kobbo Posted August 9, 2005 Share Posted August 9, 2005 Ok, over the last 2-3 days my computer has been, how can i put it. COMPLETELY STUFFED UP! I need seriouse help here people, for some reason today i got soem spyware. Ive scanned with AdAware and SpywareSearch&Destroy. They havent detected it. The 'spyware' has disabled my windows security settings and it keeps sending massive ammount of email scans to me. Here is a screenshot of one of the ANNYOING thigns that goes on on this 'great' hunk of 'goodness'. >>> <<< Urgent help !!! -aj ;D Link to comment Share on other sites More sharing options...
Mercifull Posted August 9, 2005 Share Posted August 9, 2005 Post a HijackThis log urgently plz. Mercifull <3 Suzi "We don't want players to be able to buy their way to success in RuneScape. If we let players start doing this, it devalues RuneScape for others. We feel your status in real-life shouldn't affect your ability to be successful in RuneScape" Jagex 01/04/01 - 02/03/12 Link to comment Share on other sites More sharing options...
kobbo Posted August 9, 2005 Author Share Posted August 9, 2005 ogfile of HijackThis v1.99.1 Scan saved at 9:33:09 PM, on 8/9/2005 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss[Caution: ExecutableFile] C:\WINDOWS\system32\winlogon[Caution: ExecutableFile] C:\WINDOWS\system32\services[Caution: ExecutableFile] C:\WINDOWS\system32\lsass[Caution: ExecutableFile] C:\WINDOWS\system32\svchost[Caution: ExecutableFile] C:\WINDOWS\system32\svchost[Caution: ExecutableFile] C:\WINDOWS\System32\svchost[Caution: ExecutableFile] C:\Program Files\Common Files\Symantec Shared\ccProxy[Caution: ExecutableFile] C:\WINDOWS\Explorer[Caution: ExecutableFile] C:\Program Files\Common Files\Symantec Shared\ccSetMgr[Caution: ExecutableFile] C:\Program Files\Norton Personal Firewall\ISSVC[Caution: ExecutableFile] C:\Program Files\Common Files\Symantec Shared\SNDSrvc[Caution: ExecutableFile] C:\Program Files\Media Gateway\MediaGateway[Caution: ExecutableFile] C:\Program Files\Common Files\Symantec Shared\ccApp[Caution: ExecutableFile] C:\Program Files\Common Files\Symantec Shared\ccEvtMgr[Caution: ExecutableFile] C:\WINDOWS\system32\spoolsv[Caution: ExecutableFile] C:\WINDOWS\System32\svchost[Caution: ExecutableFile] C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc[Caution: ExecutableFile] C:\Program Files\Internet Explorer\iexplore[Caution: ExecutableFile] C:\Program Files\Common Files\Symantec Shared\AdBlocking\NSMdtr[Caution: ExecutableFile] C:\Documents and Settings\Owner\My Documents\hjthis\HijackThis[Caution: ExecutableFile] R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.optusnet.com.au/?brand=ODSL&panel=1 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://dsl.optusnet.com.au/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by OptusNet R3 - Default URLSearchHook is missing O2 - BHO: PK IE Plugin - {1E1B2879-88FF-11D3-8D96-D7ACAC95951A} - (no file) O2 - BHO: Norton Personal Firewall - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: Norton Personal Firewall - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O4 - HKLM\..\Run: [Media Gateway] C:\Program Files\Media Gateway\MediaGateway[Caution: ExecutableFile] O4 - HKLM\..\Run: [pccguide[Caution: ExecutableFile]] "C:\Program Files\Trend Micro\Internet Security 2005\pccguide[Caution: ExecutableFile]" O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp[Caution: ExecutableFile]" O4 - HKLM\..\Run: [sSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt[Caution: ExecutableFile] O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr[Caution: ExecutableFile]" /background O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/CDT/ie/bridge-c18.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMe ... loader.cab O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr[Caution: ExecutableFile] O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy[Caution: ExecutableFile] O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc[Caution: ExecutableFile] O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr[Caution: ExecutableFile] O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Personal Firewall\ISSVC[Caution: ExecutableFile] O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom[Caution: ExecutableFile] O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc[Caution: ExecutableFile] O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc[Caution: ExecutableFile] O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc[Caution: ExecutableFile] O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv[Caution: ExecutableFile] O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw[Caution: ExecutableFile] O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy[Caution: ExecutableFile] ^ that better not contain ym passes LOL ;D Link to comment Share on other sites More sharing options...
Mercifull Posted August 9, 2005 Share Posted August 9, 2005 Well you have an infection because you have neglected to keep your windows up to date. The current version of Internet Explorer is 6.00.2800.1106 on Windows XP Service Pack 2. You are running XP Standard on IE 6.00.2600.0000 Its likely that maybe your computer is being exploited to send spam Press Ctrl + Alt + Delete and end the following process. C:\Program Files\Media Gateway\MediaGateway[Caution: ExecutableFile] Then tick the box next to the following items and "fix" R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.optusnet.com.au/?brand=ODSL&panel=1 R3 - Default URLSearchHook is missing O2 - BHO: PK IE Plugin - {1E1B2879-88FF-11D3-8D96-D7ACAC95951A} - (no file) [related to bpk perfect keylogger commonly used by runescape "hackers"] O4 - HKLM\..\Run: [Media Gateway] C:\Program Files\Media Gateway\MediaGateway[Caution: ExecutableFile] O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/CDT/ie/bridge-c18.cab Fix those, restart and post a fresh log. Mercifull <3 Suzi "We don't want players to be able to buy their way to success in RuneScape. If we let players start doing this, it devalues RuneScape for others. We feel your status in real-life shouldn't affect your ability to be successful in RuneScape" Jagex 01/04/01 - 02/03/12 Link to comment Share on other sites More sharing options...
kobbo Posted August 10, 2005 Author Share Posted August 10, 2005 Fresh LOG Logfile of HijackThis v1.99.1 Scan saved at 4:15:28 PM, on 8/10/2005 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss[Caution: ExecutableFile] C:\WINDOWS\system32\winlogon[Caution: ExecutableFile] C:\WINDOWS\system32\services[Caution: ExecutableFile] C:\WINDOWS\system32\lsass[Caution: ExecutableFile] C:\WINDOWS\system32\svchost[Caution: ExecutableFile] C:\WINDOWS\system32\svchost[Caution: ExecutableFile] C:\WINDOWS\System32\svchost[Caution: ExecutableFile] C:\Program Files\Common Files\Symantec Shared\ccProxy[Caution: ExecutableFile] C:\Program Files\Common Files\Symantec Shared\ccSetMgr[Caution: ExecutableFile] C:\WINDOWS\Explorer[Caution: ExecutableFile] C:\Program Files\Norton Personal Firewall\ISSVC[Caution: ExecutableFile] C:\Program Files\Common Files\Symantec Shared\SNDSrvc[Caution: ExecutableFile] C:\Program Files\Common Files\Symantec Shared\ccApp[Caution: ExecutableFile] C:\Program Files\MSN Messenger\msnmsgr[Caution: ExecutableFile] C:\Program Files\Common Files\Symantec Shared\ccEvtMgr[Caution: ExecutableFile] C:\WINDOWS\system32\spoolsv[Caution: ExecutableFile] C:\WINDOWS\System32\svchost[Caution: ExecutableFile] C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc[Caution: ExecutableFile] C:\WINDOWS\System32\msiexec[Caution: ExecutableFile] C:\Program Files\Internet Explorer\iexplore[Caution: ExecutableFile] C:\Program Files\Common Files\Symantec Shared\AdBlocking\NSMdtr[Caution: ExecutableFile] C:\Documents and Settings\Owner\My Documents\hjthis\HijackThis[Caution: ExecutableFile] R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://dsl.optusnet.com.au/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by OptusNet O2 - BHO: Norton Personal Firewall - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: Norton Personal Firewall - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp[Caution: ExecutableFile]" O4 - HKLM\..\Run: [sSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt[Caution: ExecutableFile] O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr[Caution: ExecutableFile]" /background O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMe ... loader.cab O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr[Caution: ExecutableFile] O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy[Caution: ExecutableFile] O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc[Caution: ExecutableFile] O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr[Caution: ExecutableFile] O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Personal Firewall\ISSVC[Caution: ExecutableFile] O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc[Caution: ExecutableFile] O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc[Caution: ExecutableFile] O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc[Caution: ExecutableFile] - aj HELP! ;D Link to comment Share on other sites More sharing options...
Mercifull Posted August 10, 2005 Share Posted August 10, 2005 Log looks ok but you still havn't updated windows Mercifull <3 Suzi "We don't want players to be able to buy their way to success in RuneScape. If we let players start doing this, it devalues RuneScape for others. We feel your status in real-life shouldn't affect your ability to be successful in RuneScape" Jagex 01/04/01 - 02/03/12 Link to comment Share on other sites More sharing options...
kobbo Posted August 10, 2005 Author Share Posted August 10, 2005 Ah ok, man my net is REALLY bothering me, i hate it, its meant to be fast bud GEEEZ its annoyin@!!! Hopefully it will be better soon :P ;D Link to comment Share on other sites More sharing options...
kobbo Posted August 10, 2005 Author Share Posted August 10, 2005 Hey mercifull, i did what you asked and downloaded windows updates bla bla ect ect. Yet my net is still slow as! What ?!? The?!? Hell?!? Oh and my computer took 10 misn to load startup items (STILL) and it only has 4 :shock: HJACKTHIS LOG (help me) updated log Logfile of HijackThis v1.99.1 Scan saved at 8:43:24 PM, on 8/10/2005 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss[Caution: ExecutableFile] C:\WINDOWS\system32\winlogon[Caution: ExecutableFile] C:\WINDOWS\system32\services[Caution: ExecutableFile] C:\WINDOWS\system32\lsass[Caution: ExecutableFile] C:\WINDOWS\system32\svchost[Caution: ExecutableFile] C:\WINDOWS\system32\svchost[Caution: ExecutableFile] C:\WINDOWS\System32\svchost[Caution: ExecutableFile] C:\Program Files\Common Files\Symantec Shared\ccProxy[Caution: ExecutableFile] C:\WINDOWS\Explorer[Caution: ExecutableFile] C:\Program Files\Common Files\Symantec Shared\ccSetMgr[Caution: ExecutableFile] C:\Program Files\Norton Personal Firewall\ISSVC[Caution: ExecutableFile] C:\Program Files\Common Files\Symantec Shared\SNDSrvc[Caution: ExecutableFile] C:\Program Files\Common Files\Symantec Shared\ccEvtMgr[Caution: ExecutableFile] C:\Program Files\Common Files\Symantec Shared\ccApp[Caution: ExecutableFile] C:\Program Files\MSN Messenger\msnmsgr[Caution: ExecutableFile] C:\WINDOWS\system32\spoolsv[Caution: ExecutableFile] C:\WINDOWS\System32\svchost[Caution: ExecutableFile] C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc[Caution: ExecutableFile] C:\Program Files\Internet Explorer\iexplore[Caution: ExecutableFile] C:\Program Files\Common Files\Symantec Shared\AdBlocking\NSMdtr[Caution: ExecutableFile] C:\Documents and Settings\Owner\My Documents\hjthis\HijackThis[Caution: ExecutableFile] R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://dsl.optusnet.com.au/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by OptusNet O2 - BHO: Norton Personal Firewall - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: Norton Personal Firewall - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp[Caution: ExecutableFile]" O4 - HKLM\..\Run: [sSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt[Caution: ExecutableFile] O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr[Caution: ExecutableFile]" /background O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMe ... loader.cab O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr[Caution: ExecutableFile] O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy[Caution: ExecutableFile] O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc[Caution: ExecutableFile] O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr[Caution: ExecutableFile] O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Personal Firewall\ISSVC[Caution: ExecutableFile] O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc[Caution: ExecutableFile] O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc[Caution: ExecutableFile] O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc[Caution: ExecutableFile] Help me of Mercifull one! ;D Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now