| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 68244 | 2006-04-22 07:32:00 | Possible spyware??? | The_End_Of_Reality (334) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 448457 | 2006-04-22 11:02:00 | Sweet, thanks. Gee this is getting a big list of things I have to do... :rolleyes: Oh well its all good... ;) Another PC cleared and prevented of Spyware, Adware, and Malware is another hit for the good guys :thumbs: |
The_End_Of_Reality (334) | ||
| 448458 | 2006-04-22 11:41:00 | Dont forget to post a new HJT log when all the cleanup is done. | Pancake (6359) | ||
| 448459 | 2006-04-22 11:58:00 | Don't worry, I won't ;) I just have to find sometime to do this :waughh: LOL there is even a corner on my screen of stuff to install and run and what not on her PC... (everything you guys have said :thumbs:) |
The_End_Of_Reality (334) | ||
| 448460 | 2006-04-28 08:44:00 | Well... I found 4 hours today and this is the order I ran and how much they came up with... spybot S&D 186 objects, Adaware SE Personal 362 objects, Ewido 596 objects, AVG 25 viruses :horrified :horrified :horrified and not to mention :horrified :horrified I was not able to do a HJT but I will get my friend to do it and E-Mail it to me and I will post it in the near future. Do I get the feeling a format and reinstall would have been better and faster??? |
The_End_Of_Reality (334) | ||
| 448461 | 2006-04-28 08:53:00 | Do I get the feeling a format and reinstall would have been better and faster??? Possible |
stu161204 (123) | ||
| 448462 | 2006-04-28 09:13:00 | Post a new HJT log so we can see whats what. | Pancake (6359) | ||
| 448463 | 2006-04-28 09:15:00 | Post a new HJT log so we can see whats what. I didn't have time to do it today, but I am going to get my friend to and E-Mail it to me :thumbs: | The_End_Of_Reality (334) | ||
| 448464 | 2006-04-28 09:57:00 | There, got the log file... Logfile of HijackThis v1.99.1 Scan saved at 8:45:51 p.m., on 28/04/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe C:\Program Files\ewido anti-malware\ewidoctrl.exe C:\Program Files\ewido anti-malware\ewidoguard.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\RunDll32.exe C:\WINDOWS\htpatch.exe C:\WINDOWS\System32\sistray.EXE C:\WINDOWS\System32\khooker.exe C:\WINDOWS\system32\CTHELPER.EXE C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\Java\jre1.5.0_01\bin\javaw.exe C:\DOCUME~1\PHILTO~1\LOCALS~1\Temp\Temporary Directory 2 for hijackthis.zip\HijackThis.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\DOCUME~1\PHILTO~1\LOCALS~1\Temp\Temporary Directory 3 for hijackthis.zip\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.nz/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com/ O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\System32\sistray.EXE O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\System32\khooker.exe O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [Jet Detection] C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe O4 - HKLM\..\Run: [Xujsm] C:\Program Files\Jefeb\Vbfrg.exe O4 - HKLM\..\Run: [SemanticInsight] C:\Program Files\RXToolBar\Semantic Insight\SemanticInsight.exe O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe" O4 - HKCU\..\Run: [tbon] C:\Program Files\TBONBin\tbon.exe /r O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - Startup: MP3 Rocket (silent).lnk = C:\Program Files\MP3 Rocket\MP3Rocket_on_startup.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O14 - IERESET.INF: START_PAGE_URL=http://global.acer.com/ O17 - HKLM\System\CCS\Services\Tcpip\..\{C4D13E34-00E5-47BA-820A-4F659D2A97D1}: NameServer = 203.96.152.4 203.96.152.12 O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe How does that look? My friend says there is a HUGE increase in speed :D |
The_End_Of_Reality (334) | ||
| 448465 | 2006-04-28 22:31:00 | Looks a lot better . Boot into safe mode . Run HJT again, tick these entries and tick fix checked . O4 - HKLM\ . . \Run: [NvCplDaemon] RUNDLL32 . EXE C:\WINDOWS\System32\NvCpl . dll,NvStartup O4 - HKLM\ . . \Run: [nwiz] nwiz . exe /install O4 - HKLM\ . . \Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1 . 5 . 0_01\bin\jusched . exe Update this ( . java . com/en/download/manual . jsp" target="_blank">www . java . com) I dont know what this belongs to O4 - HKLM\ . . \Run: [Xujsm] C:\Program Files\Jefeb\Vbfrg . exe _ O4 - HKLM\ . . \Run: [SemanticInsight] C:\Program Files\RXToolBar\Semantic Insight\SemanticInsight . exe - Does your mate know what this is? O4 - HKCU\ . . \Run: [tbon] C:\Program Files\TBONBin\tbon . exe /r - This looks like it belongs to adware . O4 - HKCU\ . . \Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr . Exe" /background O4 - Startup: MP3 Rocket (silent) . lnk = C:\Program Files\MP3 Rocket\MP3Rocket_on_startup . exe _ this doesnt look nice, whatever it is . |
Speedy Gonzales (78) | ||
| 448466 | 2006-04-28 23:56:00 | Ok... I have done some googling and found that 'O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup' is for nVidia cards and is NOT to be removed according to Newbie Forums (www.newbie.org) (5th post from the bottom) and this 'O4 - HKLM\..\Run: [nwiz] nwiz.exe /install' this is part of the nVidia nview wizard, what is the install part mean? I have DLed the update for 'O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe' 'O4 - HKLM\..\Run: [SemanticInsight] C:\Program Files\RXToolBar\Semantic Insight\SemanticInsight.exe' Google says this is spyware, so I will remove it... ok, I will remove 'O4 - HKCU\..\Run: [tbon] C:\Program Files\TBONBin\tbon.exe /r' She wants MSN to load with windows so, leave this? 'O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background' 'O4 - Startup: MP3 Rocket (silent).lnk = C:\Program Files\MP3 Rocket\MP3Rocket_on_startup.exe' and I will remove this. |
The_End_Of_Reality (334) | ||
| 1 2 3 | |||||