| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 68214 | 2006-04-21 07:46:00 | Spyware help please - HJT log included | southern_jas (4017) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 448196 | 2006-04-21 07:46:00 | Hi, could some-one p[lease take a look through this log and tell me what I need to close down. Logfile of HijackThis v1.99.1 Scan saved at 6:42:54 p.m., on 21/04/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe C:\WINDOWS\atiptaxx.exe C:\WINDOWS\system32\G-VGA.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\Program Files\Belkin Wireless\Belkin Wireless Keyboard\MagicKey.exe C:\Program Files\Belkin Wireless\Belkin Wireless Mouse\MouseAp.exe C:\WINDOWS\wupdmgr.exe C:\WINDOWS\osaupd.exe C:\Program Files\Belkin Wireless\Belkin Wireless Keyboard\OSD.EXE C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\UAService7.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\Program Files\Canon\MultiPASS4\MPDBMgr.exe C:\Documents and Settings\Jason\Desktop\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.trademe.co.nz/ R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F3 - REG:win.ini: run= O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe O4 - HKLM\..\Run: [ATIPTA] C:\WINDOWS\atiptaxx.exe O4 - HKLM\..\Run: [VGAUtil] C:\WINDOWS\system32\G-VGA.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [HydraVisionDesktopManager] C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1 O4 - Global Startup: Enable Belkin Wireless Keyboard Driver.lnk = C:\Program Files\Belkin Wireless\Belkin Wireless Keyboard\MagicKey.exe O4 - Global Startup: Enable Belkin Wireless Mouse Driver.lnk = C:\Program Files\Belkin Wireless\Belkin Wireless Mouse\MouseAp.exe O8 - Extra context menu item: Download using Download &Express - C:\Program Files\Download Express\Add_Url.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: http://*.windowsupdate.com O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - www.pcpitstop.com O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - v5.windowsupdate.microsoft.com O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - update.microsoft.com O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: MpService - Canon Inc. - C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR3\RpcDataSrv.exe O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR3\RpcSandraSrv.exe O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe |
southern_jas (4017) | ||
| 448197 | 2006-04-21 08:02:00 | Boot into safe mode, run hijackthis again, tick these entries and tick fix checked. C:\WINDOWS\wupdmgr.exe - This is a trojan. Delete this file in safe mode. Make sure you delete this file in the windows folder. DON'T delete the wupdmgr.exe file in the system32 folder. See if these entries are in the registry (www.sophos.com) If they are delete them. Under the recovery tab. F3 - REG:win.ini: run= These dont have to start on bootup O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime I would also update Firefox to 1.5.0.2, if this version isnt installed, at the mo. |
Speedy Gonzales (78) | ||
| 448198 | 2006-04-21 08:06:00 | Remove these with HJT C:\WINDOWS\wupdmgr.exe C:\WINDOWS\osaupd.exe Then run ccleaner, spybot, ewido and download and run the smitrem fix |
bartsdadhomer (80) | ||
| 448199 | 2006-04-21 08:12:00 | Smitrem.exe is here (noahdfear.geekstogo.com) Which is from here (http://noahdfear.geekstogo.com/) I would also update XP, if u haven't yet. |
Speedy Gonzales (78) | ||
| 448200 | 2006-04-21 09:18:00 | Talking about spyware and trojan? lol. I got to laugh at this matter because many people are facing this problem. I use Norton System Works 2006 to secure my computer from spyware, viruses, worms and trojans.:) This software save me from viruses,and spyware lots of time, so maintaining this software every year around $110+ from Norton System Works is nothing much. My computer can't live without Norton System Works. Try buying some anti-spyware products to defend yourself from spywares. It automactically detect and removed. |
MTLance (6768) | ||
| 448201 | 2006-04-21 11:28:00 | Talking about spyware and trojan? lol . I got to laugh at this matter because many people are facing this problem . I use Norton System Works 2006 to secure my computer from spyware, viruses, worms and trojans . :) This software save me from viruses,and spyware lots of time, so maintaining this software every year around $110+ from Norton System Works is nothing much . My computer can't live without Norton System Works . Try buying some anti-spyware products to defend yourself from spywares . It automactically detect and removed . Even commercial AV / firewall programs dont protect you . All you need are programs like Spybot, Adaware, ccleaner, AVG, Nod32, TrendMicro, Zonealarm, etc and some / most of these are free . And are just as good . And smaller . You have to be careful what u use, as some programs say they remove spyware . When in fact, they install it . Most programs u buy these days install a lot of files, not only that they take up quite a bit of ram, and clutter up the hdd . |
Speedy Gonzales (78) | ||
| 448202 | 2006-04-22 00:23:00 | For future reference have a look at castlecops.com |
FrankS (257) | ||
| 448203 | 2006-04-22 02:13:00 | Oh yeah, you're right like big companies like Microsoft join the spyware companies to spy on people activity using computers like which web they visit and etc. Symantec have asked Microsoft to stop that but nothing can be done much about it. I still think getting Symantec software to protect my computer is much better, also new things being added to Norton System Works 2006 like anti-spyware. It usually comes from cookies and peer to peer networking software like kazza, overnet, etc. |
MTLance (6768) | ||
| 448204 | 2006-04-22 02:31:00 | Well true P2P programs are one cause of infection . Since people dont know what they're downloading (altho it may say its this and that) . It doesnt mean it is . And people stupid enough NOT to scan before they run, or play files, after they've downloaded files thru P2P, can only blame themselves for getting malware/trojans etc . I wouldnt say Nortons SW is the best . It may do what it says it can do, but it isnt the best . There are cheaper, (and free), and smaller programs that do the same thing . |
Speedy Gonzales (78) | ||
| 448205 | 2006-04-22 02:32:00 | Last time I tried out Norton products (2005 I think) the anti-spyware capabilities really sucked. have they got any better in the latest version? | Greven (91) | ||
| 1 2 | |||||