Spyware help needed

Status
Not open for further replies.
yash

yash

I draw every day
can i also aks for help if my computer has been infected?
my windows xp constantly keeps showing a baloon saying that computer has been infected with spyware.
But i had scanned my computer with webroot spy sweeper and deleted all the criminals.still i cant open my task manager-it says that the administrator has disabled it-but i am a computer administrator myself and i`m using home version!!!(with sp2)
 
anandk

anandk

Distinguished Member
yash said:
can i also aks for help if my computer has been infected?
my windows xp constantly keeps showing a baloon saying that computer has been infected with spyware.
But i had scanned my computer with webroot spy sweeper and deleted all the criminals.still i cant open my task manager-it says that the administrator has disabled it-but i am a computer administrator myself and i`m using home version!!!(with sp2)
Click to expand...

yash, u appear to have been infected with adware.

is ur spysweeper uptodate ?
else download, install, update and scan ine safe mode, ur pc, using
microsoft antispyware and adaware. www.download.com.

if this does not helps, post your 'hijackthis' logfile here.
download and insttall hijackthis utility. run system scan, save lodfile, copypaste its contents here for further investigations.
 
OP
yash

yash

I draw every day
Logfile of HijackThis v1.99.1
Scan saved at 9:27:06 AM, on 1/9/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\system32\nvsvc32.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
D:\WINDOWS\Explorer.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
D:\WINDOWS\system32\RUNDLL32.EXE
C:\winstall.exe
C:\Program Files\iPod\bin\iPodService.exe
D:\WINDOWS\system32\wscntfy.exe
C:\Program Files\SpywareBlaster\spywareblaster.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
D:\Program Files\D-Tools\daemon.exe
D:\WINDOWS\system32\wuauclt.exe
D:\Documents and Settings\yash\My Documents\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = *www.wincustomize.com/
O4 - HKLM\..\Run: [DAEMON Tools-1033] "D:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SpySweeper] "D:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{F033766F-A156-422C-BE01-F5FD7EA1DD5F}: NameServer = 61.1.96.65 61.1.128.5
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - D:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
 
L

legolas

Padawan
u r infected with this entry
O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe

go here and follow the instructions exactly as told to get it rectified.

/legolas
 
OP
yash

yash

I draw every day
thanks for the link man but i had already reinstalled my windows xp.but i`ll store it for future reference :arrow:
 
Status
Not open for further replies.
Top Bottom