Advertisement

There's no such thing as a stupid question, but they're the easiest to answer.
Login
Search

Advertisement

Web & Email Web & Email
Search Search
Search for:
Tech Support Guy > > >

need help to fix or remove


(!)

rmhjr346's Avatar
rmhjr346 rmhjr346 is offline
Junior Member with 8 posts.
THREAD STARTER
 
Join Date: Jul 2004
Experience: Beginner
04-Jul-2004, 12:52 PM #1
need help to fix or remove
Here is my spybot report.

--- Report generated: 2004-07-04 11:47 ---

Cookie: Cookie (25) (Cookie, nothing done)


Advertising.com: Tracking cookie (Internet Explorer: susan) (Cookie, nothing done)


Advertising.com: Tracking cookie (Internet Explorer: susan) (Cookie, nothing done)


Common Dialogs: History (4 files) (Registry key, nothing done)
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg 32\OpenSaveMRU

DoubleClick: Tracking cookie (Internet Explorer: susan) (Cookie, nothing done)


Internet Explorer: URL history #1 (9 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-1709162666-1316817595-1404449762-1006\Software\Microsoft\Internet Explorer\TypedURLs

Log: Shutdown: System32\wbem\logs\wmiprov.log (Backup file, nothing done)
C:\WINDOWS\System32\wbem\logs\wmiprov.log

Log: Activity: ntbtlog.txt (Backup file, nothing done)
C:\WINDOWS\ntbtlog.txt

Log: Activity: SchedLgU.Txt (Backup file, nothing done)
C:\WINDOWS\SchedLgU.Txt

Log: Shutdown: System32\wbem\logs\wbemess.log (Backup file, nothing done)
C:\WINDOWS\System32\wbem\logs\wbemess.log

Log: Shutdown: System32\wbem\logs\winmgmt.log (Backup file, nothing done)
C:\WINDOWS\System32\wbem\logs\winmgmt.log

MS Direct3D: Most recent application (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Direct3D\MostRecentApplication\Name!=

MS DirectDraw: Most recent application (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication\Name !=

MS Regedit: Recent open key (Registry change, nothing done)
HKEY_USERS\S-1-5-21-1709162666-1316817595-1404449762-1006\Software\Microsoft\Windows\CurrentVersion\Applets\Regedit\LastKey!=

ValueClick: Tracking cookie (Internet Explorer: susan) (Cookie, nothing done)


Windows Explorer: Recent file global history (Registry key, nothing done)
HKEY_USERS\S-1-5-21-1709162666-1316817595-1404449762-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs

Windows Explorer: Last visited history (2 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-1709162666-1316817595-1404449762-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\LastVisite dMRU

Windows Explorer: Run history (2 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-1709162666-1316817595-1404449762-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU

Windows Explorer: User Assistant history files (13 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-1709162666-1316817595-1404449762-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{7504870 0-EF1F-11D0-9888-006097DEACF9}\Count

Windows Explorer: User Assistant history IE (6 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-1709162666-1316817595-1404449762-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB78 0-7743-11CF-A12B-00AA004AE837}\Count


--- Spybot - Search && Destroy version: 1.3 ---
2004-06-16 Includes\Cookies.sbi
2004-06-16 Includes\Dialer.sbi
2004-06-16 Includes\Hijackers.sbi
2004-06-16 Includes\Keyloggers.sbi
2004-05-12 Includes\LSP.sbi
2004-06-16 Includes\Malware.sbi
2003-04-28 Includes\plugin-ignore.ini
2004-06-16 Includes\Revision.sbi
2004-06-16 Includes\Security.sbi
2004-06-16 Includes\Spybots.sbi
2004-06-16 Includes\Tracks.uti
2004-06-16 Includes\Trojans.sbi
her is my email address stifler346@yahoo.com
MY software is WINDOWS XP HOME
inertnet explorer 6.0

Last edited by rmhjr346; 04-Jul-2004 at 01:04 PM.. Reason: to provide info of sotfwrae
etaf's Avatar
etaf   (Wayne) etaf is online now
Computer Specs
Moderator with 52,950 posts.
 
Join Date: Oct 2003
Location: Surrey, UK
04-Jul-2004, 12:56 PM #2
hi, and welcome to TSG

can you provide some details of what your problem is ?
what windows version ?
some specs on PC ?

Most of the secruity gurus here will decode hijackthis logs

HIJACK THIS:
Try not to reboot
Currently the Spyware identified by the security experts and especially the morphing and breeding .exe`s in the new variants of CWS, after every re-boot required by Ad-Aware and Spybot etc, just spawns more and more files for the poster to find and delete. This is making the advice the security experts give just too hard to follow.
One of the security experts recently had one log with over a hundred files, they guy had to format c: drive.

Download and copy hijackthis to its own folder , it makes backups so keeping them separate and available can be useful.

Note the Spyware tools websites are very often under attack and so I have provided more than 1 location to download from:

http://www.tomcoyote.org/hjt/
http://209.133.47.200/~merijn/downloads.html
http://www.thespykiller.co.uk/
http://www.sherrylynn.us/privacypolicy

Close all open windows and open Hijack This. Click “Scan”. When the scan is finished (it only takes a second), the scan button will change to “Save Log”.
Click on “Save Log” and then save it to NotePad.
Click on “Edit” – “Select all” – “copy” and then “paste” into the thread.
DO NOT FIX ANYTHING wait advice from one of the many security experts in this forum.

I currently do not have the skill/competence to advise and poor advice can be far more damaging to your PC with this software, and so I will nolonger be replying to your post, so please have patience and wait for one of the secruity experts to provide further detailed advice
__________________
Wayne
Please let us know what the final solution was to any problem posted
rmhjr346's Avatar
rmhjr346 rmhjr346 is offline
Junior Member with 8 posts.
THREAD STARTER
 
Join Date: Jul 2004
Experience: Beginner
04-Jul-2004, 01:07 PM #3
Thank you for your repy
I have edited the post for you. If you need more let me know.
southernlady's Avatar
Computer Specs
Member with 1,922 posts.
 
Join Date: May 2004
Location: TN
04-Jul-2004, 01:45 PM #4
Well, you do have some major problems.

Log: Shutdown: System32\wbem\logs\wbemess.log (Backup file, nothing done)
C:\WINDOWS\System32\wbem\logs\wbemess.log is the W32.HLLW.Shower.L and that's the "Zoo Worm" http://securityresponse.symantec.com....shower.l.html

Log: Activity: ntbtlog.txt (Backup file, nothing done)
C:\WINDOWS\ntbtlog.txt is the W32.Paps.A@mm and that's just a worm. http://securityresponse.symantec.com...paps.a@mm.html

But I think you have enough to worry about. I don't know how to fix it so I'll wait til one of the experts comes along to help. Liz
rmhjr346's Avatar
rmhjr346 rmhjr346 is offline
Junior Member with 8 posts.
THREAD STARTER
 
Join Date: Jul 2004
Experience: Beginner
04-Jul-2004, 10:37 PM #5
Liz thank you for your reply I have Posted my Hjack report. I would like you to see it and what you may help on.
Again thank very much.
etaf's Avatar
etaf   (Wayne) etaf is online now
Computer Specs
Moderator with 52,950 posts.
 
Join Date: Oct 2003
Location: Surrey, UK
05-Jul-2004, 02:42 AM #6
would you run hijackthis and post the log into this thread.
if necessary we can then move to secruity to review -
but i think a log would be helpful - as described above
rmhjr346's Avatar
rmhjr346 rmhjr346 is offline
Junior Member with 8 posts.
THREAD STARTER
 
Join Date: Jul 2004
Experience: Beginner
05-Jul-2004, 08:01 PM #7
The results fo the Hijak scan
hers what you looking fore. I thank you for the repitted reply,. please see what you can do. I have a copy of my register if you Interrseted.
Logfile of HijackThis v1.98.0
Scan saved at 7:56:03 PM, on 7/5/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\PackethSvc.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\pctspk.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\csuptfn.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb03.exe
C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
C:\Program Files\Connectix\Connectix Desktop Designer\WpCycleWin.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\susan\Desktop\games\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: MxTargetObj Class - {0000607D-D204-42C7-8E46-216055BF9918} - C:\WINDOWS\mxTarget.dll
O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Windows Registry Repair Pro] C:\Program Files\3B Software\Windows Registry Repair Pro\Windows Registry Repair Pro.exe -X
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [sdeb] C:\WINDOWS\sdeb.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [kyezrrij] C:\WINDOWS\System32\csuptfn.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb03.exe
O4 - HKLM\..\Run: [ghsbinkv] C:\WINDOWS\ghsbinkv.exe
O4 - HKLM\..\Run: [DrvLsnr] C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
O4 - HKLM\..\Run: [DDStartup] c:\Program Files\Connectix\Connectix Desktop Designer\DDStartup.exe
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\Compaq\Easy Access Button Support\StartEAK.exe
O4 - HKLM\..\Run: [bwb] C:\WINDOWS\bwb.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [WPCycle.exe] c:\Program Files\Connectix\Connectix Desktop Designer\WpCycleWin.exe
O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\Symantec\LIVEUP~1\SNDMon.EXE
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Mirabilis ICQ] C:\Program Files\ICQ\icq.exe -minimize
O4 - Startup: PowerReg Scheduler.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: Support - {9037FB20-4B20-487E-AEEE-45478F62EF54} - C:\Program Files\Internet Explorer\SIGNUP\Presario.htm (HKCU)
cybertech's Avatar
Moderator with 69,377 posts.
 
Join Date: Apr 2002
Location: USA
06-Jul-2004, 06:18 AM #8
Run Spybot again, make sure to check for updates prior to running the scan.

Scan your machine then click on fix problems.

Reboot. Go here http://forums.techguy.org/t110854/s.html and run at least 2 of the on-line virus scanners.

Reboot and post another hijackthis log.
As Seen On

BBC, Reader's Digest, PC Magazine, Today Show, Money Magazine
WELCOME TO TECH SUPPORT GUY!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.


(clock)
THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Search Tech Support Guy

Find the solution to your
computer problem!




Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools


WELCOME
You Are Using: Server ID
Trusted Website Back to the Top ↑