1
   

Several Problems. Please help.

Forums: Computers
Email this Topic Print this Page
 
 
IcyGarnet
 
Reply Mon 28 Jun, 2004 07:06 pm
Hello, I am having several problems with spywear and adwear on my computer, that just doesn't seem to want to go away! I am also having a problem with my Internet Explorer changing my URL to auto:blank.

I also recently has an incident with a virus that actually came from my free edition of AVG, and I am not sure if it is still on my computer! I thought I would ask the experts, and hopefully get some answers! Any suggestions of programs such as free virus protection, would be deeply apreciated!

Here is my HijackThis Log.

Logfile of HijackThis v1.97.7
Scan saved at 9:06:17 AM, on 10/25/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Crazy Browser\Crazy Browser.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Documents and Settings\Kirby\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\Kirby\LOCALS~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\Kirby\LOCALS~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\Kirby\LOCALS~1\Temp\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\Kirby\LOCALS~1\Temp\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\Kirby\LOCALS~1\Temp\sp.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\Kirby\LOCALS~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
O2 - BHO: (no name) - {9DF7EC42-F5F0-4AFC-8320-4543958A7532} - C:\WINDOWS\System32\lmecbln.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [C-Media Speaker Configuration] D:\Sound\C-Media\WinXP\Setup.exe /SPEAKER
O4 - HKLM\..\Run: [C-Media Mixer] C:\Program Files\PCI Audio Applications\Bin\AudioRack.exe /MixerStartup
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Disk Monitor] C:\Documents and Settings\Kirby\Disk_Monitor.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AVG_CC] C:\Program Files\Grisoft\AVG6\avgcc32.exe /startup
O4 - HKLM\..\Run: [RAMfreer] C:\Program Files\RAMfreer\RAMfreer.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [kdx] C:\WINDOWS\kdx\KHost.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpyKiller] C:\Program Files\SpyKiller\spykiller.exe /startup
O4 - Startup: Reboot.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20040427/qtinstall.info.apple.com/saba/us/win/QuickTimeInstaller.exe
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX22/download/kdx.cab

Thanks!
  • Topic Stats
  • Top Replies
  • Link to this Topic
Type: Discussion • Score: 1 • Views: 588 • Replies: 4
No top replies

 
cheekynzgirl
 
  1  
Reply Tue 29 Jun, 2004 04:40 am
Might b able to help u
Hi there, I'm no expert but try downloading a program called ad-aware, its really quite good, also press ctrl+alt+delete and end the process called C:\Program Files\Crazy Browser\Crazy Browser.exe that might be changing your browser the default url, unless it is your own browser that you choose to use instead of Internet Explorer.
If you didnt put the program Crazy browser on ur comp the remover it from startup, start -- Run-- type msconfig in the box, click the startup tab and uncheck any boxes of programs that you thing shouldnt be starting upon start up, then apply. You will then have to restart and if you are running XP a window will appear upon startup, just follow the instructions.
See how this all goes, hopefully it works out for you
0 Replies
 
Craven de Kere
 
  1  
Reply Tue 29 Jun, 2004 09:44 am
Re: Several Problems. Please help.
IcyGarnet wrote:
C:\Program Files\Crazy Browser\Crazy Browser.exe


I'd get rid of this program.

Quote:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\Kirby\LOCALS~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\Kirby\LOCALS~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\Kirby\LOCALS~1\Temp\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\Kirby\LOCALS~1\Temp\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\Kirby\LOCALS~1\Temp\sp.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\Kirby\LOCALS~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
O2 - BHO: (no name) - {9DF7EC42-F5F0-4AFC-8320-4543958A7532} - C:\WINDOWS\System32\lmecbln.dll


Fix these.


Quote:
O4 - HKLM\..\Run: [C-Media Speaker Configuration] D:\Sound\C-Media\WinXP\Setup.exe /SPEAKER
O4 - HKLM\..\Run: [C-Media Mixer] C:\Program Files\PCI Audio Applications\Bin\AudioRack.exe /MixerStartup


I'd at least fix these as that will stop them from running on startup. They look suspicious so I'd slso look into them and maybe remove them entirely.


Quote:
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Disk Monitor] C:\Documents and Settings\Kirby\Disk_Monitor.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe


All look unecessary, some look bad.


Quote:
O4 - HKLM\..\Run: [RAMfreer] C:\Program Files\RAMfreer\RAMfreer.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [kdx] C:\WINDOWS\kdx\KHost.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook


Get rid of these.

Quote:
O4 - Startup: Reboot.exe


And this..
0 Replies
 
IcyGarnet
 
  1  
Reply Tue 29 Jun, 2004 01:35 pm
Great! Thanks for the help, everything seems to be running well up to this point. I was also wondering if you know any good anti-virus programs? I don't quite trust the free AVG scanner anymore.

- Thanks!
0 Replies
 
Craven de Kere
 
  1  
Reply Tue 29 Jun, 2004 01:44 pm
I actually recommend against everything but Norton AV.

But McAffee and others are pretty good as well, I just think Norton is a wee bit better.

Thing is, you were not infected with a virus, you were infected by spyware.

Most AV programs will not protect against spyware because spyware is actually wanted by some depending on the definition of the term.

Some people consider the Google Toolbar to be spyware for example.

So there's no clear line and AV programs do not protect.

Some programs claim to protect against psyware but I have yet to see or hear of a single one that works well at all.

So your best bet is to tighten your computer security and to avoid downloading free programs.

The main item to fix in your security is to prompt for active x installs. If they are allowed instead of prompting you, merely visiting some sites can install their crap on your computer.

BTW, you should reboot your computer to check if any of the spyware comes back on startup (would mean we missed something).
0 Replies
 
 

Related Topics

Super cool computer tricks, for dopes like me. - Discussion by OCCOM BILL
Clone of Micosoft Office - Question by Advocate
Do You Turn Off Your Computer at Night? - Discussion by Phoenix32890
The "Death" of the Computer Mouse - Discussion by Phoenix32890
Windows 10... - Discussion by Region Philbis
Surface Pro 3: What do you think? - Question by neologist
Windows 8 tips thread - Discussion by Wilso
Mac help/can't install new printer, don't remember passwd - Discussion by ossobuco
GOOGLE CHROME - Question by Setanta
.Net and Firefox... - Discussion by gungasnake
Hacking a computer and remote access - Discussion by trying2learn
 
  1. Forums
  2. » Several Problems. Please help.
Copyright © 2025 MadLab, LLC :: Terms of Service :: Privacy Policy :: Page generated in 0.04 seconds on 05/04/2025 at 10:54:15