41 users online (1 members and 40 guests)  

Thread: Spyware help


  Results 1 to 10 of 10

Related

  1. Phone Home Spyware    Forum: Webmaster Ethics
    Replies: 6
  2. Aluria spyware    Forum: Webmaster Ethics
    Replies: 0
  3. Article: Kazaa Lite: No Spyware Aftertaste    Forum: Webmaster Ethics
    Replies: 2
  4. Warning - Spyware Programs that KILL affiliate cookies    Forum: Affiliate Marketing and Reseller Programs
    Replies: 6
  5. Opera 7 is spyware? Or is this old news?    Forum: Webmaster Ethics
    Replies: 4
  1. #1
    Main Source's Avatar
    Junior Member

    Status
    Offline
    Join Date
    Dec 2003
    Posts
    29

    Spyware help

    Hi Guys,

    My background is all blue and it says that I need to use my anti-virus and spyware remoalprograms to fix it. I did use both my anti-virus and spyware removal programs. The problem is still there. Also, my Internet Explorer homepage is also changed and I can't change it back. Can anybody give me some tips? I use both Lavasoft Ad-Aware and Spybot. Thanks in advance.

  2. #2
    HTML's Avatar
    Administrator

    Status
    Offline
    Join Date
    Aug 2000
    Posts
    3,445

    Follow HTML On Twitter Add HTML on Facebook Add HTML on Google+ Add HTML on Linkedin Visit HTML's Youtube Channel

    Re: Spywares help

    Not much to go on at this point, try downloading hijackthis
    http://www.majorgeeks.com/download3155.html

    Run a scan and post it here, do not do anything but scan at this point.

    Dave

  3. #3
    HTML's Avatar
    Administrator

    Status
    Offline
    Join Date
    Aug 2000
    Posts
    3,445

    Follow HTML On Twitter Add HTML on Facebook Add HTML on Google+ Add HTML on Linkedin Visit HTML's Youtube Channel

    Re: Spywares help

    Btw, I remember you had forgotten your other ID so signed up new. I have the other ID "stillmatic" and will merge all of your posts under which ever name you choose to keep.

    Dave

  4. #4
    Main Source's Avatar
    Junior Member

    Status
    Offline
    Join Date
    Dec 2003
    Posts
    29

    Re: Spywares help

    Thanks Dave. Here's the log file.

    Logfile of HijackThis v1.99.1
    Scan saved at 1:55:28 PM, on 6/25/2005
    Platform: Windows 2000 (WinNT 5.00.2195)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\csrss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\system32\spoolsv.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\WINNT\System32\svchost.exe
    C:\Program Files\M-Audio MobilePre\Install\MPInst.exe
    C:\WINNT\system32\regsvc.exe
    C:\WINNT\system32\MSTask.exe
    C:\WINNT\system32\stisvc.exe
    C:\WINNT\System32\WBEM\WinMgmt.exe
    C:\WINNT\System32\mspmspsv.exe
    C:\WINNT\System32\devldr32.exe
    C:\WINNT\System32\shnlog.exe
    C:\WINNT\System32\msole32.exe
    C:\WINNT\System32\atiptaxx.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\WINNT\System32\DeltTray.exe
    C:\WINNT\System32\intmon.exe
    C:\Program Files\M-Audio MobilePre\MPTask.exe
    C:\WINNT\System32\LogFiles\DA6221200.so
    C:\WINNT\explorer.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\Brian\Desktop\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.oneclicksearches.com/search.php?qq=%1
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.oneclicksearches.com/bar.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.oneclicksearches.com/search.php?qq=%1
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.oneclicksearches.com/search.php?qq=%1
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.oneclicksearches.com/search.php?qq=%1
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.oneclicksearches.com/search.php?qq=%1
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.oneclicksearches.com/
    R3 - URLSearchHook: (no name) - {C8E69AD8-5DBB-F239-DBC9-54147C0BD796} - br0ken.dll (file missing)
    O2 - BHO: VMHomepage Class - {FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFA} - C:\WINNT\System32\hpC60A.tmp
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O4 - HKLM\..\Run: [DeltTray] DeltTray.exe
    O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\System32\\NeroCheck.exe
    O4 - HKLM\..\Run: [RegSvr32] C:\WINNT\System32\msmsgs.exe
    O4 - HKLM\..\Run: [newbreed] install2.exe
    O4 - HKLM\..\Run: [34763] ___.exe
    O4 - HKCU\..\Run: [WareOut] "C:\Program Files\WareOut\WareOut.exe"
    O4 - HKCU\..\Run: [Uint32] vxdman.exe
    O4 - HKCU\..\Run: [SysSupport] DCC_send.exe
    O4 - HKCU\..\Run: [TemplateDongle] LOPTCON.exe
    O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: M-Audio MobilePre Control Panel Launcher.lnk = C:\Program Files\M-Audio MobilePre\MPTask.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: Start spyware remover - {BF69DF00-2734-477F-8257-27CD04F88779} - C:\Program Files\WareOut\WareOut.exe (file missing) (HKCU)
    O9 - Extra 'Tools' menuitem: Start spyware remover - {BF69DF00-2734-477F-8257-27CD04F88779} - C:\Program Files\WareOut\WareOut.exe (file missing) (HKCU)
    O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall-beta.trendmicro.com/housecall/xscan60.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
    O17 - HKLM\System\CCS\Services\Tcpip\..\{397A312D-353C-4AF4-A5E1-CA9DA1D73663}: NameServer = 69.50.184.85,195.225.176.31
    O17 - HKLM\System\CS1\Services\Tcpip\..\{397A312D-353C-4AF4-A5E1-CA9DA1D73663}: NameServer = 69.50.184.85,195.225.176.31
    O17 - HKLM\System\CS2\Services\Tcpip\..\{397A312D-353C-4AF4-A5E1-CA9DA1D73663}: NameServer = 69.50.184.85,195.225.176.31
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
    O23 - Service: MobilePre Installer (MobilePreInstallerService) - M-Audio - C:\Program Files\M-Audio MobilePre\Install\MPInst.exe

  5. #5
    Main Source's Avatar
    Junior Member

    Status
    Offline
    Join Date
    Dec 2003
    Posts
    29

    Re: Spywares help

    Quote Originally Posted by Dave
    Btw, I remember you had forgotten your other ID so signed up new. I have the other ID "stillmatic" and will merge all of your posts under which ever name you choose to keep.

    Dave
    Thanks Dave. It was a while since I visited. If you can, can you delete the other screename for me?

  6. #6
    HTML's Avatar
    Administrator

    Status
    Offline
    Join Date
    Aug 2000
    Posts
    3,445

    Follow HTML On Twitter Add HTML on Facebook Add HTML on Google+ Add HTML on Linkedin Visit HTML's Youtube Channel

    Re: Spywares help

    Wareout.exe is the problem that stands out to me, my guess is this has changed the entries above it that refers to search. Check out this thread I think it will help somewhat .http://forum.pcmech.com/showthread.php?p=926843#post926843

    Dave

  7. #7
    Main Source's Avatar
    Junior Member

    Status
    Offline
    Join Date
    Dec 2003
    Posts
    29

    Re: Spywares help

    I checked out that thread and I deleted the Wareout. Things are still not back to normal. I still can't change my background. It's still blue and it has this Security Warning says a Trojan-Spy.HTML.Smitfraud.c is causing this error? Any clues here?

  8. #8
    HTML's Avatar
    Administrator

    Status
    Offline
    Join Date
    Aug 2000
    Posts
    3,445

    Follow HTML On Twitter Add HTML on Facebook Add HTML on Google+ Add HTML on Linkedin Visit HTML's Youtube Channel

    Re: Spywares help

    run another scan (HJT)

    D

  9. #9
    Main Source's Avatar
    Junior Member

    Status
    Offline
    Join Date
    Dec 2003
    Posts
    29

    Re: Spywares help

    Logfile of HijackThis v1.99.1
    Scan saved at 9:29:15 AM, on 6/26/2005
    Platform: Windows 2000 (WinNT 5.00.2195)
    MSIE: Internet Explorer v5.00 (5.00.2920.0000)

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\csrss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\system32\spoolsv.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\WINNT\System32\svchost.exe
    C:\Program Files\M-Audio MobilePre\Install\MPInst.exe
    C:\WINNT\system32\regsvc.exe
    C:\WINNT\system32\MSTask.exe
    C:\WINNT\system32\stisvc.exe
    C:\WINNT\System32\WBEM\WinMgmt.exe
    C:\WINNT\System32\mspmspsv.exe
    C:\WINNT\explorer.exe
    C:\WINNT\System32\devldr32.exe
    C:\WINNT\System32\shnlog.exe
    C:\WINNT\System32\msole32.exe
    C:\WINNT\System32\intmon.exe
    C:\WINNT\System32\atiptaxx.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\WINNT\System32\DeltTray.exe
    C:\Program Files\M-Audio MobilePre\MPTask.exe
    C:\Documents and Settings\Brian\Desktop\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.oneclicksearches.com/search.php?qq=%1
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.oneclicksearches.com/bar.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.oneclicksearches.com/search.php?qq=%1
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.oneclicksearches.com/search.php?qq=%1
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.oneclicksearches.com/search.php?qq=%1
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.oneclicksearches.com/search.php?qq=%1
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.oneclicksearches.com/
    R3 - URLSearchHook: (no name) - {C8E69AD8-5DBB-F239-DBC9-54147C0BD796} - br0ken.dll (file missing)
    O2 - BHO: VMHomepage Class - {FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFA} - C:\WINNT\System32\hp25D2.tmp
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O4 - HKLM\..\Run: [DeltTray] DeltTray.exe
    O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\System32\\NeroCheck.exe
    O4 - HKLM\..\Run: [newbreed] install2.exe
    O4 - HKLM\..\Run: [34763] ___.exe
    O4 - HKCU\..\Run: [Uint32] vxdman.exe
    O4 - HKCU\..\Run: [SysSupport] DCC_send.exe
    O4 - HKCU\..\Run: [TemplateDongle] LOPTCON.exe
    O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: M-Audio MobilePre Control Panel Launcher.lnk = C:\Program Files\M-Audio MobilePre\MPTask.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
    O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
    O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
    O17 - HKLM\System\CCS\Services\Tcpip\..\{397A312D-353C-4AF4-A5E1-CA9DA1D73663}: NameServer = 69.50.184.85,195.225.176.31
    O17 - HKLM\System\CS1\Services\Tcpip\..\{397A312D-353C-4AF4-A5E1-CA9DA1D73663}: NameServer = 69.50.184.85,195.225.176.31
    O17 - HKLM\System\CS2\Services\Tcpip\..\{397A312D-353C-4AF4-A5E1-CA9DA1D73663}: NameServer = 69.50.184.85,195.225.176.31
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
    O23 - Service: MobilePre Installer (MobilePreInstallerService) - M-Audio - C:\Program Files\M-Audio MobilePre\Install\MPInst.exe


    BTW, I appreciate your help Dave. Thanks.

  10. #10
    HTML's Avatar
    Administrator

    Status
    Offline
    Join Date
    Aug 2000
    Posts
    3,445

    Follow HTML On Twitter Add HTML on Facebook Add HTML on Google+ Add HTML on Linkedin Visit HTML's Youtube Channel

    Re: Spywares help

    I see many people thanking this fellow for a solution, I guess it works.

    http://www.wilderssecurity.com/showthread.php?t=75890

    Dave
    Last edited by HTML; 03-09-2012 at 10:44 PM.



Tags for this Thread