»
 

Go Back   ResellerRatings Store Ratings > ResellerRatings Forums > Tech Support
SpyWare? SpyWare?
Register FAQ Social Groups Calendar Search Today's Posts Mark Forums Read

Reply
 
LinkBack Thread Tools Display Modes
Old 11-21-2004, 03:59 PM   #1 (permalink)
Registered User
 
Join Date: Oct 2004
Posts: 4
TroubledLisa is on a distinguished road
Outdoors SpyWare?
Ok i have these 2 spywares on my computer
1) http://toolbar.desktoptraffic.net/sidesearch.html
2) Begin2Search

I ran HijackThis and here is the Results:
Logfile of HijackThis v1.98.2
Scan saved at 5:37:54 PM, on 12/21/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVPersonal\AVGUARD.EXE
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\AVPersonal\AVGNT.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\Spyware Doctor\spydoctor.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Mrs.Paredes\Local Settings\Temporary Internet Files\Content.IE5\PQPEANIB\hijackthis[1]\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.begin2search.com/sidesearch.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.begin2search.com/sidesearch.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.begin2search.com/sidesearch.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.distance-education.itt-tech.edu/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.begin2search.com/sidesearch.html
R3 - Default URLSearchHook is missing
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: ohb - {CB5B2BC6-F957-4D8A-BE67-83F3EC58BA01} - C:\WINDOWS\system32\dsktrf.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [PCDRealtime] C:\WINDOWS\realtime.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [RefrigeratorMonitor] C:\PROGRA~1\AMN\HLT\AMNREFR.EXE
O4 - HKLM\..\Run: [AVGCtrl] "C:\Program Files\AVPersonal\AVGNT.EXE" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpyKiller] C:\Program Files\SpyKiller\spykiller.exe /startup
O4 - HKCU\..\Run: [BestPopUpKiller] C:\Program Files\BestPopUpKiller\BestPopupKiller.exe /startup
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: hp psc 1000 series.lnk = ?
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab

I already removed Begin2Search, Spykiller, BespopupKiller, and Refrigerator Monitor. But in the results http://toolbar.desktoptraffic.net/sidesearch.html didn't seem to show up, How can i remove this because i look all over the net and i can't seem to find a removal tool. also a few days ago my computer started to freeze and startup slow what can it be.

TroubledLisa is offline   Reply With Quote
Old 11-21-2004, 05:19 PM   #2 (permalink)
Registered User
 
backyardtechie's Avatar
 
Join Date: Oct 2004
Posts: 59
backyardtechie is on a distinguished road
give adaware a try and run your antivirus.

Backyardtechie
backyardtechie is offline   Reply With Quote
Old 11-21-2004, 09:10 PM   #3 (permalink)
ResellerRatings Moderator
 
EvilRick's Avatar
 
Join Date: Jun 2004
Posts: 7,600
EvilRick has a reputation beyond reputeEvilRick has a reputation beyond reputeEvilRick has a reputation beyond reputeEvilRick has a reputation beyond reputeEvilRick has a reputation beyond reputeEvilRick has a reputation beyond reputeEvilRick has a reputation beyond reputeEvilRick has a reputation beyond reputeEvilRick has a reputation beyond reputeEvilRick has a reputation beyond reputeEvilRick has a reputation beyond repute
Spy Sweeper
EvilRick is offline   Reply With Quote
Old 11-21-2004, 09:20 PM   #4 (permalink)
Registered User
 
Join Date: Dec 2003
Posts: 54
slickvic22 is on a distinguished road
Spybot Search and destroy from download.com and/or CWShredder
slickvic22 is offline   Reply With Quote
Old 11-22-2004, 03:04 PM   #5 (permalink)
Registered User
 
splatfreak's Avatar
 
Join Date: Apr 2004
Posts: 130
splatfreak is on a distinguished road
I run Spy bot search and destroy and Ad-aware SE.They are great programs and free to.
splatfreak is offline   Reply With Quote
Old 11-23-2004, 05:23 AM   #6 (permalink)
Registered User
 
Join Date: Oct 2004
Posts: 4
TroubledLisa is on a distinguished road
I Tried all of those they dont work
TroubledLisa is offline   Reply With Quote
Old 11-23-2004, 06:24 AM   #7 (permalink)
Registered User
 
crossedup's Avatar
 
Join Date: Feb 2003
Location: Vale, NC
Posts: 505
crossedup is on a distinguished road
If you hold down F8 just before booting into windows and pick the safe mode option from the menu you would be better off running them that way. Might be able to get rid of more stuff.

Run Spybot, adaware, cwshredder, antivirus and hijackthis in that order. Anything left you will have to get by hand. I throw Pestpatrol in the mix but its a $ product.

If you know they are spyware, why dont you uncheck the in Hijackthis?
crossedup is offline   Reply With Quote
Reply

« problems with my network | downgrade for different reason »


« problems with my network | downgrade for different reason »

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On

Most Active Discussions

Recent Discussions

All times are GMT -6. The time now is 04:34 AM.

Contact Us - ResellerRatings - Archive - Privacy Statement - Top