 |
Spyware Warrior
Help with Spyware, Hijacking & Other Internet Nuisances
|
| View previous topic :: View next topic |
| Author |
Message |
honky dong
Junior Member
Joined: 06 Jul 2004
Last Visit: 07 Aug 2007
Posts: 28
Location: Scotland, UK
|
 Posted: Sat Aug 28, 2004 6:20 am Post subject: Spyware Problems Part III |
 |
|
Despite using spysweeper, norton antivirus and agnitum outpost, i still continue to be plagued by malware etc. If anyone could give advice to get rid of this permanently i'd be most grateful as this problem has been constantly re-accuring. I'd also appreciate any tips given to spot the unneccessary and spyware regestry keys when running a hijack log.
Logfile of HijackThis v1.98.0
Scan saved at 15:12:49, on 28/08/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\PROGRA~1\Agnitum\OUTPOS~1\outpost.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\gsicon.exe
C:\WINDOWS\System32\dslagent.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Installs\hijackthis.exe
C:\Program Files\Messenger\msmsgs.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.uefa.com/Competitions/UCL/index.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [GSICONEXE] gsicon.exe
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Outpost Firewall] C:\PROGRA~1\Agnitum\OUTPOS~1\outpost.exe /waitservice
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe /0
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: Trashcan - {072F3B8A-2DA2-40e2-B841-88899F240200} - C:\Program Files\Agnitum\Outpost Firewall\TRASH.EXE (HKCU)
O9 - Extra 'Tools' menuitem: Show Trashcan - {072F3B8A-2DA2-40e2-B841-88899F240200} - C:\Program Files\Agnitum\Outpost Firewall\TRASH.EXE (HKCU)
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {01FE8D0A-51AD-459B-B62B-85E135128B32} (DD_v4.DDv4) - http://www.drivershq.com/DD_v4.CAB
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab27571.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2003120501/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {E862C832-3A5F-4CEB-BFAA-167B22010A71} (InfosFinder2.InfosFinder) - http://support.packardbell.com/files/activex/InfosFinder2.CAB
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by22fd.bay22.hotmail.msn.com/activex/HMAtchmt.ocx
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab28578.cab
Thanks  |
|
| Back to top |
|
 |
TeMerc
Warrior Obsessed
Joined: 12 Feb 2004
Last Visit: 23 Dec 2009
Posts: 4953
Location: Phx. AZ.
|
| Posted: Sat Aug 28, 2004 2:18 pm Post subject: |
|
|
Well, I see no malware or anything unusual in your log, what symptoms are you experiencing?
 Your version of HiJackThis is outdated, please click the 'Config' button, on HJT, then click the 'Misc. Tools' buttons and click the 'Check for Updates Online' button for the newest version of HJT, v 1.98.2
Should that fail to work, delete the old version completely, then try one of these links:
http://aumha.org/downloads/hijackthis.zip
http://aumha.org/downloads/hijackthis.exe
As good as spySweeper is, its not enough for good protection.
To fully secure your pc, this is what I recommend:
Please follow the links below to ensure the highest possible level of protection against any further invasions. The links and the apps are some of the most highly regarded apps in the field of security/protection & detection. Run AdAware & Spybot at least once a week, depending on your surfing habits.
Spybot Search & Destroy v 1.3
Ad-Aware
With AdAware and Spybot: DL, check for updates, then scan, repair/remove/quarantine anything found. Reboot before next scan with whichever app is next.
Spyware Blaster & Spyware Guard
Both of these apps prevent installation of nasties and are proactive.
With Spyware Blaster and Spyware Guard, just DL, check for updates, enable protection, and your done!
I would also add: IESPY ADS, MVPS Hosts and WinPatrol.
Then, follow these IE Tweaks.
Confused about which apps are good or not? Read about Rogue/Approved Anti Security apps
Keep track of updates for ALL your security needs here:
Calendar of Updates
If your interested in becoming an HiJackThis analyst, I suggest you start at one of these too training centers:
Here is the link for Tom Coyote Classroom
Spyware Info Boot Camp
_________________
Ultimate Countermeasures Page
Calendar Of Updates
Malware Advisor Blog |
|
| Back to top |
|
|
honky dong
Junior Member
Joined: 06 Jul 2004
Last Visit: 07 Aug 2007
Posts: 28
Location: Scotland, UK
|
| Posted: Wed Sep 01, 2004 12:14 am Post subject: |
|
|
| TeMerc wrote: |
Well, I see no malware or anything unusual in your log, what symptoms are you experiencing?
|
When watching divx on the administrator setting/log in it jumps and stalls continuously and my computer doesnt run fast or well at times (even though i have all Nemo Ultimate DivX codec). As you can imagine, this is very frustrating and has dampened my whole media experience.
I also experience difficulty in trying to play mp3's from my dvd-rom. when trying to enjoy this facility, my winamp software doesnt respond and the only resolution is to remove the dvd-rom.
And with regards to the divx, it doesnt seem to have any problems when being used on a non administrator user account !!!???!!!
I ve used many methods to rectify this but to no avail!!! uninstall etc.
Any suggestions to what is causing all this madness to my windows system????
All responses much appreciated |
|
| Back to top |
|
|
TeMerc
Warrior Obsessed
Joined: 12 Feb 2004
Last Visit: 23 Dec 2009
Posts: 4953
Location: Phx. AZ.
|
|
| Back to top |
|
|
MysteryFCM
Malware Expert
Joined: 28 Aug 2004
Last Visit: 01 Mar 2013
Posts: 841
Location: Tyne & Wear, UK
|
| Posted: Wed Sep 01, 2004 8:07 am Post subject: |
|
|
| honky dong wrote: |
| Any suggestions to what is causing all this madness to my windows system???? |
Do these problems occur when using Media Player (or any other player for that matter) aswell?, or just with WinAmp?
_________________
Regards
Steven Burn
I.T. Mate / hpHosts
it-mate.co.uk / hosts-file.net |
|
| Back to top |
|
|
honky dong
Junior Member
Joined: 06 Jul 2004
Last Visit: 07 Aug 2007
Posts: 28
Location: Scotland, UK
|
| Posted: Wed Sep 01, 2004 9:00 am Post subject: |
|
|
| MysteryFCM wrote: |
| honky dong wrote: |
| Any suggestions to what is causing all this madness to my windows system???? |
Do these problems occur when using Media Player (or any other player for that matter) aswell?, or just with WinAmp? |
I only use WMV files on media player and this too suffers from similar problems as does winamp and DivX.
I also every now and again (when using IE) get a message window display from Norton saying that it has detected a virus that cannot be removed. i think its a dll file called bloodhound or something. However my media problems existed way before said virus was detected. Its very puzzling and frustration.   |
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
smartBlue Style © 2002 Smartor
Powered by phpBB © 2001, 2002 phpBB Group
|
