Spyware/Adware problem

Discussion in 'Windows - Virus and spyware problems' started by n9103, Nov 3, 2006.

  1. n9103

    n9103 Member

    Joined:
    Nov 3, 2006
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    11
    Logfile of HijackThis v1.99.1
    Scan saved at 4:46:20 AM, on 11/4/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\BELKIN USB Wireless Monitor\WLService.exe
    C:\Program Files\BELKIN USB Wireless Monitor\WLanCfgG.exe
    C:\WINDOWS\system32\cisvc.exe
    C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
    C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
    C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
    C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
    C:\Program Files\Dell\Media Experience\DMXLauncher.exe
    C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
    C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe
    C:\Program Files\BELKIN USB Wireless Monitor\InfoMyCa.exe
    C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
    C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
    C:\WINDOWS\system32\cidaemon.exe
    C:\WINDOWS\system32\ishost.exe
    C:\WINDOWS\system32\ismini.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\HJT\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=1061013
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=1061013
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
    R3 - Default URLSearchHook is missing
    O3 - Toolbar: ToolBar888 - {C004DEC2-2623-438e-9CA2-C9043AB28508} - C:\Program Files\Common Files\{38210A77-0850-1033-0814-060227060001}\MyToolBar.dll
    O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
    O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
    O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
    O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe"
    O4 - HKLM\..\Run: [Getca] C:\Program Files\BELKIN USB Wireless Monitor\InfoMyCa.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [CTDrive] rundll32.exe C:\WINDOWS\system32\drvvol.dll,startup
    O4 - HKLM\..\Run: [alsozab.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\alsozab.dll,revmgye
    O4 - HKCU\..\Run: [OE_OEM] "C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe"
    O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
    O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1161236605062
    O23 - Service: Belkin 54Mbps Wireless USB Network Service (Belkin 54Mbps Wireless USB) - Unknown owner - C:\Program Files\BELKIN USB Wireless Monitor\WLService.exe
    O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
    O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
    O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
    O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
    O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
     
    Last edited: Nov 4, 2006
    n9103, Nov 3, 2006
    #1
  2. n9103

    n9103 Member

    Joined:
    Nov 3, 2006
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    11
    still need help...
     
    n9103, Nov 3, 2006
    #2
  3. Dunker

    Dunker Regular member

    Joined:
    May 8, 2006
    Messages:
    1,290
    Likes Received:
    0
    Trophy Points:
    46
    I see the Vundo trojan. Download Vundofix and follow the instructions here->http://forums.techguy.org/t406818.html
    You might also want to run Smitfraudfix and AVG Anti-Spyware (a.k.a. Ewido) since you make also have SpywareQuake/Spy-Sheriff/etc.

    Here are the problematic component:
    O2 - BHO: (no name) - {2B1B63E0-D818-4FB0-A504-DB8546149ABB} - C:\WINDOWS\system32\tuvuvtq.dll
    O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~1\FlashGet\jccatch.dll
    O2 - BHO: (no name) - {3567F1F0-BFD3-4947-AFD9-A0475AE019C6} - C:\WINDOWS\system32\jkkjk.dll
    O2 - BHO: (no name) - {F18F04B0-9CF1-4b93-B004-77A288BEE28B} - C:\WINDOWS\system32\ekliccjb.dll
    O4 - HKLM\..\Run: [CTDrive] rundll32.exe C:\WINDOWS\system32\drvcac.dll,startup

    Although unrelated, I'd also get rid of this:
    O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
     
    Dunker, Nov 3, 2006
    #3
  4. n9103

    n9103 Member

    Joined:
    Nov 3, 2006
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    11
    Ok, I've tried a dozen different attempts to get rid of it, and none of them work.
    Don't refer me to another post that's old, and no longer applies because either the tools or the problem changed since the post was written.

    Updated HJT log to get a precise response.
     
    Last edited: Nov 4, 2006
    n9103, Nov 4, 2006
    #4

Share This Page