Forums | Hello Guest, Login or Register | > > L4Y Files: No longer here! < <

Hot Topics Hanging on L4Y Closing Down anyone here Crackdown 3's geomod Roll-Call. Who's still... R.I.P Sir Lots-A-Pot Server maps? Red Faction for Mac Who's still here? Run Event December 27th!   Online Goodness There are 0 users and 2 guests online     Levels-4-You : Lounge : hijack this. [Forum Rules]   Back to Forum Thread List SkipRat    Posted 27th Nov 2005 6:23pm Post 1082 / 3024 Hey geeks I dont have trouble with spyware and everything but my sister does. I went and cleaned it up using AV and adaware programs. But she is still getting random popups even when she isnt browsing the internet. I checked all running processes in the task manager and it looked fine. Ive done a scan with Hijack this... i myself am not too good at seeing whats wrong in one of these. Heres the log file : Logfile of HijackThis v1.99.1 Scan saved at 18:05:22, on 27/11/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:WINDOWSSystem32smss.exe C:WINDOWSsystem32winlogon.exe C:WINDOWSsystem32services.exe C:WINDOWSsystem32lsass.exe C:WINDOWSsystem32svchost.exe C:WINDOWSSystem32svchost.exe Crogram FilesCommon FilesSymantec SharedccSetMgr.exe Crogram FilesCommon FilesSymantec SharedSNDSrvc.exe Crogram FilesCommon FilesSymantec SharedSPBBCSPBBCSvc.exe Crogram FilesCommon FilesSymantec SharedccEvtMgr.exe C:WINDOWSsystem32rundll32.exe C:WINDOWSsystem32spoolsv.exe C:WINDOWSsystem32crypserv.exe Crogram FilesNorton AntiVirusnavapsvc.exe Crogram FilesNorton AntiVirusIWPNPFMntor.exe Crogram FilesCommon FilesSymantec SharedCCPD-LCsymlcsvc.exe C:WINDOWSExplorer.EXE Crogram FilesCommon FilesSymantec SharedccApp.exe C:WINDOWSsystem32svhost.exe Crogram FilesMessengermsmsgs.exe Crogram FilesMSN Messengermsnmsgr.exe C:WINDOWSsystem32WService.EXE Cocuments and SettingsUserDesktopHijackThis.exe R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://searchbar.findthewebsiteyouneed.com R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = http://searchbar.findthewebsiteyouneed.com O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Crogram FilesNorton AntiVirusNavShExt.dll O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - Crogram FilesMSN AppsMSN Toolbar1.02.3000.1001en-usmsntb.dll O4 - HKLM..Run: [ccApp] "Crogram FilesCommon FilesSymantec SharedccApp.exe" O4 - HKLM..Run: [Symantec NetDriver Monitor] CROGRA~1SYMNET~1SNDMon.exe /Consumer O4 - HKLM..Run: [WService] WService.EXE O4 - HKLM..Run: [Windows Login] svhost.exe O4 - HKLM..RunServices: [Windows Login] svhost.exe O4 - HKCU..Run: [MSMSGS] "Crogram FilesMessengermsmsgs.exe" /background O4 - HKCU..Run: [msnmsgr] "Crogram FilesMSN Messengermsnmsgr.exe" /background O8 - Extra context menu item: E&xport to Microsoft Excel - res://CROGRA~1MICROS~2Office10EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Crogram FilesJavajre1.5.0_04binnpjpi150_04.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Crogram FilesJavajre1.5.0_04binnpjpi150_04.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - Crogram FilesMessengermsmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - Crogram FilesMessengermsmsgs.exe O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1124804730718 O16 - DPF: {665585FD-2068-4C5E-A6D3-53AC3270ECD4} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/en/filesharingctrl.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab O17 - HKLMSystemCCSServicesTcpip..{BCBE888E-6863-48E8-8CA9-21DD8751816F}: NameServer = 158.152.1.43 158.152.1.58 O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "CROGRA~1MSNMES~1msgrapp.dll" (file missing) O20 - Winlogon Notify: ModuleUsage - C:WINDOWSsystem32fplq0335e.dll O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - Crogram FilesCommon FilesSymantec SharedccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - Crogram FilesCommon FilesSymantec SharedccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - Crogram FilesCommon FilesSymantec SharedccSetMgr.exe O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:WINDOWSSYSTEM32crypserv.exe O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - Crogram FilesNorton AntiVirusnavapsvc.exe O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - Crogram FilesNorton AntiVirusIWPNPFMntor.exe O23 - Service: SAVScan - Symantec Corporation - Crogram FilesNorton AntiVirusSAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - CROGRA~1COMMON~1SYMANT~1SCRIPT~1SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - Crogram FilesCommon FilesSymantec SharedSNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - Crogram FilesCommon FilesSymantec SharedSPBBCSPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - Crogram FilesCommon FilesSymantec SharedCCPD-LCsymlcsvc.exe O23 - Service: WinTab Service (WinTabService) - Unknown owner - C:WINDOWSsystem32DRIVERSWtSrv.exe (file missing) Meh...     Lace    Posted 27th Nov 2005 7:15pm Post 535 / 1216 Disable the Windows Messenger if it isn't already. A common mistake people make when trying to design something completely foolproof is to underestimate the ingenuity of complete fools.     Tech_N9ne   Posted 27th Nov 2005 7:35pm L4Y Member Post 82 / 163 Well I can tell you right off the bat, the following need to go: Quote R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com See that bold in the last entry...I got the "HomeSearchAssistant" worm/virus and I can tell ya its no good...lol...those entries can go... Quoting Lace: Quote Disable the Windows Messenger if it isn't already. Good advise, but by the looks of it... Quote O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe[quote] its looks like there might be a problem there...but I'm not 100% sure Lastly... [quote]O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab You did the Trend Micro Virus Scan and it left some stuff on your PC, but its okay, infact leave it here. Those are just a few things that caught my attention as I skimmed through it. *Aw poo, I screwed up my quotes and I'm too damn lazy to fix it ... War of the masses, the outcome, disastrous, Many of the victim family save they ashes ...    Modified Nov 27th, 07:38pm by Tech_N9ne SkipRat    Posted 27th Nov 2005 8:09pm Post 1083 / 3024 heh cheers. i noticed the search bar crap. and the msn. But whats causing all the pop ups? Tried to remove as much as i could but shes still getting them..... Im not even sure how shes got all this stuff on there. Adaware found like 80 things. nortons found around 8 spyware items. And i myself removed a few things it diddnt take off/detect. Heh just to be CENSORED .. heres one from my home pc.... just to prove im not a small 12 year old kid with spyware (like my sister ) Logfile of HijackThis v1.99.1 Scan saved at 20:07:31, on 27/11/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\DAEMON Tools\daemon.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\SkipRat\Desktop\HijackThis.exe O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe Meh...    Modified Nov 27th, 08:11pm by SkipRat

Copyright © 2000-2025 Levels-4-You Your request was handled in 0.11 seconds.