Thread: I need to remove Malware spyware message-Todd Hoback
View Single Post
Old 11-11-2008, 08:08 PM   #1 (permalink)
ToddHoback
Registered User
 
Join Date: Nov 2008
Posts: 8
OS: Windows XP


I need to remove Malware spyware message-Todd Hoback
Hello. I now get a regular popup that says "Your computer is infected! Windows has detected spyware infection. Windows will now download and install anti-spyware software." but it never does anything else, and it won't stop appearing.

I am attaching the three logs you requested. Thank you very much for your help!

Todd Hoback











DDS (Version 1.0) - NTFSx86
Run by Owner at 18:45:42.81 on Tue 11/11/2008
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.540 [GMT -8:00]

============== Psuedo HJT Report ===============

uStart Page = hxxp://lasvegas.cox.net/cci/home
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mDefault_Search_URL = hxxp://www.google.com/ie
mSearch Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = 127.0.0.1;localhost;*.local
mSearchAssistant = hxxp://www.google.com
BHO: {00A6FAF1-072E-44cf-8957-5838F569A31D} - c:\program files\mywebsearch\srchastt\1.bin\MWSSRCAS.DLL
TB: {07B18EA9-A523-4961-B6BB-170DE4475CCA} - c:\program files\mywebsearch\bar\1.bin\MWSBAR.DLL
TB: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
uRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NVMCTRAY.DLL,NvTaskbarInit
uRun: [Microsoft Works Update Detection] c:\program files\microsoft works\WkDetect.exe
uRun: [MyWebSearch Email Plugin] c:\progra~1\mywebs~1\bar\1.bin\mwsoemon.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [brastk] c:\windows\system32\brastk.exe
mRun: [hpsysdrv] c:\windows\system\hpsysdrv.exe
mRun: [KBD] c:\hp\kbd\KBD.EXE
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [PS2] c:\windows\system32\ps2.exe
mRun: [nwiz] nwiz.exe /install
mRun: [LTMSG] LTMSG.exe 7
mRun: [CTPDPSRV] c:\windows\system32\spool\drivers\w32x86\3\CTPDPSRV.EXE
mRun: [MyWebSearch Email Plugin] c:\progra~1\mywebs~1\bar\1.bin\mwsoemon.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Verizon Custom Uninstall Tracking] c:\docume~1\owner\locals~1\temp\InstallHelper.exe /uninstalltrackingvendor=Verizon
mRun: [mcagent_exe] c:\program files\mcafee.com\agent\mcagent.exe /runkey
mRun: [brastk] c:\windows\system32\brastk.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~2.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\compaq~1.lnk - c:\program files\compaq a3000\CPQA3000.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpcent~1.lnk - c:\program files\hp center\137903\program\BackWeb-137903.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hppsc1~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpohmr08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpoddt~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpotdd01.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\nkvmon~1.lnk - c:\program files\nikon\nkview6\NkvMon.exe
IE: &Search - http://edits.mywebsearch.com/toolbar...p=ZUxdm080YYUS
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office11\MSOXMLMF.DLL
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

S3 hamachi_oem;PlayLinc Adapter;c:\windows\system32\drivers\gan_adapter.sys
S3 USB_RNDIS_XP;Westell WireSpeed Dual Connect Modem;c:\windows\system32\drivers\usb8023.sys
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe

=============== Created Last 30 ================

2008-11-11 18:33 250 a------- c:\windows\gmer.ini
2008-11-11 08:07 0 a------- c:\windows\system32\wini10846.exe
2008-11-08 23:23 <DIR> --d----- c:\program files\AntivirusPro2009
2008-11-06 21:50 13,382 a------- c:\docume~1\owner\applic~1\mymadabo.vbs
2008-11-06 21:50 18,571 a------- c:\windows\dasyqipiz.bin
2008-11-06 21:50 18,533 a------- c:\windows\avahy.exe
2008-11-06 21:50 15,114 a------- c:\windows\system32\pefolu.vbs
2008-11-06 21:50 14,788 a------- c:\docume~1\alluse~1\applic~1\nudogopese.dat
2008-11-06 21:50 11,743 a------- c:\docume~1\alluse~1\applic~1\awejiv.dat
2008-11-06 21:50 19,866 a------- c:\docume~1\owner\applic~1\modiquw.dat
2008-11-06 21:50 18,892 a------- c:\windows\ymiwusudug.reg
2008-11-06 21:50 17,369 a------- c:\docume~1\owner\applic~1\fyhubumove.pif
2008-11-06 21:50 16,746 a------- c:\docume~1\owner\applic~1\ahek.bin
2008-11-06 21:50 14,123 a------- c:\docume~1\alluse~1\applic~1\abut.com
2008-11-06 21:50 12,136 a------- c:\windows\system32\ycyxyneqet.ban
2008-11-06 21:50 16,062 a------- c:\docume~1\owner\applic~1\qyvijy.com
2008-11-06 21:50 13,358 a------- c:\docume~1\owner\applic~1\ezoti.bin
2008-11-06 21:50 13,318 a------- c:\windows\cejuzyw._sy
2008-11-06 21:44 19,808 a------- c:\docume~1\owner\applic~1\bixyxop.com
2008-11-06 21:44 19,322 a------- c:\windows\system32\erabotyk.dl
2008-11-06 21:44 16,481 a------- c:\windows\usowys.bin
2008-11-06 21:44 15,547 a------- c:\docume~1\alluse~1\applic~1\uhywuro.vbs
2008-11-06 21:44 13,718 a------- c:\program files\common files\dameh.com
2008-11-06 21:44 19,844 a------- c:\windows\omaz.pif
2008-11-06 21:44 18,381 a------- c:\docume~1\owner\applic~1\ifycac.scr
2008-11-06 21:44 17,852 a------- c:\docume~1\owner\applic~1\ydude.reg
2008-11-06 21:44 16,867 a------- c:\windows\sinum.exe
2008-11-06 21:44 16,046 a------- c:\windows\gybebuleca.exe
2008-11-06 21:44 15,771 a------- c:\windows\system32\uzymod.dat
2008-11-06 21:44 14,056 a------- c:\windows\esolypis.vbs
2008-11-06 21:44 12,576 a------- c:\docume~1\alluse~1\applic~1\owodoweti.bin
2008-11-06 21:44 12,303 a------- c:\docume~1\owner\applic~1\uvod.sys
2008-11-06 21:44 11,870 a------- c:\program files\common files\aresysyqov.scr
2008-11-06 11:22 5,120 a------- c:\windows\system32\brastk.exe

==================== Find3M ====================

2008-11-19 21:46 <DIR> --d----- c:\docume~1\owner\applic~1\Verizon
2008-11-19 21:46 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Verizon
2008-11-18 12:49 <DIR> --d----- c:\docume~1\owner\applic~1\Move Networks
2008-11-07 20:44 <DIR> a-d----- c:\program files\Encarta Online
2008-11-07 20:44 <DIR> --d----- c:\program files\EMusic
2008-11-07 00:21 <DIR> --d----- c:\program files\Messenger
2008-11-07 00:21 <DIR> --d----- c:\program files\Compaq A3000
2008-11-07 00:21 <DIR> --d----- c:\program files\viewsonic
2008-10-15 08:34 337,408 -------- c:\windows\system32\dllcache\netapi32.dll
2008-10-03 09:41 6,066,176 -------- c:\windows\system32\dllcache\ieframe.dll
2008-10-01 15:49 86,691 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2008-10-01 15:46 49,152 a------- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\bin\PCHI18N.dll
2008-10-01 15:45 77,824 a------- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\bin\WinVerifyTrust.dll
2008-10-01 15:45 126,976 a------- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\bin\ContentUpdater.exe
2008-10-01 15:45 122,880 a------- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\bin\SearchCtrl.dll
2008-10-01 15:45 420,432 a------- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\bin\pchplugin.zip
2008-10-01 15:45 155,648 a------- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\bin\PCHButton.exe
2008-10-01 15:44 731,136 a------- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\bin\motdeusr.zip
2008-10-01 15:44 106,496 a------- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\bin\PluginCtrl.dll
2008-10-01 15:31 <DIR> --d----- c:\program files\Windows NT
2008-09-15 04:12 1,846,400 a------- c:\windows\system32\win32k.sys
2008-09-15 04:12 1,846,400 -------- c:\windows\system32\dllcache\win32k.sys
2008-09-08 02:41 333,824 -------- c:\windows\system32\dllcache\srv.sys
2008-08-27 00:24 3,593,216 a------- c:\windows\system32\dllcache\mshtml.dll
2008-08-25 00:38 13,824 -------- c:\windows\system32\dllcache\ieudinit.exe
2008-08-25 00:37 70,656 -------- c:\windows\system32\dllcache\ie4uinit.exe
2008-08-22 21:56 635,848 -------- c:\windows\system32\dllcache\iexplore.exe
2008-08-22 21:54 161,792 a------- c:\windows\system32\dllcache\ieakui.dll
2008-08-14 02:11 2,189,184 a------- c:\windows\system32\ntoskrnl.exe
2008-08-14 02:11 2,189,184 -------- c:\windows\system32\dllcache\ntoskrnl.exe
2008-08-14 02:09 2,145,280 -------- c:\windows\system32\dllcache\ntkrnlmp.exe
2008-08-14 02:04 138,496 -------- c:\windows\system32\dllcache\afd.sys
2008-08-14 01:33 2,066,048 -------- c:\windows\system32\ntkrnlpa.exe
2008-08-14 01:33 2,066,048 -------- c:\windows\system32\dllcache\ntkrnlpa.exe
2008-08-14 01:33 2,023,936 -------- c:\windows\system32\dllcache\ntkrpamp.exe
2006-06-09 09:37 <DIR> --d----- c:\docume~1\alluse~1\applic~1\MANSION
2006-06-01 13:02 <DIR> --d----- c:\docume~1\owner\applic~1\VERITAS
2006-03-15 09:45 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Macrovision
2006-03-01 14:35 <DIR> --d----- c:\docume~1\owner\applic~1\MSN6
2006-03-01 14:34 <DIR> --d----- c:\docume~1\alluse~1\applic~1\MSN6
2006-03-01 10:09 <DIR> --d----- c:\docume~1\owner\applic~1\Nikon
2006-02-17 11:02 <DIR> --d----- c:\docume~1\owner\applic~1\InterTrust
2008-04-13 16:12 50,688 a--sh--- c:\windows\twain_32.dll
2008-04-13 16:11 1,028,096 a--sh--- c:\windows\system32\mfc42.dll
2008-04-13 16:12 57,344 a--sh--- c:\windows\system32\msvcirt.dll
2008-04-13 16:12 413,696 a--sh--- c:\windows\system32\msvcp60.dll
2008-04-13 16:12 343,040 a--sh--- c:\windows\system32\msvcrt.dll
2008-04-13 16:12 551,936 ---sh--- c:\windows\system32\oleaut32.dll
2008-04-13 16:12 84,992 ---sh--- c:\windows\system32\olepro32.dll
2008-04-13 16:12 11,776 ---sh--- c:\windows\system32\regsvr32.exe

============= FINISH: 18:46:13.48 ===============
Attached Files
File Type: txt Attach.txt (5.3 KB, 1 views)
File Type: txt DDS.txt (10.8 KB, 1 views)
File Type: txt Gmer.txt (53.6 KB, 1 views)
Last edited by Ried; 11-13-2008 at 09:35 PM. Reason: removed telephone number for privacy
ToddHoback is offline  
Important Information
Join the #1 Tech Support Forum Today - It's Totally Free!

TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free.

Join TechSupportforum.com Today - Click Here