Options

How do I keep spywares from reinstalling?

Unknown
edited March 2005 in Spyware & Virus Removal
How do I keep spywares from reinstalling on restart? Anytime I remove spywares from my computer with 4 different Anti-spyware programs, the spywares reinstall themselves. I have now removed them manually but I am afraid they could reinstall on reboot. How do I prevent this?

Comments

  • citrus
    edited March 2005
    Wow! Wow!! Wow!!! I think I did it! I restarted my computer and nothing came up again, my spyware scanner also detected nothing! Please check the log to see if it's completely clean.

    ****************************************
    Bazooka Scanner v1.13.02
    http://www.kephyr.com/spywarescanner/
    http://www.kephyr.com/spywarescanner/library/
    support@kephyr.com
    Log created 16:49:55.
    OS: Windows NT 5.1
    Database version: 2.720000
    Database format version: 1.020000
    Database date: 20050225
    Current date: 2005-03-11 16:49


    ****************************************
    Result when scanning:

    No threats found.
    ****************************************
    Auto start entries:
    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini
    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe /start
    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini
    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe /start
    C:\Documents and Settings\piii\Start Menu\Programs\Startup\desktop.ini
    C:\Documents and Settings\piii\Start Menu\Programs\Startup\desktop.ini

    Go here to analyse the startup entries and the associated files:
    http://www.kephyr.com/filedb/index.php

    ****************************************
    Run entries:
    ccApp C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\ccApp

    ccRegVfy C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\ccRegVfy

    Advanced Tools Check C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\Advanced Tools Check

    LogitechVideoRepair C:\Program Files\Logitech\Video\ISStart.exe
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\LogitechVideoRepair

    LogitechVideoTray C:\Program Files\Logitech\Video\LogiTray.exe
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\LogitechVideoTray

    QuickTime Task "C:\Program Files\QuickTime\qttask.exe" -atboottime
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\QuickTime Task

    WinampAgent C:\Program Files\Winamp\winampa.exe
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\WinampAgent

    gcasServ "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\gcasServ

    LDM C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\LDM

    Skype "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\Skype

    SpySweeper "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\SpySweeper


    Go here to analyse the run entries and the associated files:
    http://www.kephyr.com/filedb/index.php

    ****************************************
    Browser helper objects:

    {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} not set C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}

    {53707962-6F74-2D53-2644-206D7942484F} not set C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}

    {9394EDE7-C8B5-483E-8773-474BF36AF6E4} not set C:\Program Files\MSN Apps\ST\01.02.3000.1002\en-xu\stmain.dll
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9394EDE7-C8B5-483E-8773-474BF36AF6E4}

    {AA58ED58-01DD-4d91-8333-CF10577473F7} not set c:\program files\google\googletoolbar1.dll
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}

    {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} not set C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}

    {BDF3E430-B101-42AD-A544-FADC6B084872} not set C:\Program Files\Norton AntiVirus\NavShExt.dll
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDF3E430-B101-42AD-A544-FADC6B084872}


    ****************************************
    Toolbars:

    {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} C:\Program Files\Norton AntiVirus\NavShExt.dll
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}

    {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}

    {2318C2B1-4965-11d4-9B18-009027A5CD4F} c:\program files\google\googletoolbar1.dll
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{2318C2B1-4965-11d4-9B18-009027A5CD4F}

    {01E04581-4EEE-11D0-BFE9-00AA005B4383} C:\WINDOWS\System32\browseui.dll
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser\{01E04581-4EEE-11D0-BFE9-00AA005B4383}

    {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} C:\Program Files\Norton AntiVirus\NavShExt.dll
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}

    {2318C2B1-4965-11D4-9B18-009027A5CD4F} c:\program files\google\googletoolbar1.dll
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser\{2318C2B1-4965-11D4-9B18-009027A5CD4F}

    {01E04581-4EEE-11D0-BFE9-00AA005B4383} C:\WINDOWS\System32\browseui.dll
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{01E04581-4EEE-11D0-BFE9-00AA005B4383}

    {0E5CBF21-D15F-11D0-8301-00AA005B4383} C:\WINDOWS\system32\SHELL32.dll
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{0E5CBF21-D15F-11D0-8301-00AA005B4383}

    {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}

    {2318C2B1-4965-11D4-9B18-009027A5CD4F} c:\program files\google\googletoolbar1.dll
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{2318C2B1-4965-11D4-9B18-009027A5CD4F}

    {4528BBE0-4E08-11D5-AD55-00010333D0AD} C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4528BBE0-4E08-11D5-AD55-00010333D0AD}

    {4D5C8C25-D075-11d0-B416-00C04FB90376} C:\WINDOWS\System32\shdocvw.dll
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}

    {32683183-48a0-441b-a342-7c2a440a9478} Error when opening a registry key, the key doesn't exist. Key: HKEY_CLASSES_ROOT\CLSID\{32683183-48a0-441b-a342-7c2a440a9478}\InprocServer32

    System error message: The system cannot find the file specified.

    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478}

    {4528BBE0-4E08-11D5-AD55-00010333D0AD} C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4528BBE0-4E08-11D5-AD55-00010333D0AD}

    {C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1} C:\WINDOWS\system32\SHELL32.dll
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1}

    {EFA24E64-B078-11D0-89E4-00C04FC9E26E} C:\WINDOWS\System32\shdocvw.dll
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{EFA24E64-B078-11D0-89E4-00C04FC9E26E}


    ****************************************
    All processes:

    [System Process]
    System
    smss.exe
    csrss.exe
    winlogon.exe
    services.exe
    lsass.exe
    svchost.exe
    svchost.exe
    svchost.exe
    svchost.exe
    svchost.exe
    spoolsv.exe
    ccEvtMgr.exe
    Navapsvc.exe
    NPROTECT.EXE
    svchost.exe
    alg.exe
    wscntfy.exe
    explorer.exe
    ccApp.exe
    LogiTray.exe
    qttask.exe
    winampa.exe
    gcasServ.exe
    LogitechDesktopMessenger.exe
    SpySweeper.exe
    gcasDtServ.exe
    LVCOMSX.EXE
    FxSvr2.exe
    NMain.exe
    NAVW32.exe
    iexplore.exe
    msnappau.exe
    spywarescanner.exe
    msmsgs.exe

    Go here to analyse the running processes:
    http://www.kephyr.com/filedb/index.php

    ****************************************
    Internet Explorer Settings:

    Default_Page_URL http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL

    Default_Search_URL http://home.microsoft.com/search/search.asp
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL

    Local Page C:\WINDOWS\System32\blank.htm
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page

    Search Bar http://home.microsoft.com/search/lobby/search.asp
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Bar

    Search Page http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page

    Start Page http://www.msn.com
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page

    SearchAssistant http://www.google.com/ie
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant

    CustomizeSearch http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch

    http://
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix\

    www http://
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\www

    http://home.microsoft.com/access/autosearch.asp?p=%s
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl\

    provider gogl
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl\provider

    Local Page C:\WINDOWS\system32\blank.htm
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page

    Search Bar http://home.microsoft.com/search/lobby/search.asp
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Bar

    Search Page http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page

    Start Page http://mail.yahoo.com/
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page

    Use Search Asst no
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Use Search Asst

    SearchAssistant
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\SearchAssistant

    CustomizeSearch
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\CustomizeSearch


    ****************************************
    Thank you!!!
Sign In or Register to comment.