Spyware Warrior Spyware Warrior
Help with Spyware, Hijacking & Other Internet Nuisances
 
FAQ :: Search :: Memberlist :: Usergroups :: Register
Profile :: Log in to check your private messages :: Log in

Spyware Problems Part III

 
Post new topic   Reply to topic    Spyware Warrior Forum Index -> General Software Discussion
View previous topic :: View next topic  
Author Message
honky dong
Junior Member


Joined: 06 Jul 2004
Last Visit: 07 Aug 2007
Posts: 28
Location: Scotland, UK

PostPosted: Sat Aug 28, 2004 6:20 am    Post subject: Spyware Problems Part III Reply with quote

Despite using spysweeper, norton antivirus and agnitum outpost, i still continue to be plagued by malware etc. If anyone could give advice to get rid of this permanently i'd be most grateful as this problem has been constantly re-accuring. I'd also appreciate any tips given to spot the unneccessary and spyware regestry keys when running a hijack log.

Logfile of HijackThis v1.98.0
Scan saved at 15:12:49, on 28/08/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\PROGRA~1\Agnitum\OUTPOS~1\outpost.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\gsicon.exe
C:\WINDOWS\System32\dslagent.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Installs\hijackthis.exe
C:\Program Files\Messenger\msmsgs.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.uefa.com/Competitions/UCL/index.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [GSICONEXE] gsicon.exe
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Outpost Firewall] C:\PROGRA~1\Agnitum\OUTPOS~1\outpost.exe /waitservice
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe /0
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: Trashcan - {072F3B8A-2DA2-40e2-B841-88899F240200} - C:\Program Files\Agnitum\Outpost Firewall\TRASH.EXE (HKCU)
O9 - Extra 'Tools' menuitem: Show Trashcan - {072F3B8A-2DA2-40e2-B841-88899F240200} - C:\Program Files\Agnitum\Outpost Firewall\TRASH.EXE (HKCU)
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {01FE8D0A-51AD-459B-B62B-85E135128B32} (DD_v4.DDv4) - http://www.drivershq.com/DD_v4.CAB
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab27571.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2003120501/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {E862C832-3A5F-4CEB-BFAA-167B22010A71} (InfosFinder2.InfosFinder) - http://support.packardbell.com/files/activex/InfosFinder2.CAB
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by22fd.bay22.hotmail.msn.com/activex/HMAtchmt.ocx
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab28578.cab

Thanks Very Happy
Back to top
View user's profile Send private message
TeMerc
Warrior Obsessed


Joined: 12 Feb 2004
Last Visit: 23 Jan 2014
Posts: 4953
Location: Phx. AZ.

PostPosted: Sat Aug 28, 2004 2:18 pm    Post subject: Reply with quote

Well, I see no malware or anything unusual in your log, what symptoms are you experiencing?

Arrow Your version of HiJackThis is outdated, please click the 'Config' button, on HJT, then click the 'Misc. Tools' buttons and click the 'Check for Updates Online' button for the newest version of HJT, v 1.98.2
Should that fail to work, delete the old version completely, then try one of these links:
http://aumha.org/downloads/hijackthis.zip
http://aumha.org/downloads/hijackthis.exe


As good as spySweeper is, its not enough for good protection.

To fully secure your pc, this is what I recommend:

Please follow the links below to ensure the highest possible level of protection against any further invasions. The links and the apps are some of the most highly regarded apps in the field of security/protection & detection. Run AdAware & Spybot at least once a week, depending on your surfing habits.
Spybot Search & Destroy v 1.3
Ad-Aware

With AdAware and Spybot: DL, check for updates, then scan, repair/remove/quarantine anything found. Reboot before next scan with whichever app is next.

Spyware Blaster & Spyware Guard
Both of these apps prevent installation of nasties and are proactive.
With Spyware Blaster and Spyware Guard, just DL, check for updates, enable protection, and your done!

I would also add: IESPY ADS, MVPS Hosts and WinPatrol.
Then, follow these IE Tweaks.

Confused about which apps are good or not? Read about Rogue/Approved Anti Security apps

Keep track of updates for ALL your security needs here:
Calendar of Updates

If your interested in becoming an HiJackThis analyst, I suggest you start at one of these too training centers:
Here is the link for Tom Coyote Classroom

Spyware Info Boot Camp
_________________

Ultimate Countermeasures Page
Calendar Of Updates
Malware Advisor Blog
Back to top
View user's profile Send private message Visit poster's website
honky dong
Junior Member


Joined: 06 Jul 2004
Last Visit: 07 Aug 2007
Posts: 28
Location: Scotland, UK

PostPosted: Wed Sep 01, 2004 12:14 am    Post subject: Reply with quote

TeMerc wrote:
Well, I see no malware or anything unusual in your log, what symptoms are you experiencing?


When watching divx on the administrator setting/log in it jumps and stalls continuously and my computer doesnt run fast or well at times (even though i have all Nemo Ultimate DivX codec). As you can imagine, this is very frustrating and has dampened my whole media experience.

I also experience difficulty in trying to play mp3's from my dvd-rom. when trying to enjoy this facility, my winamp software doesnt respond and the only resolution is to remove the dvd-rom.

And with regards to the divx, it doesnt seem to have any problems when being used on a non administrator user account !!!???!!!

I ve used many methods to rectify this but to no avail!!! uninstall etc.

Any suggestions to what is causing all this madness to my windows system????

All responses much appreciated
Back to top
View user's profile Send private message
TeMerc
Warrior Obsessed


Joined: 12 Feb 2004
Last Visit: 23 Jan 2014
Posts: 4953
Location: Phx. AZ.

PostPosted: Wed Sep 01, 2004 7:18 am    Post subject: Reply with quote

Well, sorry, but I have zero experience with these sort of tech related items. I'll move this thread over to the proper forum.
_________________

Ultimate Countermeasures Page
Calendar Of Updates
Malware Advisor Blog
Back to top
View user's profile Send private message Visit poster's website
MysteryFCM
Malware Expert


Joined: 28 Aug 2004
Last Visit: 21 Mar 2014
Posts: 849
Location: Tyne & Wear, UK

PostPosted: Wed Sep 01, 2004 8:07 am    Post subject: Reply with quote

honky dong wrote:
Any suggestions to what is causing all this madness to my windows system????


Do these problems occur when using Media Player (or any other player for that matter) aswell?, or just with WinAmp?
_________________
Regards

Steven Burn
I.T. Mate / hpHosts
it-mate.co.uk / hosts-file.net
Back to top
View user's profile Send private message Visit poster's website
honky dong
Junior Member


Joined: 06 Jul 2004
Last Visit: 07 Aug 2007
Posts: 28
Location: Scotland, UK

PostPosted: Wed Sep 01, 2004 9:00 am    Post subject: Reply with quote

MysteryFCM wrote:
honky dong wrote:
Any suggestions to what is causing all this madness to my windows system????


Do these problems occur when using Media Player (or any other player for that matter) aswell?, or just with WinAmp?


I only use WMV files on media player and this too suffers from similar problems as does winamp and DivX.

I also every now and again (when using IE) get a message window display from Norton saying that it has detected a virus that cannot be removed. i think its a dll file called bloodhound or something. However my media problems existed way before said virus was detected. Its very puzzling and frustration. Confused Sad
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Spyware Warrior Forum Index -> General Software Discussion All times are GMT - 8 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



smartBlue Style © 2002 Smartor
Powered by phpBB © 2001, 2002 phpBB Group