SysChat

SysChat (http://www.syschat.com/forum.php)
-   Operating Systems (http://www.syschat.com/software-support/operating-systems/)
-   -   Warning on my tool bar about spyware (http://www.syschat.com/warning-my-tool-bar-about-spyware-3349.html)

Skirtchaser 04-10-2008 06:56 PM
Warning on my tool bar about spyware
 
I know the answer is probably already here, but I'm lazy. I have xp on wireless. I have installed spybot and avast. I run these often also with reg scrub. I keep getting a windows warning on my tool bar about spyware. It directs me to TOP RATED SPYWARE REMOVERS. I keep cleaning and to no avail it comes back just like a pop up in a yellow triangle I in my tool bar. Suggestions? Thanks

Wombat 04-10-2008 07:34 PM
Quote:
Originally Posted by Skirtchaser (Post 10525)
I know the answer is probably already here, but I'm lazy. Suggestions? Thanks
I know laziness is a problem. Google is your friend...

Sami 04-10-2008 11:15 PM
Hi Skirtchaser,

Please download HijackThis run the program and upload the log file here so that we may know exactly what's wrong with your system.

Skirtchaser 04-11-2008 06:45 AM
Thanx. Here is the log file. I can't tell which is the problem.

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\All Users\Application Data\incvwbmv\apelibsd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\afmbwjil.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Pooh Bear\Desktop\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R3 - URLSearchHook: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {01A33D85-4706-452A-B71A-99510ADA8C0C} - C:\WINDOWS\system32\mlJAqrQj.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5DA9D1D7-36B4-4576-A77A-C660352F807A} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {C64C20AE-A8C6-4B8E-B6A0-900E813D0AF2} - C:\WINDOWS\system32\rqRKDwwu.dll
O3 - Toolbar: vnbptxlf - {4126A715-7157-459A-BE7F-D19C9770E169} - C:\WINDOWS\vnbptxlf.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [9c49d6db] rundll32.exe "C:\WINDOWS\system32\ecbfwkra.dll",b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [iiudhslh] C:\WINDOWS\system32\afmbwjil.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKLM\..\Policies\Explorer\Run: [zQJmn93EYj] C:\Documents and Settings\All Users\Application Data\incvwbmv\apelibsd.exe
O8 - Extra context menu item: Download All Files by HiDownload - C:\Program Files\HiDownload\HDGetAll.htm
O8 - Extra context menu item: Download by HiDownload - C:\Program Files\HiDownload\HDGet.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: HiDownload - {F4FBA929-A891-492C-A0F6-5C79CC4F1742} - C:\Program Files\HiDownload\hidownload.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10...I.cab55579.cab
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/oas/ActiveX/MSDcode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/BinFrameWork/v10...y.cab55579.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10...t.cab55579.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1170017221075
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1170017622725
O16 - DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} (ZPA_TexasHoldem Object) - http://zone.msn.com/bingame/zpagames...e.cab55579.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramewor...o.cab56649.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/binframework/v10...y.cab55579.cab
O20 - Winlogon Notify: mlJAqrQj - C:\WINDOWS\SYSTEM32\mlJAqrQj.dll
O21 - SSODL: SysChk - {1e6a80ac-22be-49cf-b7f1-00268a4b3785} - C:\WINDOWS\Resources\SysChk.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NMSAccess - Unknown owner - C:\Program Files\CDBurnerXP Pro 3\Tools\NMSAccess.exe (file missing)
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe

Sami 04-11-2008 12:24 PM
Please run Hijack this again

and remove following items.

C:\Documents and Settings\All Users\Application Data\incvwbmv\apelibsd.exe
C:\WINDOWS\system32\afmbwjil.exe
O2 - BHO: (no name) - {01A33D85-4706-452A-B71A-99510ADA8C0C} - C:\WINDOWS\system32\mlJAqrQj.dll
O2 - BHO: (no name) - {5DA9D1D7-36B4-4576-A77A-C660352F807A} - (no file)
O2 - BHO: (no name) - {C64C20AE-A8C6-4B8E-B6A0-900E813D0AF2} - C:\WINDOWS\system32\rqRKDwwu.dll
O3 - Toolbar: vnbptxlf - {4126A715-7157-459A-BE7F-D19C9770E169} - C:\WINDOWS\vnbptxlf.dll
O4 - HKLM\..\Run: [9c49d6db] rundll32.exe "C:\WINDOWS\system32\ecbfwkra.dll",b
O4 - HKCU\..\Run: [iiudhslh] C:\WINDOWS\system32\afmbwjil.exe
O4 - HKLM\..\Policies\Explorer\Run: [zQJmn93EYj] C:\Documents and Settings\All Users\Application Data\incvwbmv\apelibsd.exe
O20 - Winlogon Notify: mlJAqrQj - C:\WINDOWS\SYSTEM32\mlJAqrQj.dll


After removing these items, Restart your computer in Safemode and rerun the hijackthis and make sure all the listed items have been removed.

Also in safemode run your antispyware program to make sure there are no more spyware in your system.

Skirtchaser 04-14-2008 09:59 PM
Your the Man, Sami. Worked like a charm. Thanx.


All times are GMT -4. The time now is 08:31 PM.


Copyright © 2005-2013 SysChat.com


1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54