Options
Spyware is eating my computer
Hey, I'm totally new to this but my brother pretty much let spyware take over his laptop and I am trying to fix it but don't exactly know much about fixing computers. Here's the HijackThis log from the laptop:
Logfile of HijackThis v1.98.0
Scan saved at 6:57:11 PM, on 7/20/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\runservice.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton Utilities\NPROTECT.EXE
C:\Program Files\Speed Disk\nopdb.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Pulse\Pulse.exe
C:\Program Files\I8kfanGUI\i8kfangui.exe
C:\Program Files\Norton Utilities\SYSDOC32.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\RegCleaner\RegCleanr.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\javave.exe
C:\WINDOWS\system32\apijt32.exe
C:\Documents and Settings\Anna\Local Settings\Temp\hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\pqegg.dll/sp.html#37794
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\pqegg.dll/sp.html#37794
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\pqegg.dll/sp.html#37794
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
R3 - Default URLSearchHook is missing
F0 - system.ini: Shell=
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,
O2 - BHO: (no name) - {C0B52B25-F1C7-7AED-5588-35199E367342} - C:\WINDOWS\addwz.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [javave.exe] C:\WINDOWS\javave.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\RunOnce: [msxw.exe] C:\WINDOWS\msxw.exe
O4 - HKLM\..\RunOnce: [sdkil.exe] C:\WINDOWS\system32\sdkil.exe
O4 - HKLM\..\RunOnce: [msmp32.exe] C:\WINDOWS\system32\msmp32.exe
O4 - HKLM\..\RunOnce: [apiva.exe] C:\WINDOWS\system32\apiva.exe
O4 - HKLM\..\RunOnce: [netpl32.exe] C:\WINDOWS\netpl32.exe
O4 - HKLM\..\RunOnce: [mswa.exe] C:\WINDOWS\mswa.exe
O4 - HKLM\..\RunOnce: [apijt32.exe] C:\WINDOWS\system32\apijt32.exe
O4 - HKLM\..\RunOnce: [appbv32.exe] C:\WINDOWS\system32\appbv32.exe
O4 - HKLM\..\RunOnce: [apiyj32.exe] C:\WINDOWS\system32\apiyj32.exe
O4 - HKLM\..\RunOnce: [iphd.exe] C:\WINDOWS\system32\iphd.exe
O4 - HKLM\..\RunOnce: [syssr.exe] C:\WINDOWS\system32\syssr.exe
O4 - HKLM\..\RunOnce: [netrv.exe] C:\WINDOWS\netrv.exe
O4 - HKLM\..\RunOnce: [iepj.exe] C:\WINDOWS\iepj.exe
O4 - HKLM\..\RunOnce: [apppa32.exe] C:\WINDOWS\system32\apppa32.exe
O4 - HKLM\..\RunOnce: [appyw.exe] C:\WINDOWS\appyw.exe
O4 - HKLM\..\RunOnce: [appre.exe] C:\WINDOWS\system32\appre.exe
O4 - HKLM\..\RunOnce: [atlvm32.exe] C:\WINDOWS\system32\atlvm32.exe
O4 - HKLM\..\RunOnce: [sdksc.exe] C:\WINDOWS\sdksc.exe
O4 - HKLM\..\RunOnce: [atlum32.exe] C:\WINDOWS\atlum32.exe
O4 - HKCU\..\Run: [Pulse] C:\Program Files\Pulse\Pulse.exe -splash
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [i8kfangui] C:\Program Files\I8kfanGUI\i8kfangui.exe /startup
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: adobe gamma loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Norton System Doctor.lnk = C:\Program Files\Norton Utilities\SYSDOC32.EXE
O8 - Extra context menu item: &iSearch The Web - res://C:\WINDOWS\System32\iSearch\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O18 - Protocol: icoo - {4A8DADD4-5A25-4D41-8599-CB7458766220} - (no file)
Help? Please?
-Anna
Logfile of HijackThis v1.98.0
Scan saved at 6:57:11 PM, on 7/20/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\runservice.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton Utilities\NPROTECT.EXE
C:\Program Files\Speed Disk\nopdb.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Pulse\Pulse.exe
C:\Program Files\I8kfanGUI\i8kfangui.exe
C:\Program Files\Norton Utilities\SYSDOC32.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\RegCleaner\RegCleanr.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\javave.exe
C:\WINDOWS\system32\apijt32.exe
C:\Documents and Settings\Anna\Local Settings\Temp\hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\pqegg.dll/sp.html#37794
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\pqegg.dll/sp.html#37794
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\pqegg.dll/sp.html#37794
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
R3 - Default URLSearchHook is missing
F0 - system.ini: Shell=
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,
O2 - BHO: (no name) - {C0B52B25-F1C7-7AED-5588-35199E367342} - C:\WINDOWS\addwz.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [javave.exe] C:\WINDOWS\javave.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\RunOnce: [msxw.exe] C:\WINDOWS\msxw.exe
O4 - HKLM\..\RunOnce: [sdkil.exe] C:\WINDOWS\system32\sdkil.exe
O4 - HKLM\..\RunOnce: [msmp32.exe] C:\WINDOWS\system32\msmp32.exe
O4 - HKLM\..\RunOnce: [apiva.exe] C:\WINDOWS\system32\apiva.exe
O4 - HKLM\..\RunOnce: [netpl32.exe] C:\WINDOWS\netpl32.exe
O4 - HKLM\..\RunOnce: [mswa.exe] C:\WINDOWS\mswa.exe
O4 - HKLM\..\RunOnce: [apijt32.exe] C:\WINDOWS\system32\apijt32.exe
O4 - HKLM\..\RunOnce: [appbv32.exe] C:\WINDOWS\system32\appbv32.exe
O4 - HKLM\..\RunOnce: [apiyj32.exe] C:\WINDOWS\system32\apiyj32.exe
O4 - HKLM\..\RunOnce: [iphd.exe] C:\WINDOWS\system32\iphd.exe
O4 - HKLM\..\RunOnce: [syssr.exe] C:\WINDOWS\system32\syssr.exe
O4 - HKLM\..\RunOnce: [netrv.exe] C:\WINDOWS\netrv.exe
O4 - HKLM\..\RunOnce: [iepj.exe] C:\WINDOWS\iepj.exe
O4 - HKLM\..\RunOnce: [apppa32.exe] C:\WINDOWS\system32\apppa32.exe
O4 - HKLM\..\RunOnce: [appyw.exe] C:\WINDOWS\appyw.exe
O4 - HKLM\..\RunOnce: [appre.exe] C:\WINDOWS\system32\appre.exe
O4 - HKLM\..\RunOnce: [atlvm32.exe] C:\WINDOWS\system32\atlvm32.exe
O4 - HKLM\..\RunOnce: [sdksc.exe] C:\WINDOWS\sdksc.exe
O4 - HKLM\..\RunOnce: [atlum32.exe] C:\WINDOWS\atlum32.exe
O4 - HKCU\..\Run: [Pulse] C:\Program Files\Pulse\Pulse.exe -splash
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [i8kfangui] C:\Program Files\I8kfanGUI\i8kfangui.exe /startup
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: adobe gamma loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Norton System Doctor.lnk = C:\Program Files\Norton Utilities\SYSDOC32.EXE
O8 - Extra context menu item: &iSearch The Web - res://C:\WINDOWS\System32\iSearch\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O18 - Protocol: icoo - {4A8DADD4-5A25-4D41-8599-CB7458766220} - (no file)
Help? Please?
-Anna
0
Comments
http://www.short-media.com/forum/showthread.php?t=14915
and if you've already done anything to try to fix a problem, can you tell us?