unspypc
| Author |
Message |
jan pieter
Guest
|
 Post subject: unspypc |
 |
|
I am going crazy. When I turned my computer on this morning the unspypc was shown by a pop-up screen.
Have been trying all day to get it off, without succes.
Question:
how do I remove this from my computer? |
|
Tue Dec 13, 2005 4:19 pm
 |
|
 |
GTO
Joined: 15 Nov 2005
Posts: 1519
|
| Post subject: |
|
|
|
|
Wed Dec 14, 2005 9:53 am
|
|
|
misterchi
Joined: 07 Jan 2006
Posts: 1
|
| Post subject: help with UnSpy |
|
|
can someone help me? i'm posting my HijackThis log below.
Logfile of HijackThis v1.99.1
Scan saved at 10:49:27 AM, on 1/7/2006
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v5.50 SP1 (5.50.4522.1800)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\PROGRAM FILES\VISUAL NETWORKS\VISUAL IP INSIGHT\SBC\IPCLIENT.EXE
C:\PROGRAM FILES\VISUAL NETWORKS\VISUAL IP INSIGHT\SBC\IPMON32.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMKEYBD.EXE
C:\WINDOWS\SYSTEM\HPSYSDRV.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\KEYBDMGR.EXE
C:\PROGRAM FILES\AVPERSONAL\AVGCTRL.EXE
C:\PROGRAM FILES\NETROPA\ONSCREEN DISPLAY\OSD.EXE
C:\WINDOWS\DESKTOP\MISC\CHATSTUFF\IP HIDER.EXE
C:\PROGRAM FILES\RAM IDLE LE\RAM_ME.EXE
C:\PROGRAM FILES\YAHOO!\MESSENGER\YPAGER.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMUSBKB2.EXE
C:\PROGRAM FILES\TEXTBRIDGE CLASSIC\BIN\TBMENU.EXE
C:\PROGRAM FILES\LEXMARK X125\LEX125SU.EXE
C:\PROGRAM FILES\LEXMARKX63\ACBTNMGR_X63.EXE
C:\PROGRAM FILES\LEXMARKX63\ACMONITOR_X63.EXE
C:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = C:\WINDOWS\SYSTEM\msblank.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://1-se.com/srchasst.html (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.motor-search.info/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,(Default) = www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,(Default) = http://1-se.com/srchasst.html (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,SearchURL = www.google.com
R3 - URLSearchHook: (no name) - {B174C811-84D9-9A56-CA1D-BAA88D029276} - MONITER.dll (file missing)
O1 - Hosts: 3466709097 auto.search.msn.com
O1 - Hosts: 3466709097 sitefinder.verisign.com
O1 - Hosts: 3466709097 sitefinder-idn.verisign.com
O1 - Hosts: 3466709097 www.your.com
O1 - Hosts: 3466709097 your.com
O1 - Hosts: 3466690378 ad.doubleclick.net
O1 - Hosts: 3466690378 view.atdmt.com
O1 - Hosts: 3466690378 click.atdmt.com
O1 - Hosts: 3466690378 leader.linkexchange.com
O2 - BHO: CeresObj Class - {00000049-8F91-4D9C-9573-F016E7626484} - C:\WINDOWS\CERES.DLL
O2 - BHO: SearchToolbar - {08BEC6AA-49FC-4379-3587-4B21E286C19E} - C:\WINDOWS\SYSTEM\SZYAG.DLL
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YT.DLL
O3 - Toolbar: (no name) - {7FD44536-9DF0-4034-939F-5BD4D98E3187} - (no file)
O3 - Toolbar: SearchToolbar - {08BEC6AA-49FC-4379-3587-4B21E286C19E} - C:\WINDOWS\SYSTEM\SZYAG.DLL
O4 - HKLM\..\Run: [LexmarkPrinTray] PrinTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [PDPServer] LMpdpsrv.exe
O4 - HKLM\..\Run: [IPInSightLAN 02] "C:\PROGRAM FILES\VISUAL NETWORKS\VISUAL IP INSIGHT\SBC\IPClient.exe" -l
O4 - HKLM\..\Run: [IPInSightMonitor 02] "C:\PROGRAM FILES\VISUAL NETWORKS\VISUAL IP INSIGHT\SBC\IPMon32.exe"
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Keyboard Manager] C:\Program Files\Netropa\One-touch Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [Delay] C:\WINDOWS\delayrun.exe
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [jymoxmyk] C:\WINDOWS\SYSTEM\pmieibve.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [ICSDCLT] C:\WINDOWS\rundll32.exe C:\WINDOWS\SYSTEM\icsdclt.dll,ICSClient
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE
O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
O4 - HKLM\..\Run: [AVGCtrl] "C:\PROGRA~1\AVPERS~1\AVGCTRL.EXE" /min
O4 - HKLM\..\Run: [WFIPS] C:\WINDOWS\DESKTOP\MISC\CHATSTUFF\IP HIDER.EXE -autoboot
O4 - HKLM\..\Run: [RAM Idle Professional] C:\Program Files\RAM Idle LE\RAM_ME.exe
O4 - HKLM\..\Run: [MSConfigReminder] C:\WINDOWS\SYSTEM\msconfig.exe /reminder
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKCU\..\Run: [desktop] C:\WINDOWS\SYSTEM\IDEMLOG.EXE
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRAM FILES\YAHOO!\MESSENGER\ypager.exe" -quiet
O4 - Startup: Watchdog.lnk = C:\WINDOWS\TWAIN\A4s2\Watchdog.exe
O4 - Startup: TextBridge Instant Access OCR.lnk = C:\Program Files\TextBridge Classic\Bin\TBMENU.EXE
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: Lexmark X125 Settings Utility.lnk = C:\Program Files\Lexmark X125\LEX125SU.exe
O4 - Startup: AcBtnMgr_X63.exe.lnk = C:\Program Files\LexmarkX63\AcBtnMgr_X63.exe
O4 - Startup: ACMonitor_X63.exe.lnk = C:\Program Files\LexmarkX63\ACMonitor_X63.exe
O8 - Extra context menu item: Web Search - C:\WINDOWS\ex.htm
O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra button: (no name) - {869EE607-5376-486d-8DAC-EDC8E239AD5F} - C:\WINDOWS\SYSTEM\CRT32_V2.DLL (file missing)
O9 - Extra button: (no name) - {83D5556F-4224-4fc7-A578-4D09AAD5DED4} - C:\WINDOWS\SYSTEM\ADOBEMAIN.DLL
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YPAGER.EXE
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YPAGER.EXE
O9 - Extra button: Juno - {5774379D-0C43-43C4-80C9-B8A017EDADF8} - juno.exe (file missing) (HKCU)
O9 - Extra button: (no name) - {869EE607-5376-486d-8DAC-EDC8E239AD5F} - C:\WINDOWS\SYSTEM\CRT32_V2.DLL (file missing) (HKCU)
O9 - Extra button: (no name) - {83D5556F-4224-4fc7-A578-4D09AAD5DED4} - C:\WINDOWS\SYSTEM\ADOBEMAIN.DLL (HKCU)
O9 - Extra button: Scan and protect your PC - {BF69DF00-4734-477F-8257-27CD04F88779} - C:\Program Files\UnSpyPC\UnSpyPC.exe (HKCU)
O9 - Extra 'Tools' menuitem: Scan and protect your PC - {BF69DF00-4734-477F-8257-27CD04F88779} - C:\Program Files\UnSpyPC\UnSpyPC.exe (HKCU)
O12 - Plugin for .UVR: C:\Program Files\Internet Explorer\Plugins\NPUPano.dll
O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} - http://www.wildtangent.com/install/wdriver/ddc/shockwave/blackhawkstriker/wtinst.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralInitialSetup1.0.0.8.cab
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 85.255.113.94,85.255.112.20 |
|
Sat Jan 07, 2006 5:52 pm
|
|
|
GTO
Joined: 15 Nov 2005
Posts: 1519
|
| Post subject: |
|
|
I've finally analysed your log. Sorry for the delay  .
Your system is obsessed with numerous parasites. But I don't see any anti-spyware program running. Any powerful spyware remover from the 2-Spyware.com Anti-spyware software list would get rid of the infection in minutes. You should download and install anti-spyware. I recommend Spyware Doctor, Microsoft AntiSpyware, Spy Sweeper and CounterSpy.
If you cannot get a spyware remover quickly enogh, please follow these steps in order to get rid of parasites your system is infected with:
1. Download the KillBox utility.
2. Navigate to Start > Settings > Control Panel and launch the Add or remove programs tool. Wthin the list of installed software find UnSpyPC and uninstall it by clicking on Uninstall or Change/Remove buttons. If there is no UnSpyPC entry, open the C:\Program Files\UnSpyPC folder and run the uninstall.exe file. It is the uninstaller.
3. Delete the entire C:\Program Files\UnSpyPC directory.
4. Use HijackThis to fix the following entries:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = C:\WINDOWS\SYSTEM\msblank.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://1-se.com/srchasst.html (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.motor-search.info/
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,(Default) = http://1-se.com/srchasst.html (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
R3 - URLSearchHook: (no name) - {B174C811-84D9-9A56-CA1D-BAA88D029276} - MONITER.dll (file missing)
O1 - Hosts: 3466709097 auto.search.msn.com
O1 - Hosts: 3466709097 sitefinder.verisign.com
O1 - Hosts: 3466709097 sitefinder-idn.verisign.com
O1 - Hosts: 3466709097 www.your.com
O1 - Hosts: 3466709097 your.com
O1 - Hosts: 3466690378 ad.doubleclick.net
O1 - Hosts: 3466690378 view.atdmt.com
O1 - Hosts: 3466690378 click.atdmt.com
O1 - Hosts: 3466690378 leader.linkexchange.com
O2 - BHO: CeresObj Class - {00000049-8F91-4D9C-9573-F016E7626484} - C:\WINDOWS\CERES.DLL
O2 - BHO: SearchToolbar - {08BEC6AA-49FC-4379-3587-4B21E286C19E} - C:\WINDOWS\SYSTEM\SZYAG.DLL
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O3 - Toolbar: (no name) - {7FD44536-9DF0-4034-939F-5BD4D98E3187} - (no file)
O3 - Toolbar: SearchToolbar - {08BEC6AA-49FC-4379-3587-4B21E286C19E} - C:\WINDOWS\SYSTEM\SZYAG.DLL
O4 - HKLM\..\Run: [jymoxmyk] C:\WINDOWS\SYSTEM\pmieibve.exe
O4 - HKCU\..\Run: [desktop] C:\WINDOWS\SYSTEM\IDEMLOG.EXE
O8 - Extra context menu item: Web Search - C:\WINDOWS\ex.htm
O9 - Extra button: (no name) - {869EE607-5376-486d-8DAC-EDC8E239AD5F} - C:\WINDOWS\SYSTEM\CRT32_V2.DLL (file missing)
O9 - Extra button: Juno - {5774379D-0C43-43C4-80C9-B8A017EDADF8} - juno.exe (file missing) (HKCU)
O9 - Extra button: (no name) - {869EE607-5376-486d-8DAC-EDC8E239AD5F} - C:\WINDOWS\SYSTEM\CRT32_V2.DLL (file missing) (HKCU)
O9 - Extra button: Scan and protect your PC - {BF69DF00-4734-477F-8257-27CD04F88779} - C:\Program Files\UnSpyPC\UnSpyPC.exe (HKCU)
O9 - Extra 'Tools' menuitem: Scan and protect your PC - {BF69DF00-4734-477F-8257-27CD04F88779} - C:\Program Files\UnSpyPC\UnSpyPC.exe (HKCU)
5. Now reboot your system into Safe Mode. This step is very important!
6. Delete the following files (you may need to use KillBox):
C:\WINDOWS\SYSTEM\msblank.html
C:\WINDOWS\CERES.DLL
C:\WINDOWS\SYSTEM\SZYAG.DLL
C:\WINDOWS\SYSTEM\pmieibve.exe
C:\WINDOWS\SYSTEM\IDEMLOG.EXE
C:\WINDOWS\ex.htm
7. After you get done, restart your computer, run another HijackThis scan and post a fresh log here. |
|
Tue Jan 10, 2006 1:14 pm
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
|
|
Recommended software:
Spyware Doctor
 (91/100)
Spyware Doctor is a very powerful, but yet highly user-friendly spyware remover, made by PC Tools, reputable computer security experts. This product provides effective and easy-to-manage...
SUPERAntiSpyware
 (89/100)
SUPERAntiSpyware is a powerful, highly effective spyware remover introducing advanced parasite detection and removal features along with reliable real-time protection. The program is not...
CounterSpy
 (85/100)
CounterSpy is a powerful spyware remover based on revolutionary hybrid engine, which incorporates traditional anti-spyware and advanced antivirus engines. Such combination allows CounterSpy...
Malwarebytes Anti Malware
 (75/100)
There are loads of malware removers on the net today and most of them are lightweight applications, which usually means they’re fast and don’t have many features. One such...
Windows Defender
(75/100)
Windows Defender is a free anti-spyware program made by the leading software company to add native spyware protection to its most popular product - the Microsoft Windows operating...
Encyclopedia of parasites:
|
