Solve : New Computer.? – InterviewSolution

InterviewSolution

1.	Solve : New Computer.?
Answer» HI all, ive just built myself a new computer, its pretty flash and im pretty happy with it. My problem is, i keep contracting spyware and stuff in large amounts. im running adaware, avast, spybot search and destroy. its to the point where if i do an adaware SCAN each hour im almost guaranteed to have picked up some more. i have no idea what is causing it. ive posted a hijack this log below, appreciate any help i can get. I have no idea what it is that is attracting so much spyware to my computer, im not downloading or anything. Thanks. Logfile of HijackThis v1.99.1 Scan saved at 11:40:30 PM, on 22/05/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16441) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\ASUS WiFi-AP Solo\RtWLan.exe C:\Program Files\MSN Messenger\usnsvc.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Documents and Settings\Brendon\Desktop\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.ninemsn.com.au/0SEENAU/SAOS01?FORM=TOOLBR R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.ninemsn.com.au/0SEENAU/SAOS01?FORM=TOOLBR R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gibblets.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.ninemsn.com.au/0SEENAU/SAOS01?FORM=TOOLBR O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\system32\JMRaidTool.exe boot O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: ASUS WiFi-AP Solo.lnk = ? O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [INTERNATIONAL] International* O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: avast! iAVS4 CONTROL Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe I don't see anything malicious in this log. I am a bit curious about the following entry, though... R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gibblets.com/ Are you familiar with this Gibblets site? If not, then this is something we should address. Do you recall any of the the spyware that has been picked up by your scanners? Are you sure they weren't just Tracking Cookies? Next time you perform a scan, perhaps you can POST a log of the results. Perhaps it's not as worrisome as you think it is. Also, do you have a firewall? If not, you should definitely get one. I'd be happy to give you some suggestions. You may want to look into getting SpywareBlaster and SpywareGuard on this computer. However, don't install these programs until after I see a log from at least one of your malware scanners. Mainly for curiosity's sake.also to aide get superantispyware EDIT: oh my my head is a weird shape now like an eggthanks for the replys, yeah gibblets.com is a gaming forum that i frequent so there is no worries there at all. you were right on the money with the scans as well. they are in fact tracking cookies, the thing is that i dont understand (as i dont no a lot about spyware) is how can i be getting 7 - 10 tracking cookies after half an hour of browsing trusted sites? however last week i didnt do a scan for the week and when i did one i found over 95 critical objects that was all sorts of stuff, however at this point i have removed all of those and it seems that only tracking cookies are hitting me at this point. i dont have a firewall at this point, ive heard good things about comodo.... any thoughts on this?ive been doing a bit of reading and wondered, is it better to remove avast, put on avg and also the avg antispyware??? if i did this, should i still run ad aware and spybot search n destroy in conjunction with these?Although you know the sites to be trustworthy, they probably still have ads. And that's where the tracking cookies often come from. And the sites themselves might be downloading them on your computer for whatever purposes. It's really nothing to be worried about. They're just little text files that keep track of a little bit of information. If you use Spyware Blaster, that will block a lot of the cookies from unwanted sites. The majority of the ones that do get on your system will be no cause for concern. Avast vs. AVG is mainly a matter of preference/opinion. Personally, I greatly prefer AVG and I would suggest switching over to it. But that's up to you. Try it out and see if you like it or not. Either WAY, I would advise getting the Anti-Spyware. It's very, very useful and has a load of features. And yes, you can still use Ad-Aware and Spybot. Just make sure you don't use them at the same time; let them take turns. I personally haven't used Comodo, but I also hear good things about it. It's worth looking into and it's certainly better than just using your Windows Firewall (which you'll want to disable when installing a new one). ZoneAlarm tends to be more popular, but some people have bad luck with it slowing down their computers. Just try them (one at a time) and see which suits you best.These two tutorials will take you through all you need to help keep a stand alone computer safe (the link to all free downloads are given) ..... http://www.help2go.com/Tutorials/Protect_Your_PC/Avoid_Web_Browser_Hijackers.html http://www.castlecops.com/t7736-So_how_did_I_get_infected_in_the_first_place.html In addition you can download Superantispyware and/or (IF you are on Windows 2000 or XP) AVG Anti Spyware. They are both excellent scanners and malware removers but the free versions, after the trial periods, don't have any "real time" protection. Superantispyware > http://www.superantispyware.com/downloadfile.html?productid=SUPERANTISPYWAREFREE AVG Anti Spyware > http://www.ewido.net/en/ OJthanks heaps for all your help guys. taken a load off my mind. i built a fairly expensive rig so i wanted it to all run smoothly. thanks again.Definitely understandable. I felt the same way when I first got my current computer, which is what got me interested in malware removal. I'm glad we could help put your mind at ease.Especially with a "self build" like Blink has ... no support to fall back on! OJthat one con of custom computers but its well worth it to have one... also if you use forefox you will get less tracking cookies and your online browsering will be betterAs this issue appears to be resolved, I am closing this topic. If you are the original poster and you would like this topic to be re-opened for any reason, PM me or another moderator and it can be arranged. If you are not the original poster and you require help, please start a New Topic with information about your computer and your problem.

Discussion

No Comment Found

Related InterviewSolutions