Jump to content
george

Help removing SpyLock

Recommended Posts

I tried manually removing all of the files but I am still getting the SpyLock Security pop up. I can't find anything that resembles SpyLocks in my running processes. I used Hijack This and this is what I got. Any help would be appreciated.

Logfile of Trend Micro HijackThis v2.0.0 (BETA)

Scan saved at 5:48:34 PM, on 5/26/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe

C:\WINDOWS\system32\drivers\KodakCCS.exe

C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe

C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe

C:\PROGRA~1\NORTON~1\NORTON~3\NPROTECT.EXE

C:\WINDOWS\system32\nvsvc32.exe

C:\PROGRA~1\NORTON~1\NORTON~3\SPEEDD~1\NOPDB.EXE

C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

C:\WINDOWS\ehome\ehtray.exe

C:\WINDOWS\eHome\ehmsas.exe

C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

C:\WINDOWS\stsystra.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe

C:\Program Files\Dell\Media Experience\DMXLauncher.exe

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\WINDOWS\System32\DLA\DLACTRLW.EXE

C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\Common Files\AOL\1145058379\ee\AOLSoftware.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe

C:\PROGRA~1\VIRTUA~1\SMARTB~1\SprintDSLAlert.exe

C:\Program Files\Winamp\winampa.exe

C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe

C:\Program Files\DAEMON Tools\daemon.exe

C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Digital Line Detect\DLG.exe

C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe

C:\Program Files\Norton SystemWorks\Norton GoBack\GBTray.exe

C:\Program Files\MSN Toolbar Suite\DS2.05.0001.1119\en-us\bin\WindowsSearch.exe

C:\Program Files\Yahoo!\Yahoo! Music Engine\ymetray.exe

C:\Program Files\TimeLeft3\TimeLeft.exe

C:\Program Files\MSN Toolbar Suite\DS2.05.0001.1119\en-us\bin\WindowsSearchIndexer.exe

C:\Program Files\Virtual Assistant\bin\mpbtn.exe

C:\Program Files\Webroot\Spy Sweeper\SSU.EXE

C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE

C:\Program Files\Java\jre1.5.0_06\bin\jucheck.exe

C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe

C:\Program Files\MSN\MSNCoreFiles\msn.exe

C:\Program Files\MSN Messenger\msnmsgr.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\taskmgr.exe

C:\WINDOWS\system32\dllhost.exe

C:\Program Files\Messenger\msmsgs.exe

C:\DOCUME~1\Giny\LOCALS~1\Temp\Temporary Directory 1 for HiJackThis_v2.zip\HiJackThis_v2.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll

O2 - BHO: MSN Search Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB2.05.0001.1119\en-us\msntb.dll

O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\BAE\BAE.dll

O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB2.05.0001.1119\en-us\msntb.dll

O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe

O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe"

O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe

O4 - HKLM\..\Run: [iAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe"

O4 - HKLM\..\Run: [DMXLauncher] "C:\Program Files\Dell\Media Experience\DMXLauncher.exe"

O4 - HKLM\..\Run: [iSUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE

O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [sSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot

O4 - HKLM\..\Run: [ymetray] "C:\Program Files\Yahoo!\Yahoo! Music Engine\YahooMusicEngine.exe" -preload

O4 - HKLM\..\Run: [HostManager] "C:\Program Files\Common Files\AOL\1145058379\ee\AOLSoftware.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [iPHSend] "C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe"

O4 - HKLM\..\Run: [sprintModemUpdate] "javaw.exe" -cp "C:\Program Files\Motive\FirmwareUpdater\lib\SprintModemUpdate.jar" com.motive.firmwareUpdater.client.SprintModemUpdate

O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VIRTUA~1\SMARTB~1\SprintDSLAlert.exe

O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"

O4 - HKLM\..\Run: [Dell Photo AIO Printer 922] "C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe"

O4 - HKLM\..\Run: [DLBTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBTtime.dll,_RunDLLEntry@16

O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [p2p networking] p2pnetworking.exe

O4 - HKLM\..\Run: [spySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray

O4 - HKLM\..\RunServices: [p2p networking] p2pnetworking.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup

O4 - Startup: TimeLeft.lnk = C:\Program Files\TimeLeft3\TimeLeft.exe

O4 - Global Startup: Digital Line Detect.lnk = ?

O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe

O4 - Global Startup: Norton GoBack.lnk = C:\Program Files\Norton SystemWorks\Norton GoBack\GBTray.exe

O4 - Global Startup: Virtual Assistant.lnk = C:\Program Files\Virtual Assistant\bin\matcli.exe

O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\MSN Toolbar Suite\DS2.05.0001.1119\en-us\bin\WindowsSearch.exe

O4 - Global Startup: ymetray.lnk = C:\Program Files\Yahoo!\Yahoo! Music Engine\ymetray.exe

O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB2.05.0001.1119\en-us\msntb.dll/search.htm

O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm

O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm

O8 - Extra context menu item: Download web site with Free Download Manager - file://C:\Program Files\Free Download Manager\dlpage.htm

O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll

O9 - Extra button: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks\Norton Cleanup\WCQuick.lnk

O9 - Extra 'Tools' menuitem: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks\Norton Cleanup\WCQuick.lnk

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe

O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: Yahoo! Pool 2 - http://download2.games.yahoo.com/games/clients/y/poti_x.cab

O16 - DPF: {01010200-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Installer) - http://supportcenter.rr.com/sdccommon/download/tgctlins.cab

O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://supportcenter.rr.com/sdccommon/download/tgctlsi.cab

O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://supportcenter.rr.com/sdccommon/download/tgctlcm.cab

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmart.com/WalmartActivia.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1143487583625

O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: equiparant - {25b7d2fd-4f71-46d1-801a-7de323e4ec82} - C:\WINDOWS\system32\indwvm.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

O23 - Service: dlbt_device - Dell - C:\WINDOWS\system32\dlbtcoms.exe

O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe

O23 - Service: Intel

Share this post


Link to post
Share on other sites

Please download RogueRemover here. Update the program with the latest database and run the program.

If you stil have problems post another HijackThis log and if you don't please report that too.

Share this post


Link to post
Share on other sites
Please download RogueRemover here. Update the program with the latest database and run the program.

If you stil have problems post another HijackThis log and if you don't please report that too.

Yea that worked thank you very much.

Share this post


Link to post
Share on other sites

You are not trouble free I'm sorry to tell you.

First you need to place HiJack This! into a folder of it's own you create on your hard drive. Your running it from a temp folder now and that is not good.

Get a copy of AVG AntiSpyware update it and run a full system scan, let it remove anything it finds, follow the steps below.

1. Once you have downloaded ewido anti-spyware, locate the icon on the desktop and double-click it to launch the set up program.

2. Once the setup is complete you will need run ewido and update the definition files.

3. On the main screen select the icon "Update" then select the "Update now" link.

* Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.

4. Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.

5. Once in the Settings screen click on "Recommended actions" and then select "Quarantine".

6. Under "Reports"

* Select "Automatically generate report after every scan"

* Un-Select "Only if threats were found"

Scan instructions

1. Launch AVG-anti-spyware by double-clicking the icon on your desktop.

2.Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".

AVG will now begin the scanning process, be patient this may take a little time.

3.Once the scan is complete do the following: If you have any infections you will prompted, then select "Apply all actions"

4. Next select the "Reports" icon at the top.

5. Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).

6. Post that log (it will be long).

Then run a new HJT scan and post that log here also.

Share this post


Link to post
Share on other sites

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.