1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Adware and Spyware problems

Discussion in 'Security and Privacy' started by mstakenforstars, 2004/08/21.

Thread Status:
Not open for further replies.
  1. 2004/08/21
    mstakenforstars

    mstakenforstars Inactive Thread Starter

    Joined:
    2004/08/21
    Messages:
    2
    Likes Received:
    0
    I'm so confused. I have 2 pop-up blockers and adaware and norton, and I keep getting spyware. I used Hijack this, but deleted it because I had no idea how to use it. Then I went through hundreds of files manually to delete spyware, but I accidentally deleted things I needed. I have P-Gate basic but don't know how to remove it. I really don't know anything about computers, but here is my Hijackthis log. Could someone please help? Thanks a million!

    Logfile of HijackThis v1.98.2
    Scan saved at 6:14:47 PM, on 8/21/2004
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\PackethSvc.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Compaq\Easy Access Button Support\StartEAK.exe
    C:\WINDOWS\wanmpsvc.exe
    C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE
    C:\COMPAQ\CPQINET\CPQInet.exe
    C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
    C:\Compaq\EAKDRV\EAUSBKBD.EXE
    C:\PROGRA~1\NORTON~1\navapw32.exe
    C:\documents and settings\owner\local settings\temp\f.exe
    C:\Program Files\Common Files\WinTools\WToolsS.exe
    C:\documents and settings\owner\local settings\temp\f.exe
    C:\WINDOWS\System32\bxodubo.exe
    C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\documents and settings\owner\local settings\temp\npoy.exe
    C:\documents and settings\owner\local settings\temp\jXc.exe
    C:\documents and settings\owner\local settings\temp\QN3S9.exe
    C:\Program Files\Common Files\WinTools\WToolsA.exe
    C:\WINDOWS\system32\pcs\pcsvc.exe
    C:\WINDOWS\System32\wmsdat10.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
    C:\WINDOWS\System32\SUIEXTD.exe
    C:\WINDOWS\System32\wpacrap.exe
    C:\WINDOWS\System32\DMAUDW.exe
    C:\PROGRA~1\Web Offer\wo.exe
    C:\WINDOWS\System32\BDGAEK.exe
    C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
    C:\Program Files\Common Files\WinTools\WSup.exe
    C:\Program Files\Common Files\Real\Update_OB\rnathchk.exe
    C:\WINDOWS\System32\EMBIOSO.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\Program Files\AIM95\aim.exe
    C:\WINDOWS\System32\Xya6Ew8e.exe
    C:\WINDOWS\System32\Bcs3.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\WINDOWS\System32\TMSMGRN.exe
    C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Directory 2 for hijackthis.zip\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer,SearchAssistant = http://search.microsoft.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://search.microsoft.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.microsoft.com/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.regiscollege.edu/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://default-homepage-network.com/start.cgi?new-hkcu
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = dsl
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: (no name) - {0000607D-D204-42C7-8E46-216055BF9918} - (no file)
    O2 - BHO: SDWin32 Class - {5A55B531-5ED6-4F41-A9F2-CD713179ABCE} - C:\WINDOWS\System32\cwglx.dll
    O2 - BHO: G1.GZ - {79C03BC5-6C55-4B5B-921F-C02B6F1ABD7B} - C:\DOCUME~1\ALLUSE~1\APPLIC~1\Pribi\Pribi.dll
    O2 - BHO: (no name) - {818BFBEB-BB7E-4621-BF4D-340149742C03} - C:\WINDOWS\System32\dpwsonckx.dll
    O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Search Help - {E8EAEB34-F7B5-4C55-87FF-720FAF53D841} - C:\Documents and Settings\Owner\Local Settings\Temp\t.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\Compaq\Easy Access Button Support\StartEAK.exe
    O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
    O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
    O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
    O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp3\winampa.exe "
    O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
    O4 - HKLM\..\Run: [f] C:\documents and settings\owner\local settings\temp\f.exe
    O4 - HKLM\..\Run: [qxoelpyiqqnt] C:\WINDOWS\System32\bxodubo.exe
    O4 - HKLM\..\Run: [4S2NSLA3QS#366] C:\WINDOWS\System32\KgnJ8V3.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [cwglxc] C:\WINDOWS\System32\cwglxc.exe
    O4 - HKLM\..\Run: [npoy] C:\documents and settings\owner\local settings\temp\npoy.exe
    O4 - HKLM\..\Run: [jXc] C:\documents and settings\owner\local settings\temp\jXc.exe
    O4 - HKLM\..\Run: [QN3S9] C:\documents and settings\owner\local settings\temp\QN3S9.exe
    O4 - HKLM\..\Run: [WinTools] C:\Program Files\Common Files\WinTools\WToolsA.exe
    O4 - HKLM\..\Run: [Pcsv] C:\WINDOWS\system32\pcs\pcsvc.exe
    O4 - HKLM\..\Run: [u76W33P] wmsdat10.exe
    O4 - HKLM\..\Run: [SUIEXTD] C:\WINDOWS\System32\SUIEXTD.exe
    O4 - HKLM\..\Run: [DMAUDW] C:\WINDOWS\System32\DMAUDW.exe
    O4 - HKLM\..\Run: [BDGAEK] C:\WINDOWS\System32\BDGAEK.exe
    O4 - HKLM\..\Run: [EMBIOSO] C:\WINDOWS\System32\EMBIOSO.exe
    O4 - HKLM\..\Run: [TMSMGRN] C:\WINDOWS\System32\TMSMGRN.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [WNST] C:\WINDOWS\System32\wnsapisv.exe
    O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe "
    O4 - HKCU\..\Run: [\IEService.exe] C:\DOCUME~1\ALLUSE~1\APPLIC~1\IESERV~1\IEService.exe
    O4 - HKCU\..\Run: [\Pribi.exe] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Pribi\Pribi.exe
    O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
    O4 - HKCU\..\Run: [fwp6RTjFQ] wpacrap.exe
    O4 - HKCU\..\Run: [eZWO] C:\PROGRA~1\Web Offer\wo.exe
    O4 - Global Startup: America Online Tray Icon.lnk = C:\Program Files\America Online 6.0\aoltray.exe
    O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
    O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
    O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://apple.speedera.net/qtinstall.info.apple.com/borris/us/win/QuickTimeInstaller.exe
    O16 - DPF: {AA59BA6E-B44F-4514-AB3C-0C1DD2306FC3} - http://fdl.msn.com/public/investor/v12/invinstl.exe
    O16 - DPF: {E0CE16CB-741C-4B24-8D04-A817856E07F4} - http://cabs.roings.com/cabs/mmed.cab
    O18 - Filter: text/html - {CC905FF6-B553-496C-9DFA-CFF65ADCD0FC} - C:\WINDOWS\System32\msdhmd.dll
     
    mstakenforstars,
    #1
  2. 2004/08/21
    goldienite Lifetime Subscription

    goldienite Senior Member

    Joined:
    2004/06/27
    Messages:
    131
    Likes Received:
    0
    Hi
    edit your title to Adware problems, Please help wont get anothers to look at your post.

    good luck :cool:
     
    goldienite,
    #2


  3. to hide this advert.

  4. 2004/08/21
    dobhar Lifetime Subscription

    dobhar Inactive

    Joined:
    2002/05/24
    Messages:
    924
    Likes Received:
    3
    Hi mstakenforstars...sorry to hear your having problems...

    Download and run the latest version of CWShredder from this link. Make sure you have closed all windows before runing program. Start program...Click Fix.

    Run the latest versions of Ad-aware SE (noticed you said you have Ad-Aware...is it the lastesr SE version?) and Spybot 1.3 you should do so. Download the latest versions from the following links below. Make sure you update before running programs...
    Ad-Aware SE Personal
    Spybot 1.3 - Tutorial can be found here. Only put checkmark on entries highlighted in RED.

    You should also run an "Online" virus and Trojan scan...I have added some links for those also...
    RAV - AV Scanner
    Panda - AV Scanner
    Trojan Scan - Trojan scanner

    After completing all scans run HijackThis again and post back a new log. Don't fix anything yet until someone experienced with the logs advises you to.
     
    dobhar,
    #3
  5. 2004/08/21
    mstakenforstars

    mstakenforstars Inactive Thread Starter

    Joined:
    2004/08/21
    Messages:
    2
    Likes Received:
    0
    Thanks

    Thank you SO much! I had no idea about those updates. I did everything you said and here is the second Hijack list:

    Logfile of HijackThis v1.98.2
    Scan saved at 11:02:18 PM, on 8/21/2004
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\PackethSvc.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\WINDOWS\wanmpsvc.exe
    C:\Program Files\Compaq\Easy Access Button Support\StartEAK.exe
    C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE
    C:\COMPAQ\CPQINET\CPQInet.exe
    C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
    C:\Compaq\EAKDRV\EAUSBKBD.EXE
    C:\PROGRA~1\NORTON~1\navapw32.exe
    C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe
    C:\documents and settings\owner\local settings\temp\f.exe
    C:\WINDOWS\System32\bxodubo.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Common Files\Real\Update_OB\rnathchk.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\WINDOWS\system32\pcs\pcsvc.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\AutoUpdate\AutoUpdate.exe
    C:\WINDOWS\System32\encodisc.exe
    C:\WINDOWS\System32\esesrvc.exe
    C:\Program Files\CxtPls\CxtPls.exe
    C:\Program Files\AIM95\aim.exe
    C:\WINDOWS\System32\cmd.exe
    C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer,SearchAssistant = http://search.microsoft.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://search.microsoft.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.microsoft.com/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.regiscollege.edu/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = dsl
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - Default URLSearchHook is missing
    O2 - BHO: (no name) - {01C5BF6C-E699-4CD7-BEA1-786FA05C83AB} - C:\Program Files\CxtPls\CxtPls.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: SDWin32 Class - {5A55B531-5ED6-4F41-A9F2-CD713179ABCE} - C:\WINDOWS\System32\cwglx.dll
    O2 - BHO: G1.GZ - {79C03BC5-6C55-4B5B-921F-C02B6F1ABD7B} - C:\DOCUME~1\ALLUSE~1\APPLIC~1\Pribi\Pribi.dll
    O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - (no file)
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Search Help - {E8EAEB34-F7B5-4C55-87FF-720FAF53D841} - C:\Documents and Settings\Owner\Local Settings\Temp\t.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\Compaq\Easy Access Button Support\StartEAK.exe
    O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
    O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
    O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
    O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp3\winampa.exe "
    O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
    O4 - HKLM\..\Run: [f] C:\documents and settings\owner\local settings\temp\f.exe
    O4 - HKLM\..\Run: [qxoelpyiqqnt] C:\WINDOWS\System32\bxodubo.exe
    O4 - HKLM\..\Run: [4S2NSLA3QS#366] C:\WINDOWS\System32\YtawJ.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [cwglxc] C:\WINDOWS\System32\cwglxc.exe
    O4 - HKLM\..\Run: [npoy] C:\documents and settings\owner\local settings\temp\npoy.exe
    O4 - HKLM\..\Run: [jXc] C:\documents and settings\owner\local settings\temp\jXc.exe
    O4 - HKLM\..\Run: [QN3S9] C:\documents and settings\owner\local settings\temp\QN3S9.exe
    O4 - HKLM\..\Run: [Pcsv] C:\WINDOWS\system32\pcs\pcsvc.exe
    O4 - HKLM\..\Run: [SUIEXTD] C:\WINDOWS\System32\SUIEXTD.exe
    O4 - HKLM\..\Run: [DMAUDW] C:\WINDOWS\System32\DMAUDW.exe
    O4 - HKLM\..\Run: [BDGAEK] C:\WINDOWS\System32\BDGAEK.exe
    O4 - HKLM\..\Run: [EMBIOSO] C:\WINDOWS\System32\EMBIOSO.exe
    O4 - HKLM\..\Run: [TMSMGRN] C:\WINDOWS\System32\TMSMGRN.exe
    O4 - HKLM\..\Run: [Adstartup] C:\WINDOWS\System32\automove.exe
    O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 3.9\THGuard.exe "
    O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe "
    O4 - HKLM\..\Run: [u76W33P] encodisc.exe
    O4 - HKLM\..\RunOnce: [AAW] "C:\PROGRA~1\Lavasoft\AD-AWA~2\Ad-Aware.exe" "+b1 "
    O4 - HKCU\..\Run: [fwp6RTjFQ] esesrvc.exe
    O4 - Global Startup: America Online Tray Icon.lnk = C:\Program Files\America Online 6.0\aoltray.exe
    O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
    O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
    O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://apple.speedera.net/qtinstall.info.apple.com/borris/us/win/QuickTimeInstaller.exe
    O16 - DPF: {AA59BA6E-B44F-4514-AB3C-0C1DD2306FC3} - http://fdl.msn.com/public/investor/v12/invinstl.exe
    O16 - DPF: {E0CE16CB-741C-4B24-8D04-A817856E07F4} - http://cabs.roings.com/cabs/mmed.cab
     
    mstakenforstars,
    #4
  6. 2004/08/22
    noahdfear

    noahdfear Inactive

    Joined:
    2003/04/06
    Messages:
    12,178
    Likes Received:
    15
    It looks as though you have a peper infection. Download the following fix, saving it to your desktop, then double click to open. Then click 'Find and Fix' and reboot if prompted.

    http://downloads.subratam.org/PeperFix.exe

    Reboot again when finished and post another HJT log. You also need to create a new folder, such as C:\HJT, and place HijackThis.exe in it.
     
    noahdfear,
    #5
  7. 2004/08/22
    PeteC

    PeteC SuperGeek Staff

    Joined:
    2002/05/10
    Messages:
    28,896
    Likes Received:
    389
    mstakenforstars - Welcome to the Board :)

    Please follow Posting Rules # 3 Meaningful Subject in future threads.

    Please Help gives no clue to your problem and many folk will pass by without looking and is not helpful when searching for threads on a specific problem.

    I have edited your thread title
     
    PeteC,
    #6
Thread Status:
Not open for further replies.

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...