Go Back   Computer Forums > General Computing > Hardware
Click Here to Login
Join Computer forums Today


Reply
 
Thread Tools Search this Thread Display Modes
 
Old 09-18-2005, 01:05 AM   #1
Solid State Member
 
Join Date: Sep 2005
Posts: 7
Default spybot cant get rid of funwebproducts

well heres the post, I have removed the obvious programs in add remove progs but no luck spybot still cant remove funwebproducts spyware because it says its still in memory
Logfile of HijackThis v1.99.1
Scan saved at 12:40:02 AM, on 9/18/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\System32\PackethSvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\wmconnectc\wwm.exe
C:\Program Files\Digital Asphyxia\Y!TunnelPro 2.0\YTPro.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe
C:\Documents and Settings\sean\My Documents\dataxp\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\System32\LVComsX.exe
C:\HIJACKTHIS\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cust...search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dial
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dial
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cust...search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dial
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn0\ycomp5_3 _12_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn0\ycomp5_3 _12_0.dll
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - Global Startup: Wal-Mart Connect Tray Icon.lnk = C:\Program Files\wmconnectc\wmtray.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/acti...l_v1-0-3-9.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1121449615962
O16 - DPF: {93CEA8A4-6059-4E0B-ADDD-73848153DD5E} (CWebLaunchCtl Object) - http://gateway.cf1live.com/eSupport/.../weblaunch.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C8B01090-7F64-4E98-B726-D2EA8AA0E4C7}: NameServer = 205.188.146.145
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Virtual NIC Service (PackethSvc) - America Online, Inc. - C:\WINDOWS\System32\PackethSvc.exe
O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

y. so heres the hijack log. who knows maybe theres more crud I dont know about that this forum can find
__________________

toocans is offline   Reply With Quote
Old 09-18-2005, 01:30 AM   #2
Wizard of Wires
 
setishock's Avatar
 
Join Date: Feb 2005
Location: Not sure
Posts: 10,030
Default

In the first place please don't post a highjackthis log unless one of us asks you to do so.
Now if you put spybot in advanced mode and go through all the features you'll find some have been checked to be ignored. Change all the settings to see everything and run it again. Also not any one program will clean everything. Get AdAware se from Lavasoft and make sure you updated it before you run it. Matter of fact make sure spybot is updated.
Lastly run your ad/spy/malware programs from safe mode. Catches the nasties napping.
__________________

setishock is offline   Reply With Quote
Old 09-18-2005, 02:17 AM   #3
Daemon Poster
 
wozelbeak's Avatar
 
Join Date: Sep 2004
Posts: 1,324
Default Re: spybot cant get rid of funwebproducts

and i would suggest that you turn off your system restore, they might be hiding there.
woz
__________________
PENTIUM 4 3.06 GHZ WITH HT TECHNOLOGY
wozelbeak is offline   Reply With Quote
Old 09-18-2005, 02:25 AM   #4
Wizard of Wires
 
setishock's Avatar
 
Join Date: Feb 2005
Location: Not sure
Posts: 10,030
Default

Good point Woz...
I forgot about that. What ya want at 2:25am??? LOL
setishock is offline   Reply With Quote
Old 09-18-2005, 03:35 AM   #5
Daemon Poster
 
wozelbeak's Avatar
 
Join Date: Sep 2004
Posts: 1,324
Default Re: spybot cant get rid of funwebproducts

No Worries Seti, Its 8:30 Am Here And Im As Fresh As A Daisey Lol.
Woz
__________________
PENTIUM 4 3.06 GHZ WITH HT TECHNOLOGY
wozelbeak is offline   Reply With Quote
Old 09-18-2005, 03:46 AM   #6
Solid State Member
 
Join Date: Sep 2005
Posts: 7
Default Re: spybot cant get rid of funwebproducts

sorry about posting the log with out you guys asking, didnt know posting with out a request to post a log would cause probs, just ran across this site and was eager to get this solved
toocans is offline   Reply With Quote
Old 09-18-2005, 03:48 AM   #7
Solid State Member
 
Join Date: Sep 2005
Posts: 7
Default Re: spybot cant get rid of funwebproducts

also I dont know what I am doing in spybot advanced mode, and not sure how to turn off system restore
toocans is offline   Reply With Quote
Old 09-18-2005, 04:01 AM   #8
Daemon Poster
 
wozelbeak's Avatar
 
Join Date: Sep 2004
Posts: 1,324
Default Re: spybot cant get rid of funwebproducts

go to all programmes in your start menue, then hit the accesories tab, then hit system restore. check the box that says sdisable system restore, or turn off system restore. then boot into safe mode and run all of your spyware/adware programes. re boot into your normal mode and re scan, then uncheck the system restore box.
let us know how it goes.
woz
__________________
PENTIUM 4 3.06 GHZ WITH HT TECHNOLOGY
wozelbeak is offline   Reply With Quote
Old 09-18-2005, 04:43 AM   #9
Solid State Member
 
Join Date: Sep 2005
Posts: 7
Default

well turned off system restore, ran spybot in safe mode still no luck........windows xp.....533mhz 120 gig hard drive gateway
toocans is offline   Reply With Quote
Old 09-18-2005, 04:46 AM   #10
Solid State Member
 
Join Date: Sep 2005
Posts: 7
Default Re: spybot cant get rid of funwebproducts

oh yea and I made sure nothing was checked in spybot advanced mode........ad aware doesnt say it cant remove funwebproducts.....maybe it doesnt find it
__________________

toocans is offline   Reply With Quote
Reply

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off



All times are GMT -5. The time now is 04:39 PM.


Powered by vBulletin® Version 3.8.8 Beta 4
Copyright ©2000 - 2017, vBulletin Solutions, Inc.
Search Engine Friendly URLs by vBSEO 3.6.0