Cyno01

If i ever meet someone who works for a spyware company, i dont care if he's standing nect to a federal agent, i'm going to break his ****ing face, rip out his eyes, put them down his pants so he can get a good closeup view of me kicking his ass, then rip off his head and **** down his neck. This **** has got to go. i dont know how its gotten so bad, but my parents computer is FUBAR, and no format/reinstall isn't an option with an out of waranty computer with an OEM liscense... Every 30 seconds or so, you get an error report for internet explorer, and there are always two instances running in the processes. Also, about every 5 minutes, i have to go into the task manager, and close 20 identical 5 meg processes called "1 Axis.exe". Not to mention whatever the hell is going on, its lower than browser level because i'm getting aditional adds in google even in not just IE, but Opera and FF as well. I really dont know how this has gotten so bad. My parents and sister use Opera, i got my sister using trillian, i've got adaware, spybot and norton AV to auto update and run bi-weekly... the only thing is outlook, but i have preview disabled and my parents dont open suspiscious messages. I've updated and run all three of those in safe mode, i've also tried CWShredder, and i also downloaded the new microsoft anti-spyware tool, and so far im impressed, but the root problems remain. I think i've been able to narrow down most of the problems to two things, the swizzor trojan, which nobody seems to have a removal tool for yet, not even listed on nortons site, and the search200 toolbar. On a side note, i cant find info on this crap, just places selling 20 different spyware tools i've never heard of. Seems like everyone and their grandma has one these days, theyre allmost as bad as the spyware, have to keep 20 of them running at all times and that just drags down your computer more than the spyware would...

Cyno01

Here's my log from HijackThis, i dont feel confident enough in knowing wtf all these are to start checking boxes for removal...

Logfile of HijackThis v1.98.2
Scan saved at 10:46:11 PM, on 3/18/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\system32\pctspk.exe
C:\Program Files\Speed Disk\nopdb.exe
C:\Program Files\Object Desktop\WindowBlinds\wbload.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
C:\Documents and Settings\Sam\Start Menu\Programs\Startup\threat.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trillian\trillian.exe
C:\Program Files\Opera\Opera.exe
C:\Documents and Settings\All Users\Application Data\DRIVE TITLE VIEW TYPE\1 Axis.exe
C:\Documents and Settings\All Users\Application Data\DRIVE TITLE VIEW TYPE\1 Axis.exe
C:\Documents and Settings\All Users\Application Data\DRIVE TITLE VIEW TYPE\1 Axis.exe
C:\Documents and Settings\All Users\Application Data\DRIVE TITLE VIEW TYPE\1 Axis.exe
C:\Documents and Settings\All Users\Application Data\DRIVE TITLE VIEW TYPE\1 Axis.exe
C:\Documents and Settings\All Users\Application Data\DRIVE TITLE VIEW TYPE\1 Axis.exe
C:\Documents and Settings\All Users\Application Data\DRIVE TITLE VIEW TYPE\1 Axis.exe
C:\Documents and Settings\All Users\Application Data\DRIVE TITLE VIEW TYPE\1 Axis.exe
C:\Documents and Settings\All Users\Application Data\DRIVE TITLE VIEW TYPE\1 Axis.exe
C:\Documents and Settings\All Users\Application Data\DRIVE TITLE VIEW TYPE\1 Axis.exe
C:\Documents and Settings\All Users\Application Data\DRIVE TITLE VIEW TYPE\1 Axis.exe
C:\Documents and Settings\Sam\Desktop\HijackThis.exe
C:\Documents and Settings\All Users\Application Data\DRIVE TITLE VIEW TYPE\1 Axis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.mgykolctrgrryuetrp.uk/rL3...n6/JBxwts.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://dovetest.tripod.com/
N2 - Netscape 6: user_pref("browser.startup.homepage", "http://dovetest.tripod.com"); (C:\Documents and Settings\Sam\Application Data\Mozilla\Profiles\default\l5pxgg0w.slt\prefs.j s)
N2 - Netscape 6: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5Cmozilla.org%5CMozilla%5Cs earchplugins%5CNetscapeSearch.src"); (C:\Documents and Settings\Sam\Application Data\Mozilla\Profiles\default\l5pxgg0w.slt\prefs.j s)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printra y.exe
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
O4 - HKLM\..\Run: [Lexmark X83 Button Monitor] C:\PROGRA~1\LEXMAR~1\ACMonitor_X83.exe
O4 - HKLM\..\Run: [Lexmark X83 Button Manager] C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X83.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [winupdt] RUNDLL32.EXE c:\windows\lviewenu.dll,_mainRD
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - Startup: threat.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &NeoTrace It! - C:\PROGRA~1\NEOTRA~1\NTXcontext.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\Office2K\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: NeoTrace It! - {9885224C-1217-4c5f-83C2-00002E6CEF2B} - C:\PROGRA~1\NEOTRA~1\NTXtoolbar.htm (HKCU)
O9 - Extra button: Support - {B7FAE6DC-33B7-4849-8533-27EB6F29E061} - C:\Program Files\Internet Explorer\SIGNUP\Presario.htm (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {12589FA1-C456-11CE-BF01-10AA1055595A} - http://www.wsel.net/imcupdatefiles/whistlesilent610.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/...eInstaller.exe
O16 - DPF: {90918C20-FB99-495A-BD79-CB91ACF44887} - http://www.typingmaster.com/contents...ck/TMSetup.cab
O16 - DPF: {99802379-7362-40E2-9D28-8A3B9AF880B7} - http://hotsearchbar.com/toolbar2/winhot32.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: {EE2589EB-7FC8-44DB-A892-573F2C4B41E0} - http://pdf.forbes.com/forbesnews/tri...tyleSigned.cab
O16 - DPF: {F5C90925-ABBF-4475-88F5-8622B452BA9E} (Compaq System Data Class) - http://web14.compaq.com/falco/SysQuery.cab

Also, my dad is downstairs using the typewriter because this machine is so unusable.

JessAlba452

Damn.... All spyware must die!!!

stereomod

heh im hooking him up with something so it'll be all good!

nev_payne

a first shot would be to go into safe mode, and clear out all the temp internet files, temp folders and cookies. Then run msconfig and shut down all but the essential startup items (ie anti-virus, firewall and style xp)

Afterward run Spybot SD and get it to nuke everything it finds. Then run WinASO and clear out the regestry. Should take you 15mins tops.

konai_konai666

I've found that the worst spyware must be personally deleted by going into safemode and manually finding/& destroying the malicious items from the specified locations from that Hijackthis log. This worked great for me when I got a "completely unremovable" toolbar that actually self-installed into explorer from internet explorer so no antivirus/spyware programs could ever possibly see it. I had to bring myself to the bright idea of deleting it manually. I'm proud to say, this is that same OS installation, I have AVG run a test daily use Sygate PF 24/7 run The Cleaner monthly and FF makes sure I barely ever see a dynamic ad ( a window pop-up, that is). I also use Spybot:SD occasionally.
GL, hope something here helps bring the fix.

lAnonymousl

Wierd. All I run is Norton AV 2005 and scan with Spybot and Adware every week and haven't had so much as one piece of spy / adware in about a month.

I have noticed more popups recently, however. Hopefully they update FF (or just the popup blocker) to take care of that.

Dex

A combintaion of Avast, Sygate Personal Firewall, MS AntiSpyware the Windows Firewall seems to do the trick for me, never had any problems with spyware/adware/trojans, they're all nuked as soon as they arrive

4rm4g3dd0n

i stil dont get popups on firefox, i dunno why it would be giving you any.

Anchi

ill im you, this is my job in rj.