Spyware problem

PhilyB · May 12, 2006

I can't change my hompage and keep getting pop-ups, I've used spy-bot and that has'nt helped! Could someone please look at my HijackThis log and advise me on what to delete.

Thanks in advance

Logfile of HijackThis v1.97.7
Scan saved at 12:02:06, on 12/05/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Lexmark X5100 Series\lxbabmon.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Apps\ActivBoard\MMKeybd.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Google\Google Updater\1.1.454.29157\GoogleUpdater.exe
C:\Apps\ActivBoard\nhksrv.exe
c:\apache2\bin\apache.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\apache2\mysql\bin\mysqld.exe
C:\apache2\ftp\SlimFTPd.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
C:\apache2\mail\bin\XMail.exe
C:\Apps\ActivBoard\TrayMon.exe
C:\Apps\ActivBoard\OSD.exe
C:\apache2\bin\apache.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\atmclk.exe
C:\WINDOWS\system32\dcomcfg.exe
C:\Program Files\Netscape\Netscape\Netscp.exe
C:\Documents and Settings\Phil.SN023872920049\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.packardbell.co.uk/center
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://www.packardbell.co.uk/center
O2 - BHO: (no name) - {b0398eca-0bcd-4645-8261-5e9dc70248d0} - C:\WINDOWS\system32\hpCA57.tmp
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Lexmark X5100 Series] "C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [ACTIVBOARD] C:\Apps\ActivBoard\MMKeybd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray
O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\1.1.454.29157\GoogleUpdater.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Packard Bell (HKLM)
O9 - Extra button: Research (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=www.packardbell.co.uk/center
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
O16 - DPF: {4B48D5DF-9021-45F7-A240-60304302A215} (Malicious Software Removal Tool) - http://download.microsoft.com/download/5/c/2/5c2fc4b7-3875-4eec-946b-ffe15472cabc/WebCleaner.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1140236031478
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1140237402983
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

Jimmy 2004 · May 14, 2006

What is your start page set to and what do you want it to be? From looking at this it seems as though it should be going to the packard bell site?

Also make sure you are using antivirus software (AVG is good and free)
And try using Windows defender and Ad-Aware as well.

You could also use Firefox instead of IE to solve your problems.

Edit: Also try looking here http://www.fjsmjs.com/IE/homepage.htm

jjnissanpatfan · May 14, 2006

I would cut down some processes i have xp pro and right now when i open the task manager i have 18 processes with atitool and mozilla!!Get rid of everything you dont need on start up.
Do you know how to use msconfig??And what browser are you using.. right click whatever one go to properties then change your page.

PhilyB · May 15, 2006

Jimmy 2004 said:
What is your start page set to and what do you want it to be? From looking at this it seems as though it should be going to the packard bell site?

Also make sure you are using antivirus software (AVG is good and free)
And try using Windows defender and Ad-Aware as well.

You could also use Firefox instead of IE to solve your problems.

Edit: Also try looking here http://www.fjsmjs.com/IE/homepage.htm

Thanks mate, I've got AVG and that dos'nt find anything wrong! My start page is set to about:blank but it comes up with www.securityuptodate.com and I cant change it.

I'm gonna try the link you posted see if that helps and I'll let you know the outcome.

PhilyB · May 15, 2006

jjnissanpatfan said:
I would cut down some processes i have xp pro and right now when i open the task manager i have 18 processes with atitool and mozilla!!Get rid of everything you dont need on start up.
Do you know how to use msconfig??And what browser are you using.. right click whatever one go to properties then change your page.

I hav'nt got a clue on how to use msconfig!! I was using Internet Explorer and so was the rest of my family until this happend but at the moment i'm on netscape cause it has'nt affected it apart from the pop-ups i'm getting!

Jimmy 2004 · May 15, 2006

Using msconfig probably isn't best for new users, most anti-spyware programs have a section to let you control which software loads at windows startup. Let us know how you get on trying that link.

PhilyB · May 16, 2006

Thanks for your help Jimmy, I tried averything on the link you gave me but nothing on there works

I think I might have to do a full system reboot

Jimmy 2004 · May 16, 2006

Sorry it didn't work, a full system reboot can be a good thing (makes your PC much faster without the leftover rubbish...) and I shouldn't be a problem if you can back up data, which will be even easier if you have a network you can back it up over.

PhilyB · May 17, 2006

Jimmy 2004 said:
Sorry it didn't work, a full system reboot can be a good thing (makes your PC much faster without the leftover rubbish...) and I shouldn't be a problem if you can back up data, which will be even easier if you have a network you can back it up over.

Yeah I think thats what I'm gonna have to do, thanks for all your help mate

gR3iF · May 17, 2006

try panda for cleanup helps with every virus and spyware

System Name	Jimmy 2004's PC
Processor	S754 AMD Athlon64 3200+ @ 2640MHz
Motherboard	ASUS K8N
Cooling	AC Freezer 64 Pro + Zalman VF1000 + 5x120mm Antec TriCool Case Fans
Memory	1GB Kingston PC3200 (2x512MB)
Video Card(s)	Saphire 256MB X800 GTO @ 450MHz/560MHz (Core/Memory)
Storage	500GB Western Digital SATA II + 80GB Maxtor DiamondMax SATA
Display(s)	Digimate 17" TFT (1280x1024)
Case	Antec P182
Audio Device(s)	Audigy 4 + Creative Inspire T7900 7.1 Speakers
Power Supply	Corsair HX520W
Software	Windows XP Home

System Name	Money Guilt / immortal X58
Processor	5600X / X5660
Motherboard	MSI B550 GAMING PLUS / MSI-x58-PLAT
Cooling	Cooler Master - Hyper 212 / Monsoon 3 Dual 120 fans
Memory	OLOy WarHawk 2x8 / 2x4 gig Gskill 1600
Video Card(s)	EVGA 3060 Ti FTW3 / R9 290 Powercolor PCS+
Storage	Crucial P5 1TB / 128gig Samsung D830 2x1 Terabyte Seagates Raid0
Display(s)	VIOTEK 32-In 2560x1440 Curved 144Hz / Acer 22in 1920x1080 120Hertz
Case	NZXT - H510 Compact / Thermaltake V9 Black Edition
Audio Device(s)	Soundblaster Audigy FX
Power Supply	CORSAIR - RM Series 750W / Ocz 700 Modular
Mouse	G403 / basic
Keyboard	G15 / basic
Software	Windows 10
Benchmark Scores	http://www.3dmark.com/spy/18067733, http://www.3dmark.com/fs/24836348 http://www.3dmark.com/fs/11606

System Name	Jimmy 2004's PC
Processor	S754 AMD Athlon64 3200+ @ 2640MHz
Motherboard	ASUS K8N
Cooling	AC Freezer 64 Pro + Zalman VF1000 + 5x120mm Antec TriCool Case Fans
Memory	1GB Kingston PC3200 (2x512MB)
Video Card(s)	Saphire 256MB X800 GTO @ 450MHz/560MHz (Core/Memory)
Storage	500GB Western Digital SATA II + 80GB Maxtor DiamondMax SATA
Display(s)	Digimate 17" TFT (1280x1024)
Case	Antec P182
Audio Device(s)	Audigy 4 + Creative Inspire T7900 7.1 Speakers
Power Supply	Corsair HX520W
Software	Windows XP Home

System Name	Jimmy 2004's PC
Processor	S754 AMD Athlon64 3200+ @ 2640MHz
Motherboard	ASUS K8N
Cooling	AC Freezer 64 Pro + Zalman VF1000 + 5x120mm Antec TriCool Case Fans
Memory	1GB Kingston PC3200 (2x512MB)
Video Card(s)	Saphire 256MB X800 GTO @ 450MHz/560MHz (Core/Memory)
Storage	500GB Western Digital SATA II + 80GB Maxtor DiamondMax SATA
Display(s)	Digimate 17" TFT (1280x1024)
Case	Antec P182
Audio Device(s)	Audigy 4 + Creative Inspire T7900 7.1 Speakers
Power Supply	Corsair HX520W
Software	Windows XP Home

Processor	Intel I7 2600k@ 4.5
Motherboard	Gigabyte p67 ud4 b3
Cooling	AC Cuplex kryos Hf
Memory	8096 Exceleram 1600@ 1333 Cl9 1.35v
Video Card(s)	Palit Gtx570@950/1900@1.063v
Storage	Ocz Vertex 3 120gb, 2tb Seagate 7200rpm s-ata3
Display(s)	Asus 24inch Lcd
Case	Coolermaster Cosmos S
Audio Device(s)	Creative X-fi with Teufel Magnum Power Edition
Power Supply	Coolermaster 700W Silent Pro Gold
Software	Linux?^^ ;P Windows 7 64bit

Spyware problem

PhilyB

New Member

Jimmy 2004

New Member

jjnissanpatfan

PhilyB

New Member

PhilyB

New Member

Jimmy 2004

New Member

PhilyB

New Member

Jimmy 2004

New Member

PhilyB

New Member

gR3iF