Spyware on my PC please help!

Discussion in 'Security' started by tiagorules87, Dec 1, 2009.

  1. tiagorules87

    tiagorules87

    Joined:
    Dec 1, 2009
    Messages:
    1
    Likes Received:
    0
    Hi there I am very new to this forum so the situation is that I have ran spybot on my PC and it has found a worm in which I can't get rid of. I was wondering if you guys can help me the name of the worm is CoolWWWSearch.OleHelp. This worm is highly annoying and it redirects a certain URL link to somewhere else.

    Here is my HijackThis log file in which you guys can have a look:



    Logfile of Trend Micro HijackThis v2.0.2

    Scan saved at 13:01:51, on 01/12/2009

    Platform: Windows Vista SP2 (WinNT 6.00.1906)

    MSIE: Internet Explorer v8.00 (8.00.6001.18828)

    Boot mode: Normal



    Running processes:

    C:\Windows\system32\Dwm.exe

    C:\Windows\system32\taskeng.exe

    C:\Windows\Explorer.EXE

    C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe

    C:\Windows\system32\taskeng.exe

    C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe

    C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe

    C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe

    C:\Windows\System32\igfxtray.exe

    C:\Windows\System32\hkcmd.exe

    C:\Windows\System32\igfxpers.exe

    C:\Windows\RtHDVCpl.exe

    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

    C:\Program Files\Trusteer\Rapport\bin\RapportService.exe

    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

    C:\Windows\system32\igfxsrvc.exe

    C:\Program Files\Mediafour\XPlay 3\XPlay.exe

    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

    C:\Program Files\iTunes\iTunesHelper.exe

    C:\Program Files\Java\jre6\bin\jusched.exe

    C:\Program Files\Windows Sidebar\sidebar.exe

    C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe

    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

    C:\Windows\ehome\ehtray.exe

    C:\Program Files\Skype\Phone\Skype.exe

    C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

    C:\Windows\ehome\ehmsas.exe

    C:\Windows\system32\igfxext.exe

    C:\Windows\system32\igfxsrvc.exe

    C:\Program Files\Windows Sidebar\sidebar.exe

    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

    C:\Program Files\Skype\Plugin Manager\skypePM.exe

    C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe

    C:\Program Files\Mozilla Firefox\firefox.exe

    C:\Program Files\Skype\Toolbars\Shared\SkypeNames.exe

    C:\Users\Rules\Downloads\HiJackThis.exe

    C:\Windows\system32\DllHost.exe



    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http:\\www.samsungcomputer.com

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http:\\www.samsungcomputer.com

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http:\\www.samsungcomputer.com

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

    O1 - Hosts: ::1 localhost

    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

    O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll

    O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-
     
    tiagorules87, Dec 1, 2009
    #1
    1. Advertisements

  2. tiagorules87

    WAW8

    Joined:
    Jan 27, 2007
    Messages:
    3,541
    Likes Received:
    2
    Location:
    Northern Virginia, USA
    The best recourse for you at present is to run an antivirus (AV) app outside of Vista so that anything the worm has done to prevent that will not have any effect.



    You should Google for Avira Rescue CD, download the ISO file, and burn that to CD.



    Once you have that, boot into it and use it to clean your machine.
     
    WAW8, Dec 1, 2009
    #2
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.