New Posts  All Forums:Forum Nav:

Grr....spyware

post #1 of 2
Thread Starter 
Logfile of HijackThis v1.99.1
Scan saved at 4:35:56 PM, on 2/5/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\\WINDOWS\\System32\\smss.exe
C:\\WINDOWS\\system32\\winlogon.exe
C:\\WINDOWS\\system32\\services.exe
C:\\WINDOWS\\system32\\lsass.exe
C:\\WINDOWS\\system32\\svchost.exe
C:\\WINDOWS\\System32\\svchost.exe
C:\\WINDOWS\\system32\\spoolsv.exe
C:\\WINDOWS\\system32\
vsvc32.exe
C:\\WINDOWS\\System32\\svchost.exe
C:\\WINDOWS\\system32\\wuauclt.exe
C:\\WINDOWS\\Explorer.EXE
C:\\Program Files\\Microsoft IntelliType Pro\ype32.exe
C:\\Program Files\\Microsoft IntelliPoint\\point32.exe
C:\\Program Files\\Google\\Google Desktop Search\\GoogleDesktop.exe
C:\\Program Files\\Google\\Google Desktop Search\\GoogleDesktopIndex.exe
C:\\Program Files\\Google\\Google Desktop Search\\GoogleDesktopDisplay.exe
C:\\Program Files\\Google\\Google Desktop Search\\GoogleDesktopCrawl.exe
C:\\Program Files\\Google\\Google Desktop Search\\GoogleDesktopMail.exe
C:\\PROGRA~1\\MOZILL~1\\FIREFOX.EXE
C:\\Documents and Settings\\Owner\\My Documents\\HijackThis\\HijackThis.exe

R1 - HKCU\\Software\\Microsoft\\Internet Connection Wizard,ShellNext = http://www.nvidia.com/page/drivers.html
R1 - HKCU\\Software\\Microsoft\\Windows\\CurrentVersion \\Internet Settings,ProxyServer = proxy.indstate.edu:3128
O4 - HKLM\\..\\Run: [type32] "C:\\Program Files\\Microsoft IntelliType Pro\ype32.exe"
O4 - HKLM\\..\\Run: [IntelliPoint] "C:\\Program Files\\Microsoft IntelliPoint\\point32.exe"
O4 - HKLM\\..\\Run: [Google Desktop Search] "C:\\Program Files\\Google\\Google Desktop Search\\GoogleDesktop.exe" /startup
O4 - HKLM\\..\\Run: [NvCplDaemon] RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\\Program Files\\Java\\jre1.5.0_02\\bin\
pjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\\Program Files\\Java\\jre1.5.0_02\\bin\
pjpi150_02.dll
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemydsl.verizon.net/sd...ad/tgctlcm.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com...45/yacscom.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1123903789796
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by104fd.bay104.hotmail.msn.co...x/HMAtchmt.ocx
O17 - HKLM\\System\\CCS\\Services\\Tcpip\\..\\{507AA582-4435-4C1E-9A88-4413971BBA9A}: NameServer = 68.238.0.12 68.238.112.12
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\\PROGRA~1\\MSNMES~1\\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: C:\\PROGRA~1\\Google\\GOOGLE~1\\GOEC62~1.DLL
O20 - Winlogon Notify: igfxcui - C:\\WINDOWS\\SYSTEM32\\igfxsrvc.dll
O20 - Winlogon Notify: WB - C:\\PROGRA~1\\OBJECT~1\\WINDOW~1\\fastload.dll
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\\Program Files\\Common Files\\InstallShield\\Driver\\1050\\Intel 32\\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\\WINDOWS\\system32\
vsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\\WINDOWS\\system32\\HPZipm12.exe

Here's a hijackthis scan along with a picture of the problem. I can't find the process running in hijackthis and adaware does see it as a problem either. I think it's because the spyware has made itself look like a window's security process, so it is able to bypass adaware. Also, when clicking on the balloon, it takes me to a webpage called spyware strike. The spyware is in three parts, I deleted the other two, but I can't delete this one. Any help would be greatly appriciated.
Reincarnation
(13 items)
 
  
CPUMotherboardGraphicsRAM
AMD Phenom II X3 740 (Unlocked to X4 40) Asus M4A88TD-V Evo USB3 XFX 4890 2x2GB G. Skill Ripjaw DDR3 1600 
OSKeyboardPowerCase
Windows 7 Ultimate Saitek Eclipse II Antec TruePower 2.0 550W Thermaltake V9 BlacX 
Mouse
Logitech MX1000 
  hide details  
Reply
Reincarnation
(13 items)
 
  
CPUMotherboardGraphicsRAM
AMD Phenom II X3 740 (Unlocked to X4 40) Asus M4A88TD-V Evo USB3 XFX 4890 2x2GB G. Skill Ripjaw DDR3 1600 
OSKeyboardPowerCase
Windows 7 Ultimate Saitek Eclipse II Antec TruePower 2.0 550W Thermaltake V9 BlacX 
Mouse
Logitech MX1000 
  hide details  
Reply
post #2 of 2
Try this page, it will show you how to manually remove Spyware Strike.
My System
(13 items)
 
  
CPUMotherboardGraphicsRAM
Opteron 165 CCBBE0610DPMW DFI LP NF4 Ultra-D BFG 7800gt OC 2Gb G.Skill HZ 
OSMonitorKeyboardPower
Windows XP SP2 NEC MultiSync 1760V Microsoft Aspire 520W 
CaseMouse
TT Armor Microsoft 
  hide details  
Reply
My System
(13 items)
 
  
CPUMotherboardGraphicsRAM
Opteron 165 CCBBE0610DPMW DFI LP NF4 Ultra-D BFG 7800gt OC 2Gb G.Skill HZ 
OSMonitorKeyboardPower
Windows XP SP2 NEC MultiSync 1760V Microsoft Aspire 520W 
CaseMouse
TT Armor Microsoft 
  hide details  
Reply
New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: Networking & Security