| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 57957 | 2005-05-17 09:05:00 | how to stop popupz and spyware - Kumaguy's log | kumaraguy (4464) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 355958 | 2005-05-17 09:05:00 | Hi I am also having a problem with the gremlins on a computer Just scanned with Highjackthis After removing several hundred greeblies with adaware, spybot and MS Antispyware I get an internet connection for approx . 2 mins, then page not found errors Used the Winsockxp fix to no avail Logfile of HijackThis v1 . 99 . 1 Scan saved at 7:44:02 p . m . , on 17/05/2005 Platform: Windows XP SP2 (WinNT 5 . 01 . 2600) MSIE: Internet Explorer v6 . 00 SP2 (6 . 00 . 2900 . 2180) Running processes: C:\WINDOWS\System32\smss . exe C:\WINDOWS\system32\winlogon . exe C:\WINDOWS\system32\services . exe C:\WINDOWS\system32\lsass . exe C:\WINDOWS\system32\svchost . exe C:\WINDOWS\System32\svchost . exe C:\WINDOWS\system32\spoolsv . exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr . exe C:\Program Files\Norton AntiVirus\navapsvc . exe C:\Program Files\Norton AntiVirus\SAVScan . exe C:\WINDOWS\System32\svchost . exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc . exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr . exe C:\WINDOWS\system32\xpjava . exe C:\WINDOWS\Explorer . EXE C:\WINDOWS\system32\RunDll32 . exe C:\WINDOWS\htpatch . exe C:\Program Files\Logitech\iTouch\iTouch . exe C:\WINDOWS\system32\CTHELPER . EXE C:\Program Files\Common Files\Symantec Shared\ccApp . exe C:\Program Files\Microsoft AntiSpyware\gcasServ . exe C:\Program Files\MSN Messenger\MsnMsgr . Exe C:\Program Files\Microsoft AntiSpyware\gcasDtServ . exe C:\Program Files\Nikon\NkView5\NkvMon . exe C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem . exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01 . exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08 . exe C:\Program Files\GSP\GSPMENU . EXE C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08 . exe C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08 . exe C:\Program Files\Messenger\msmsgs . exe C:\Program Files\Highjackthis\HijackThis . exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www . google . co R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www . google . co . nz/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www . google . co R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www . xtr . co . nz F2 - REG:system . ini: UserInit=userinit . exe,xpjava . exe O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper . dll O4 - HKLM\ . . \Run: [Cmaudio] RunDll32 cmicnfg . cpl,CMICtrlWnd O4 - HKLM\ . . \Run: [HTpatch] C:\WINDOWS\htpatch . exe O4 - HKLM\ . . \Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch . exe O4 - HKLM\ . . \Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC . EXE O4 - HKLM\ . . \Run: [NvCplDaemon] RUNDLL32 . EXE C:\WINDOWS\System32\NvCpl . dll,NvStartup O4 - HKLM\ . . \Run: [nwiz] nwiz . exe /install O4 - HKLM\ . . \Run: [WINDVDPatch] CTHELPER . EXE O4 - HKLM\ . . \Run: [UpdReg] C:\WINDOWS\UpdReg . EXE O4 - HKLM\ . . \Run: [Jet Detection] C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet . exe O4 - HKLM\ . . \Run: [Microsoft System Checkup] wnetlogin . exe O4 - HKLM\ . . \Run: [NT Logging Service] syslog32 . exe O4 - HKLM\ . . \Run: [stcinstaller] c:\installer\id53 . exe O4 - HKLM\ . . \Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp . exe" O4 - HKLM\ . . \Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ . exe" O4 - HKLM\ . . \RunServices: [Microsoft System Checkup] wnetlogin . exe O4 - HKCU\ . . \Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express . exe" O4 - HKCU\ . . \Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr . Exe" /background O4 - Startup: GSP Menu . lnk = C:\Program Files\GSP\GSPMENU . EXE O4 - Global Startup: Microsoft Office . lnk = C:\Program Files\Microsoft Office\Office10\OSA . EXE O4 - Global Startup: NkvMon . exe . lnk = C:\Program Files\Nikon\NkView5\NkvMon . exe O4 - Global Startup: Microsoft Works Calendar Reminders . lnk = ? O4 - Global Startup: EPSON Status Monitor 3 Environment Check . lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV0 3 . EXE O4 - Global Startup: hpoddt01 . exe . lnk = ? O4 - Global Startup: hp psc 1000 series . lnk = ? O8 - Extra context menu item: &Search - . mywebsearch . com/menusearch . html?p=ZRzfw003" target="_blank">bar . mywebsearch . com O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL . EXE/3000 O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs . exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs . exe O12 - Plugin for . spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox . dll O14 - IERESET . INF: START_PAGE_URL=http://global . acer . com/ O16 - DPF: {3AF4DACE-36ED-42EF-9DFC-ADC34DA30CFF} (PatchInstaller . Installer) - file://D:\content\include\XPPatchInstaller . CAB O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr . exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc . exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr . exe O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc . exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12 . exe O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan . exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ . exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc . exe Dang these things are big I can see some obvious errors in there but would appreciate your imput and advice Thankyou |
kumaraguy (4464) | ||
| 355959 | 2005-05-17 09:18:00 | kumaraguy - I have split this post out from the other thread as you really should of started a new thread. It would of only detracted from the help lmv4 was getting in that thread and could of gotten confusing to what advice was being given to which person. :) PS* sorry for spelling your name wrong in the subject heading. |
Jen (38) | ||
| 355960 | 2005-05-17 09:22:00 | Humble Apologies Thanks |
kumaraguy (4464) | ||
| 355961 | 2005-05-17 09:26:00 | Well it looks like you still have some spyware in there I could see mywebsearch listed | Overdrive_5000 (4950) | ||
| 355962 | 2005-05-17 10:15:00 | looks like you have a worm. www.sophos.com C:\WINDOWS\system32\xpjava.exe F2 - REG:system.ini: UserInit=userinit.exe,xpjava.exe |
tweak'e (69) | ||
| 355963 | 2005-05-17 10:19:00 | ok, these are somethings you will need to do: update your virus scanner update windows get a firewall (zonealarm) update spybot(there is a new version out too) update adaware then run them and these should clean them all out. install firefox. by the looks of things you have a few viruses (DONK.B or DONK.C or DONK.L or DONK.M or DONK.O and also OBSORB VIRUS)... so update NAV too running process. (id53.exe) is a virus/trojan [edit] this (www.hijackthis.de) is your log explained better (valid for 3 days) |
Prescott (11) | ||
| 355964 | 2005-05-17 10:32:00 | Thanks guys Updating is a little hard to do as wont stay connected long enough. However we getting there slowly. |
kumaraguy (4464) | ||
| 355965 | 2005-05-17 10:45:00 | do yourself and everyone else a favour and disconect your pc from the net. you will only be infecting someone else and highly likly you will get reinfected. download the tools/updates from another (clean) pc. |
tweak'e (69) | ||
| 355966 | 2005-05-17 10:48:00 | Ok been deleting things one at a time Got to id53.exe and now seem to have a stable internet connection Doing all the updates I can now Good work guys, you have been a big help I hopefully can cut back on the Panadol consumption Quote "download the tools/updates from another (clean) pc." Thats what I did to get to this stage Thanks again |
kumaraguy (4464) | ||
| 355967 | 2005-05-17 12:47:00 | HI Now we seem to have a couple of stubborn gremlins picked up by Spybot that Spybot cant remove (tried it in safe mode as well) DyFuCa.InternetOptimiser ISearchTech.SideFind n-Case Googled and seems can only be removed manually from the registry, not a place I want to go right now Anybody got an idea? |
kumaraguy (4464) | ||
| 1 2 | |||||