMBLY~1\userinit.exe
C:\DOCUME~1\Danny\MYDOCU~1\PPPATC~1\TTRIB~1.EXE
C:\Program Files\BigFix\BigFix.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\SwiftSwitch\SwiftSwitch.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\SwiftSwitch\SwiftSwitch.exe
C:\Program Files\Hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gatewaybiz.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gatewaybiz.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.runescape.com/lang/en/aff/runescape/worldmap/popupworldmap.ws
R3 - URLSearchHook: (no name) - {09AAC085-523B-75B2-448F-25275AF2BABD} - C:\WINDOWS\system32\tbpyabu.dll
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
F0 - system.ini: Shell=Explorer.exe C:\windows\system32\edonkeyserver-2005.exe
F1 - win.ini: run=C:\windows\system32\edonkeyserver-2005.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {09AAC085-523B-75B2-448F-25275AF2BABD} - C:\WINDOWS\system32\tbpyabu.dll
O2 - BHO: (no name) - {873eb32d-ae1a-4183-89bd-45a77f761be4} - C:\WINDOWS\system32\ixt0.dll
O2 - BHO: (no name) - {A4F94C0C-54A7-4DB1-9AF3-B22E63D00309} - C:\WINDOWS\g27399968.dll
O2 - BHO: (no name) - {A4F94C0C-54A7-4DB1-9AF3-B22E63D00310} - C:\WINDOWS\system32\compstuid.dll
O2 - BHO: (no name) - {A4F94C0C-54A7-4DB1-9AF3-B22E63D00311} - C:\WINDOWS\g7724421.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: C:\WINDOWS\system32\clbcatix.dll - {D4DFC1D8-2D2E-4962-B0D0-389FBA0F76B5} - C:\WINDOWS\system32\clbcatix.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [ShowWnd] ShowWnd.exe
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [Mixersel] C:\Program Files\Realtek\InstallShield\mixersel.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [PRONoMgrWired] C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [AlcFDMonitor] C:\WINDOWS\ALCFDRTM.EXE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [PRJMUSKEYLOG] C:\Documents and Settings\Owner_2\Desktop\MUSCKEY\PRJMUSKEYLOG.exe
O4 - HKLM\..\Run: [Project1] C:\Documents and Settings\Owner_2\Desktop\MUSCKEY\Project1.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] "C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe"
O4 - HKLM\..\Run: [NAV CfgWiz] "C:\Program Files\Norton AntiVirus\CfgWiz.exe" /GUID {0D7956A2-5A08-4ec2-A72C-DF8495A66016} /MODE CfgWiz /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [a06ac0e4.exe] C:\WINDOWS\system32\a06ac0e4.exe
O4 - HKLM\..\RunServices: [GLSetIT32] C:\windows\system32\edonkeyserver-2005.exe
O4 - HKCU\..\Run: [a06ac0e4.exe] C:\Documents and Settings\Danny\Local Settings\Application Data\a06ac0e4.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Ealb] "C:\PROGRA~1\SEMBLY~1\userinit.exe" -vt yax
O4 - HKCU\..\Run: [Xmrbuqyk] C:\DOCUME~1\Danny\MYDOCU~1\PPPATC~1\TTRIB~1.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\clbcatix.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\clbcatix.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} - http://yax-download.yazzle.net/YazzleActiveX.cab?refid=1123
O16 - DPF: {97B79133-88F0-45F0-8D57-0F2EF27D9C66} - http://85.255.114.166/1/rdgUS2404.exe
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O16 - DPF: {EB6D7E70-AAA9-40D9-BA05-F214089F2275} (Vitalize Class) - http://www.clickteam.com/vitalize3/vitalize.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: sfklg.dll C:\WINDOWS\system32\smss.dll
O20 - Winlogon Notify: cfgmngr32 - C:\WINDOWS\g17914906.dll
O20 - Winlogon Notify: clbcatex - C:\WINDOWS\system32\clbcatix.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winexz32 - C:\WINDOWS\SYSTEM32\winexz32.dll
O21 - SSODL: incestuously - {03413bf7-e34c-445b-bfc0-a2b127255871} - C:\WINDOWS\system32\urroxtl.dll (file missing)
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
hmmm warez isnt online so im gonna post his guide for you..
WarezMonsters 4 Step Spyware Removal Guide
Follow these instructions carefully and do what is said. If you canÂ’t perform a step, then skip it, an example would be if you canÂ’t get into safemode to scan your system, skip it and move on to the next. Please be precise in what your problem is. The more information I have the better I can help. Please name the Trojan, virus, Spyware you have and the affects it is having on your computer. An example would be your desktop has changed and you canÂ’t change it or a program is asking you to scan your system and then once you let it scan it asks you to buy it so it can remove the problems. If you happen to view this guide before posting, please tell us that you already performed these steps so I donÂ’t waste time in posting this guide up for you. If you have dial-up, I suggest you download these programs on another computer and then transfer them to the infected computer. Please be active with your posts meaning donÂ’t come here and state your issues, then have someone help you out but then you come back 2 weeks later. These issues need to be addressed ASAP. When posting your log, donÂ’t attach your log as a text document, copy and paste it to the forum. If you donÂ’t know what you are doing, (I know you are just try to help) then please refrain from telling someone what to delete using Hijackthis as it can cause a system crash or other irreversible affects. Thanks for your cooperation.
1.) Download ALL 10 programs and update ASAP if needed.
Ad Aware SE Personal Free
Ad-aware Messenger Service Plugin
Ad-Aware VX2 Cleaner Plugin
Spybot Search and Destroy Free
HijackThis
Make sure you put Hijackthis! In the root of your drive (C:\HJT)
Ewido
CCleaner
Cleanup!
CWShredder
Msconfig Cleanup
2.) Update your System completely and remove offending programs
Make sure your system is completely updated with all of MicrosoftÂ’s Updates including SP2 This service pack fixes a lot of Spyware issues, exploits, etc. NOTE: If your system is severely infected DO NOT INSTALL SP2 DOING SO CAN/WILL RENDER YOUR SYSTEM USELESS AND WILL BE TO BE REINSTALLED. Read this as to why not to install SP2 on an infected machine
Please visit at least 2 of these free online virus scanners
http://housecall.trendmicro.com/
http://www3.ca.com/virusinfo/virusscan.aspx
http://www.pandasoftware.com/actives..._principal.htm
http://www.bitdefender.com/scan/license.php
http://us.mcafee.com/root/mfs/default.asp
http://security.symantec.com/sscv6/d...d=ie&venid=sym
Next go to Add/Remove Programs and uninstall any offending programs, here are some below: Note: If you have more than one antivirus installed, please remove one. If during the uninstall process you receive an access denied, just move on to the next one. You may be asked to visit the offending programs website to receive an uninstaller, do not do so, just ignore it, close it, and move on.
If you are no sure about a specific program, look below. All programs in this site are offending and needs to be removed ASAP, even if you paid for it.
http://www.spywarewarrior.com/rogue_anti-spyware.htm
180 Search Assistant
180Solutions
Active alert
Ad Service
AdTools
AdTools Service
Alexa toolbar
BargainBuddy
Bullseye Networks
CashBack
cosmi
DH
EasySearchBar
Elite Sidebar
Elite Toolbar
Freeze Clip Art
GAIN
Gator
Hotbar Outlook Tools
Hotbar Web Tools
HuntBar
Internet Optimizer
ISTbar
ISTSvc
MaxiFiles
Media Access
Media Gateway
MySearch
MyWay Search Bar
MyWebSearch
Morpheus Toolbar
NavExcel Search Toolbar
NavHelper
ncase
Oemji Toolbar
Open Site
Preview AdService
Search Toolbar (HuntBar/WinTools)
ShopperReports by Hotbar
Sidefind
SideSearch
Slotchbar
Software Update Manager
SurfAccuracy
SurfSideKick
Upspiral Toolbar
TurboDownload
VBouncer
Viewpoint
Viewpoint Manager
Viewpoint Media Player
WareOut
WeatherBug
Web Rebates
Web Search Toolbar (WinTools)
Webhancer
WhenU (any entry)
WeirdOnTheWeb
Windows AdService
Windows AdStatus
Windows ServeAd
WinTools
WinTools Easy Installer
WSEM Update
Download Accelerator Plus
Kazaa
Kontiki
Messenger Plus
NetPumper
NewDotNet
P2P Networking
StarWare
WildTangent
3.) MSCONFIG Entries removal
Next step is to open MSCONFIG. Go to start, run, type Msconfig, press ok, go to the startup tab, then click disable all. Now re-check your antivirus, firewall or any other program that you absolutely need to be started up each and every time windows is restarted. Now rechecking these entries right now will result in deleted entries of your programs in the next step. Then you will need to reinstall that program. Then click apply, ok, but donÂ’t reboot yet. NOTE: when you reboot, you will see the System Configuration Utility dialog box appear. Just put a checkmark in the box and press ok. NOTE: If you can not open MSCONFIG, TASK MANAGER OR REGEDIT, just move to the next step or download it to your desktop below and then perform the task:
Download MSCONFIG, REGEDIT, and TASK MANAGER to your desktop
Next run Msconfig Cleanup after you unchecked the items you were told to uncheck and recheck, click "Select All", then click "Clean up Selected", then click "Quit". Make sure your antivirus and firewall are not checked. If you delete your antivirus and firewall entries, you will need to reinstall them so be sure to check them and donÂ’t reboot.
4.) ItÂ’s time to scan your system
Start off with any Spyware program. Make sure you update it. Make sure all IE, FF, Opera windows are closed. The only program(s) that need to be running are the Spyware scanners and your antivirus. Please do not quarantine anything. Please delete everything.
For Lavasoft Adaware SE 1.6, configure it by following these steps:
Open Adaware, click on Scan Now
Then click on Use Custom Scanning Options, and then click Customize
Click on Scan within archives
Click on Advanced, then click on Move deleted files to the recycle bin
Then click on Tweak, and select Scanning Engine, then select Run Scan as a background process for low CPU usage.
Click on Tweak and choose Write protect system files after repair
Then click on Proceed and select Search for low risk threats
Click next and let it scan.
Make sure you remove every thing is finds. You may need to run this program more than once depending on how bad you are infected.
For Ad-aware Messenger Service Plugin, just install it. It may as you to reboot, donÂ’t reboot yet. You will run Adaware SE 1.6 again after you reboot. This program is a plug-in for Adaware SE along with the VX2 Cleaner.
For Spybot Search and Destroy 1.4, configure it by following these steps:
Open Spybot, make sure it is updated.
Click on Mode, then select Advanced Mode, select yes at the prompt.
Click on Settings, then scroll down the list to uncheck Create Backup Copies, there are 3 that need to be unchecked.
Then click on Tools and select Resident. Make sure Tea Timer is selected and not Ad-watch.
Then select IE Tweaks and make sure under Miscellaneous Locks that all 3 boxes are checked.
Then scan your system.
Make sure you remove every thing is finds. You may need to run this program more than once depending on how bad you are infected.
For Ewido 4.0, configure it by following these steps:
Open Ewido and make sure it is updated
Click on Scanner, then settings and put a check mark in Scan every file under What to Scan.
Ewido may find items like VNC, RadMin, or any other Remote Control Tools; if you know that those programs are legit, click on ignore and put a checkmark in the box to always perform this option for these types of programs. If it not legit, select remove.
Ewido will take a while to scan your system so be patient as this whole process can take about 15 to 30 minutes depending on the speed of your computer.
Ewido is not free and the updates will expire in 15 days. That means after 15 days you will no longer be able to update the program but you can still use it fully functional after the 15 days. On systems with 512mb memory or less, I would recommend not have it in your taskbar as it will slow your computer down.
For CCleaner, configure it by following these steps:
Open CCleaner
Click on Cleaner and make sure all the boxes are check, select yes to the prompts
Then click Run Cleaner. Put a check mark in the box then scan your system. This may take several passes to complete
After the scan complete, click on the Applications tab and click on Run Cleaner
Then click on Issues, and then click on Scan for Issues
Select yes or no if you want to have your registry backed up.
Then click on Fix Selected Issues.
For Cleanup! Just run it. If you want to run a full system scan, click on Options and select everything you want it to clean. Selecting everything will delete all your favorites so make sure that is what you want.
Then let it scan your system. When it asks you to log off, select no.
For CWShredder, just run it. It will close any IE windows you have open.
For Hijackthis!
1.Open up the Hijackthis Program
2.Click on SCAN at the bottom.
3.Once it's finished click on Save Log and save it as a .txt file. DO NOT FIX ANYTHING!!
4.Paste the log onto the forum. Do not attach it.
5.Always start a new thread. DonÂ’t add on to someone elseÂ’s thread but reply to your own thread, donÂ’t start a new one.
6.We are not here 24/7 so we will look at your issues ASAP, please donÂ’t bump it. We see that it has not been addressed yet.
WarezMonsters 4 Step Spyware Removal Guide
Follow these instructions carefully and do what is said. If you canÂ’t perform a step, then skip it, an example would be if you canÂ’t get into safemode to scan your system, skip it and move on to the next. Please be precise in what your problem is. The more information I have the better I can help. Please name the Trojan, virus, Spyware you have and the affects it is having on your computer. An example would be your desktop has changed and you canÂ’t change it or a program is asking you to scan your system and then once you let it scan it asks you to buy it so it can remove the problems. If you happen to view this guide before posting, please tell us that you already performed these steps so I donÂ’t waste time in posting this guide up for you. If you have dial-up, I suggest you download these programs on another computer and then transfer them to the infected computer. Please be active with your posts meaning donÂ’t come here and state your issues, then have someone help you out but then you come back 2 weeks later. These issues need to be addressed ASAP. When posting your log, donÂ’t attach your log as a text document, copy and paste it to the forum. If you donÂ’t know what you are doing, (I know you are just try to help) then please refrain from telling someone what to delete using Hijackthis as it can cause a system crash or other irreversible affects. Thanks for your cooperation.
1.) Download ALL 10 programs and update ASAP if needed.
Ad Aware SE Personal Free
Ad-aware Messenger Service Plugin
Ad-Aware VX2 Cleaner Plugin
Spybot Search and Destroy Free
HijackThis
Make sure you put Hijackthis! In the root of your drive (C:\HJT)
Ewido
CCleaner
Cleanup!
CWShredder
Msconfig Cleanup
2.) Update your System completely and remove offending programs
Make sure your system is completely updated with all of MicrosoftÂ’s Updates including SP2 This service pack fixes a lot of Spyware issues, exploits, etc. NOTE: If your system is severely infected DO NOT INSTALL SP2 DOING SO CAN/WILL RENDER YOUR SYSTEM USELESS AND WILL BE TO BE REINSTALLED. Read this as to why not to install SP2 on an infected machine
Please visit at least 2 of these free online virus scanners
http://housecall.trendmicro.com/
http://www3.ca.com/virusinfo/virusscan.aspx
http://www.pandasoftware.com/actives..._principal.htm
http://www.bitdefender.com/scan/license.php
http://us.mcafee.com/root/mfs/default.asp
http://security.symantec.com/sscv6/d...d=ie&venid=sym
Next go to Add/Remove Programs and uninstall any offending programs, here are some below: Note: If you have more than one antivirus installed, please remove one. If during the uninstall process you receive an access denied, just move on to the next one. You may be asked to visit the offending programs website to receive an uninstaller, do not do so, just ignore it, close it, and move on.
If you are no sure about a specific program, look below. All programs in this site are offending and needs to be removed ASAP, even if you paid for it.
http://www.spywarewarrior.com/rogue_anti-spyware.htm
180 Search Assistant
180Solutions
Active alert
Ad Service
AdTools
AdTools Service
Alexa toolbar
BargainBuddy
Bullseye Networks
CashBack
cosmi
DH
EasySearchBar
Elite Sidebar
Elite Toolbar
Freeze Clip Art
GAIN
Gator
Hotbar Outlook Tools
Hotbar Web Tools
HuntBar
Internet Optimizer
ISTbar
ISTSvc
MaxiFiles
Media Access
Media Gateway
MySearch
MyWay Search Bar
MyWebSearch
Morpheus Toolbar
NavExcel Search Toolbar
NavHelper
ncase
Oemji Toolbar
Open Site
Preview AdService
Search Toolbar (HuntBar/WinTools)
ShopperReports by Hotbar
Sidefind
SideSearch
Slotchbar
Software Update Manager
SurfAccuracy
SurfSideKick
Upspiral Toolbar
TurboDownload
VBouncer
Viewpoint
Viewpoint Manager
Viewpoint Media Player
WareOut
WeatherBug
Web Rebates
Web Search Toolbar (WinTools)
Webhancer
WhenU (any entry)
WeirdOnTheWeb
Windows AdService
Windows AdStatus
Windows ServeAd
WinTools
WinTools Easy Installer
WSEM Update
Download Accelerator Plus
Kazaa
Kontiki
Messenger Plus
NetPumper
NewDotNet
P2P Networking
StarWare
WildTangent
3.) MSCONFIG Entries removal
Next step is to open MSCONFIG. Go to start, run, type Msconfig, press ok, go to the startup tab, then click disable all. Now re-check your antivirus, firewall or any other program that you absolutely need to be started up each and every time windows is restarted. Now rechecking these entries right now will result in deleted entries of your programs in the next step. Then you will need to reinstall that program. Then click apply, ok, but donÂ’t reboot yet. NOTE: when you reboot, you will see the System Configuration Utility dialog box appear. Just put a checkmark in the box and press ok. NOTE: If you can not open MSCONFIG, TASK MANAGER OR REGEDIT, just move to the next step or download it to your desktop below and then perform the task:
Download MSCONFIG, REGEDIT, and TASK MANAGER to your desktop
Next run Msconfig Cleanup after you unchecked the items you were told to uncheck and recheck, click "Select All", then click "Clean up Selected", then click "Quit". Make sure your antivirus and firewall are not checked. If you delete your antivirus and firewall entries, you will need to reinstall them so be sure to check them and donÂ’t reboot.
4.) ItÂ’s time to scan your system
Start off with any Spyware program. Make sure you update it. Make sure all IE, FF, Opera windows are closed. The only program(s) that need to be running are the Spyware scanners and your antivirus. Please do not quarantine anything. Please delete everything.
For Lavasoft Adaware SE 1.6, configure it by following these steps:
Open Adaware, click on Scan Now
Then click on Use Custom Scanning Options, and then click Customize
Click on Scan within archives
Click on Advanced, then click on Move deleted files to the recycle bin
Then click on Tweak, and select Scanning Engine, then select Run Scan as a background process for low CPU usage.
Click on Tweak and choose Write protect system files after repair
Then click on Proceed and select Search for low risk threats
Click next and let it scan.
Make sure you remove every thing is finds. You may need to run this program more than once depending on how bad you are infected.
For Ad-aware Messenger Service Plugin, just install it. It may as you to reboot, donÂ’t reboot yet. You will run Adaware SE 1.6 again after you reboot. This program is a plug-in for Adaware SE along with the VX2 Cleaner.
For Spybot Search and Destroy 1.4, configure it by following these steps:
Open Spybot, make sure it is updated.
Click on Mode, then select Advanced Mode, select yes at the prompt.
Click on Settings, then scroll down the list to uncheck Create Backup Copies, there are 3 that need to be unchecked.
Then click on Tools and select Resident. Make sure Tea Timer is selected and not Ad-watch.
Then select IE Tweaks and make sure under Miscellaneous Locks that all 3 boxes are checked.
Then scan your system.
Make sure you remove every thing is finds. You may need to run this program more than once depending on how bad you are infected.
For Ewido 4.0, configure it by following these steps:
Open Ewido and make sure it is updated
Click on Scanner, then settings and put a check mark in Scan every file under What to Scan.
Ewido may find items like VNC, RadMin, or any other Remote Control Tools; if you know that those programs are legit, click on ignore and put a checkmark in the box to always perform this option for these types of programs. If it not legit, select remove.
Ewido will take a while to scan your system so be patient as this whole process can take about 15 to 30 minutes depending on the speed of your computer.
Ewido is not free and the updates will expire in 15 days. That means after 15 days you will no longer be able to update the program but you can still use it fully functional after the 15 days. On systems with 512mb memory or less, I would recommend not have it in your taskbar as it will slow your computer down.
For CCleaner, configure it by following these steps:
Open CCleaner
Click on Cleaner and make sure all the boxes are check, select yes to the prompts
Then click Run Cleaner. Put a check mark in the box then scan your system. This may take several passes to complete
After the scan complete, click on the Applications tab and click on Run Cleaner
Then click on Issues, and then click on Scan for Issues
Select yes or no if you want to have your registry backed up.
Then click on Fix Selected Issues.
For Cleanup! Just run it. If you want to run a full system scan, click on Options and select everything you want it to clean. Selecting everything will delete all your favorites so make sure that is what you want.
Then let it scan your system. When it asks you to log off, select no.
For CWShredder, just run it. It will close any IE windows you have open.
For Hijackthis!
1.Open up the Hijackthis Program
2.Click on SCAN at the bottom.
3.Once it's finished click on Save Log and save it as a .txt file. DO NOT FIX ANYTHING!!
4.Paste the log onto the forum. Do not attach it.
5.Always start a new thread. DonÂ’t add on to someone elseÂ’s thread but reply to your own thread, donÂ’t start a new one.
6.We are not here 24/7 so we will look at your issues ASAP, please donÂ’t bump it. We see that it has not been addressed yet.
killians45
Fully Optimized
- Messages
- 3,243
omg i went to -http://www3.ca.com/securityadvisor/virusinfo/scan.aspx
Scan Results: 41603 files scanned. 86 viruses were detected.
Scan Results: 41603 files scanned. 86 viruses were detected.
File Infection Status Path
a06ac0e4.exe Win32/Beenut!generic infected C:\Documents and Settings\Danny\Local Settings\Application Data\
!update.exe Win32/Clspring.EU infected C:\Documents and Settings\Danny\Local Settings\Temp\
temp.frB537 Win32/Clspring.EZ infected C:\Documents and Settings\Danny\Local Settings\Temp\
bgates[1].exe Win32/DlStwoyle!generic infected C:\Documents and Settings\Danny\Local Settings\Temporary Internet Files\Content.IE5\89ABCDEF\
srvflo[1].exe Win32/SillyDl.AGC infected C:\Documents and Settings\Danny\Local Settings\Temporary Internet Files\Content.IE5\89ABCDEF\
srvyqs[1].exe Win32/SillyDl.AGC infected C:\Documents and Settings\Danny\Local Settings\Temporary Internet Files\Content.IE5\GHIJKLMN\
rdgUS2404.exe Win32/SillyDl.PW infected C:\WINDOWS\Downloaded Program Files\CONFLICT.1\
rdgUS2404.exe Win32/SillyDl.PW infected C:\WINDOWS\Downloaded Program Files\CONFLICT.2\
rdgUS2404.exe Win32/SillyDl.PW infected C:\WINDOWS\Downloaded Program Files\CONFLICT.3\
rdgUS2404.exe Win32/SillyDl.PW infected C:\WINDOWS\Downloaded Program Files\
g10595734.dll Win32/Stwoyle.T infected C:\WINDOWS\
g11434546.dll Win32/Stwoyle.U infected C:\WINDOWS\
g11456343.dll Win32/Stwoyle.U infected C:\WINDOWS\
g1233656.dll Win32/Stwoyle.U infected C:\WINDOWS\
g1237796.dll Win32/Stwoyle.T infected C:\WINDOWS\
g13117078.dll Win32/Stwoyle.T infected C:\WINDOWS\
g13951984.dll Win32/Stwoyle.U infected C:\WINDOWS\
g14076156.dll Win32/Stwoyle.U infected C:\WINDOWS\
g1474265.dll Win32/Stwoyle.T infected C:\WINDOWS\
g15155218.dll Win32/Stwoyle.T infected C:\WINDOWS\
g15275937.dll Win32/Stwoyle.U infected C:\WINDOWS\
g16235484.dll Win32/Stwoyle.U infected C:\WINDOWS\
g16598531.dll Win32/Stwoyle.T infected C:\WINDOWS\
g1714796.dll Win32/Stwoyle.T infected C:\WINDOWS\
g17697468.dll Win32/Stwoyle.U infected C:\WINDOWS\
g17914906.dll Win32/Stwoyle.U infected C:\WINDOWS\
g19717500.dll Win32/Stwoyle.T infected C:\WINDOWS\
g20433062.dll Win32/Stwoyle.U infected C:\WINDOWS\
g20679234.dll Win32/Stwoyle.T infected C:\WINDOWS\
g21549000.dll Win32/Stwoyle.U infected C:\WINDOWS\
g21636531.dll Win32/Stwoyle.U infected C:\WINDOWS\
g22356843.dll Win32/Stwoyle.U infected C:\WINDOWS\
g22717046.dll Win32/Stwoyle.T infected C:\WINDOWS\
g23079656.dll Win32/Stwoyle.U infected C:\WINDOWS\
g2443109.dll Win32/Stwoyle.T infected C:\WINDOWS\
g27033515.dll Win32/Stwoyle.T infected C:\WINDOWS\
g27159687.dll Win32/Stwoyle.T infected C:\WINDOWS\
g28117546.dll Win32/Stwoyle.T infected C:\WINDOWS\
g28153515.dll Win32/Stwoyle.T infected C:\WINDOWS\
g28718484.dll Win32/Stwoyle.U infected C:\WINDOWS\
g29317531.dll Win32/Stwoyle.U infected C:\WINDOWS\
g29560140.dll Win32/Stwoyle.T infected C:\WINDOWS\
g33521406.dll Win32/Stwoyle.T infected C:\WINDOWS\
g35199078.dll Win32/Stwoyle.U infected C:\WINDOWS\
g394921.dll Win32/Stwoyle.T infected C:\WINDOWS\
g39882843.dll Win32/Stwoyle.U infected C:\WINDOWS\
g40975312.dll Win32/Stwoyle.T infected C:\WINDOWS\
g41679781.dll Win32/Stwoyle.T infected C:\WINDOWS\
g4234359.dll Win32/Stwoyle.U infected C:\WINDOWS\
g46482578.dll Win32/Stwoyle.U infected C:\WINDOWS\
g48044734.dll Win32/Stwoyle.T infected C:\WINDOWS\
g4954062.dll Win32/Stwoyle.U infected C:\WINDOWS\
g4959406.dll Win32/Stwoyle.U infected C:\WINDOWS\
g5196812.dll Win32/Stwoyle.U infected C:\WINDOWS\
g52963562.dll Win32/Stwoyle.U infected C:\WINDOWS\
g59443890.dll Win32/Stwoyle.U infected C:\WINDOWS\
g6876687.dll Win32/Stwoyle.U infected C:\WINDOWS\
g71205406.dll Win32/Stwoyle.T infected C:\WINDOWS\
g7351187.dll Win32/Stwoyle.T infected C:\WINDOWS\
g7354875.dll Win32/Stwoyle.U infected C:\WINDOWS\
g7475296.dll Win32/Stwoyle.T infected C:\WINDOWS\
g750671.dll Win32/Stwoyle.T infected C:\WINDOWS\
g7718125.dll Win32/Stwoyle.U infected C:\WINDOWS\
g8074968.dll Win32/Stwoyle.T infected C:\WINDOWS\
g9754093.dll Win32/Stwoyle.T infected C:\WINDOWS\
a06ac0e4.exe Win32/Beenut!generic infected C:\WINDOWS\system32\
clbcatix.dll Win32/Stwoyle.E infected C:\WINDOWS\system32\
isnotify.exe Win32/Moiling.CV infected C:\WINDOWS\system32\
issearch.exe Win32/Puper.FS infected C:\WINDOWS\system32\
ixt0.dll Win32/Puper.FS infected C:\WINDOWS\system32\
oins.exe Win32/Clspring!generic infected C:\WINDOWS\system32\
smss.dll Win32/Clspring.EZ infected C:\WINDOWS\system32\
tbpyabu.dll Win32/Clspring!generic infected C:\WINDOWS\system32\
winexz32.dll Win32/Nebuler.H infected C:\WINDOWS\system32\
h91746.exe Win32/Beenut!generic infected C:\WINDOWS\Temp\
win53A.tmp.exe Win32/SillyDl.AGC infected C:\WINDOWS\Temp\
win55.tmp.exe Win32/SilentCaller.Z infected C:\WINDOWS\Temp\
win553.tmp.exe Win32/SillyDl.AGC infected C:\WINDOWS\Temp\
win5C7.tmp Win32/SillyDl.AGC infected C:\WINDOWS\Temp\
win5C7.tmp.exe Win32/SillyDl.AGC infected C:\WINDOWS\Temp\
win5E4.tmp.exe Win32/SillyDl.AGC infected C:\WINDOWS\Temp\
win7B.tmp Win32/DlStwoyle!generic infected C:\WINDOWS\Temp\
win7B.tmp.exe Win32/SillyDl.AGC infected C:\WINDOWS\Temp\
win85.tmp.exe Win32/SilentCaller.Z infected C:\WINDOWS\Temp\
win90.tmp.exe Win32/SillyDl.AGC infected C:\WINDOWS\Temp\
YAXUninst.exe Win32/Clspring.EN infected C:\WINDOWS\
- Status
- Not open for further replies.
Similar threads
- Replies
- 10
- Views
- 2K
- Replies
- 16
- Views
- 2K
- Replies
- 2
- Views
- 835
