Spyware still remaining on computer

bstrong · Posted: Thu 04/10/2008 12:29pm [Post #1]

I followed the steps on Get Rid of Spyware and the "System Integrity Scan Wizard" still pops up.
I deleated the following files from step C for removing this popup and the additional Global Startup suggestions from the Detective:

02 - BHO: (no name) - {47E8E835-C4BC-473B-AE26-E674F2DEE290} - (NO FILE)

04 - HKLM\..\RUN: [NVCPLDAEMON] RUNDELL32.EXEG:\WINDOWS\SYSTEM32\NvCpl.dll,NvStart

I manually deleted NvCpl.dll from the Windows\System32 folder.

The Detective prompted me to post the final logfile. I am also getting the following additional popups:

Warning!
Your Computer is infected with spyware!
Protect your computer and remove spyware.
Click here for more information.

Scurity System
Protection Control Panel
Possible spyware infection detected.
Trojan Downloader.x5
to remove click here

Task bar warning!
Click here to fix problem

Clicking this opens a web site advertising spyware software ****.

Thanks for your help.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:26:27 AM, on 4/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
G:\WINDOWS\System32\smss.exe
G:\WINDOWS\system32\winlogon.exe
G:\WINDOWS\system32\services.exe
G:\WINDOWS\system32\lsass.exe
G:\WINDOWS\system32\svchost.exe
G:\Program Files\Windows Defender\MsMpEng.exe
G:\WINDOWS\System32\svchost.exe
G:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
G:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
G:\WINDOWS\system32\spoolsv.exe
G:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
G:\WINDOWS\System32\drivers\CDAC11BA.EXE
G:\WINDOWS\Explorer.EXE
G:\WINDOWS\System32\CTsvcCDA.EXE
G:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
G:\WINDOWS\system32\HPZipm12.exe
G:\WINDOWS\system32\RioMSC.exe
G:\Program Files\twc\medicsp2\bin\sprtsvc.exe
G:\WINDOWS\System32\svchost.exe
G:\WINDOWS\System32\MsPMSPSv.exe
G:\WINDOWS\system32\fxssvc.exe
G:\WINDOWS\system32\devldr32.exe
G:\Program Files\Common Files\Real\Update_OB\evntsvc.exe
G:\PROGRA~1\HPDVD~1\Umbrella\DVDTray.exe
G:\Program Files\Creative\SBLive\Creative Diagnostics 2.0\DIAGENT.EXE
G:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
G:\Program Files\Common Files\Symantec Shared\ccApp.exe
G:\Program Files\iTunes\iTunesHelper.exe
G:\Program Files\twc\medicsp2\bin\sprtcmd.exe
G:\Program Files\Windows Defender\MSASCui.exe
G:\WINDOWS\system32\ctfmon.exe
G:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifie r.exe
G:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
G:\WINDOWS\system32\nypsrchs.exe
G:\Program Files\Palm\Hotsync.exe
G:\Program Files\Hewlett-Packard\AiO\hp psc 900 series\Bin\hpobrt07.exe
G:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe
G:\WINDOWS\system32\wuauclt.exe
G:\Program Files\iPod\bin\iPodService.exe
G:\WINDOWS\system32\hpoipm07.exe
G:\Program Files\Symantec\LiveUpdate\AUPDATE.EXE
G:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe
G:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOFXM07.exe
G:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
G:\WINDOWS\System32\svchost.exe
G:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
G:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
G:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
G:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rr.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.comcast.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rr.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Road Runner High Speed Online
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - G:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - G:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - g:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - G:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dl l
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - g:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [AHQInit] G:\Program Files\Creative\SBLive\Program\AHQInit.exe
O4 - HKLM\..\Run: [TkBellExe] G:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [DVDTray] G:\PROGRA~1\HPDVD~1\Umbrella\DVDTray.exe
O4 - HKLM\..\Run: [DVDBitSet] G:\PROGRA~1\HPDVD~1\Umbrella\DVDBitSet.exe /NOUI
O4 - HKLM\..\Run: [DIAGENT] G:\Program Files\Creative\SBLive\Creative Diagnostics 2.0\DIAGENT.EXE startup
O4 - HKLM\..\Run: [HP Software Update] G:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ccApp] "G:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "G:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [iTunesHelper] "G:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "G:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSv c.exe" /a /m "G:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\Alert Eng.dll"
O4 - HKLM\..\Run: [medicsp2] G:\Program Files\twc\medicsp2\bin\sprtcmd.exe /P medicsp2
O4 - HKLM\..\Run: [Windows Defender] "G:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [ctfmon.exe] G:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] G:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [swg] G:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifie r.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] G:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [oxcmcood] G:\WINDOWS\system32\nypsrchs.exe
O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] G:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] G:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = G:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Camio Viewer 2000.lnk = G:\Program Files\Sierra Imaging\Image Expert 2000\IXApplet.exe
O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = G:\Program Files\Palm\Hotsync.exe
O4 - Global Startup: HPAiODevice(hp psc 900 series) - 1.lnk = G:\Program Files\Hewlett-Packard\AiO\hp psc 900 series\Bin\hpobrt07.exe
O4 - Global Startup: PCS Business Connection.lnk = G:\Program Files\Sprint\PCS Business Connection\BusinessConnect.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://G:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - G:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - G:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
O9 - Extra button: Net2Phone - {4B30061A-5B39-11D3-80F8-0090276F843F} - G:\Program Files\Net2Phone\Net2fone.exe
O9 - Extra 'Tools' menuitem: Net2Phone - {4B30061A-5B39-11D3-80F8-0090276F843F} - G:\Program Files\Net2Phone\Net2fone.exe
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - G:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - G:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - G:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - G:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: g:\windows\system32\nwprovau.dll
O12 - Plugin for .aspx: G:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} - http://activation.rr.com/install/downloads/tgctlcm.cab
O16 - DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} (DeviceEnum Class) - http://h30155.www3.hp.com/ediags/dd/install/HPDriverDia gnosticsxp2k.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.c ab
O16 - DPF: {CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA} (Java Runtime Environment 1.4.0_01) -
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - G:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - G:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - G:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - G:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - G:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - G:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: Google Updater Service (gusvc) - Google - G:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - G:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - G:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - G:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - G:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - G:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - G:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - G:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - G:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSv c.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - G:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - G:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Rio MSC Manager (RioMSC) - Digital Networks North America, Inc. - G:\WINDOWS\system32\RioMSC.exe
O23 - Service: SupportSoft Sprocket Service (medicsp2) (sprtsvc_medicsp2) - SupportSoft, Inc. - G:\Program Files\twc\medicsp2\bin\sprtsvc.exe
O23 - Service: Symantec Core LC - Unknown owner - G:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - G:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

--
End of file - 11071 bytes

This post has: 0 recommendations