InterviewSolution
Saved Bookmarks
InterviewSolution
| 1. |
Solve : Nothing Seems To Work (Spyware Problem)? |
|
Answer» FIRST of all i have limited computer knowledge so i would appreciate your patience and apoligise if i am leaving some information out or overlooking a simple answer. couple days ago i stupidly downloaded a program, unzipped it and doubleclicked on the .exe file. as soon as that happened i realised this is untrustworthy and deleted it but too late. what i found is new items on my desktop (FREE wallpapers etc) and my firefox browser kept redirecting the page im currently looking at to an advertisement. not only that decreases the size of my browser. so every couple of minutes im finding myself pushing the back button and maximising the browser again. ive tried scanning with the following programs: norton AVG ad-aware Ewido search and destroy ive also uninstalled norton and downloaded kaspersky on the advice of a friend. now im using kaspersky for my virus protection. all of these programs have found many dangerous files on my harddrive and after cleaning them up the problem still persists. firefox is still directing me away and popping up all these ads. the other thing i tried is deleting suspicious files from my c: and my c:/windows. im working on windows xp home edition i hope someones got an answer cos it seems like ive asked so many people and whatever program they suggest ive tried it... Thanks a millionactually since ive posted that message, ive realised it hasnt happened for a while. i dont think ive been redirected for the past 15-30 minutes. woops actually forget about that. it just happened. i was just gonna say maybe the problem went away haha but no its still here. the site this time was www.ad-a-w-a-r-e.com if that helps ok sorry for so many posts in a row but i just thought of one more thing... ever since ive uninstalled norton and downloaded kaspersky antivirus personal it has given me this message three times tonight: Attention! your computer has been attacked from the internet. Network attack 'Helkern' from adress 291.146.145.36 has been successfully repelled. again, hope this helpsYou may be so badly FUBAR'ed that a complete reinstall would be in order. This should be followed by better prevention and maintenance. A format and reinstall cures most Windows problems...for a while.Run all of your scans in safe mode with system restore turned off. If the problem still persists download, update & run cwshredder. If the problem still persists, download & run Hijackthis & post the logfile in here. Of course a fresh install is hard to beat. thanks for the suggestions. a complete restore means i will lose all my files right? if so that would be my last resort. ill try your suggestion FED and we'll take it from there. thanks again, BillYou will lose your files and your problems with a restore. You should back up any needed data first.Bill Latif.......First of all , why did you remove Norton .....? Have you run a scan using M/S antispyware Beta ? Quote If the problem still persists, download & run d/l and save hijackthis on your desktop and then post the log it generates here ........as Fed has suggested ...... You have been hijacked ...... BTW ...what firewall are you using ? What happens if you use IE ? dl65 i removed norton because my friend advised me to stop using it and use kaspersky instead. so far im LIKING kaspersky it uses up less memory and seems to be less fancy more productive if that makes sense lol. im going to download hi-hack this ill post the report shortly. im using internet explorer now. ads are still coming up however they are pop up i have not been redirected away from my current page. and some of the pop ups are still firefox, but not all. GX1_Man what does FUBAR'd mean lol im not SURE what my firewall is but it is on. in the windows security center in my control panel it says windows firewall is ON. ill post again shortly, in the meantime thanks for your time and patience, Bill LatifLogfile of HijackThis v1.99.1 Scan saved at 10:05:26 PM, on 23/10/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Ahead\InCD\InCDsrv.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\TEcA\command.exe C:\Program Files\ewido\security suite\ewidoctrl.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Battery miser\batterymiser.exe C:\WINDOWS\AGRSMMSG.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\system32\RunDll32.exe C:\Program Files\On Screen Display\Hotkey.exe C:\Program Files\RMan\RMan.exe C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe C:\Program Files\Ahead\InCD\InCD.exe C:\Program Files\OptusNet DSL Internet\DSC.exe C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\LG Software\IP Operator 2005\IP Operator 2005.exe C:\Program Files\QuickTime\qttask.exe C:\windows\system32\wtdxregp.exe C:\WINDOWS\system32\ysysvr6r.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Google\Google Talk\googletalk.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Pixoria\Konfabulator\Konfabulator.exe C:\Program Files\Nikon\PictureProject\NkbMonitor.exe C:\WINDOWS\FSScrCtl.exe C:\Program Files\Pixoria\Konfabulator\Konfabulator.exe C:\Program Files\Pixoria\Konfabulator\Konfabulator.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\lg_swupdate\tmcheck.exe C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE C:\Documents and Settings\LG\Desktop\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://dsl.optusnet.com.au/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by OptusNet R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy1.emirates.net.ae:8080 R3 - Default URLSearchHook is missing O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll O3 - Toolbar: Miniclip - {4E7BD74F-2B8D-469E-89B3-BE29F5D3E32D} - C:\PROGRA~1\MINICL~1\MINICL~1.DLL O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [batterymiser] C:\Program Files\Battery miser\batterymiser.exe O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [LG Intelligent Update] "C:\Program Files\lg_swupdate\autoupdate.exe" Gilautouc O4 - HKLM\..\Run: [KeybdUtility] "C:\Program Files\On Screen Display\Hotkey.exe" O4 - HKLM\..\Run: [RMan] C:\Program Files\RMan\RMan.exe O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe O4 - HKLM\..\Run: [Desktop Service Centre] C:\Program Files\OptusNet DSL Internet\DSC.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [IPO3] "C:\Program Files\LG Software\IP Operator 2005\IP Operator 2005.exe" -aUtOsTaRtFrOmReG O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /STARTUP O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [ZStart] C:\windows\system32\wtdxregp.exe MS001 O4 - HKLM\..\Run: [BrowserUpdateSched] C:\WINDOWS\system32\ysysvr6r.exe MS001 O4 - HKLM\..\Run: [msresearch] C:\windows\msresearch.exe O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [Internet Download Accelerator] C:\Program Files\IDA\ida.exe -autorun O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Startup: Screen Saver Control.lnk = C:\WINDOWS\FSScrCtl.exe O4 - Startup: Zeno.lnk = C:\WINDOWS\system32\ysysvr6r.exe O4 - Startup: Zstart.lnk = C:\WINDOWS\system32\cxdxregt.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Konfabulator.lnk = C:\Program Files\Pixoria\Konfabulator\Konfabulator.exe O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm O8 - Extra context menu item: Download all by Net Transport - C:\Program Files\Xi\NetTransport 2\NTAddList.html O8 - Extra context menu item: Download by Net Transport - C:\Program Files\Xi\NetTransport 2\NTAddLink.html O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - (no file) O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O14 - IERESET.INF: START_PAGE_URL=http://dsl.optusnet.com.au/ O17 - HKLM\System\CCS\Services\Tcpip\..\{4BE19DDB-DCAB-4C88-B0B9-A9F5024575E6}: NameServer = 213.42.20.20 O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O20 - Winlogon Notify: ThemeManager - C:\WINDOWS\system32\jtj0071me.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\TEcA\command.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe FUBAR= fu**ed up beyond all recognition By your description this system is so badly infested and compromised with browser "enhancements", QuickTime, hijack links, messenger, etc. I would reformat without hesitation. The final solution, I know, but guaranteed to work. You may get it going in some fashion with these other solutions that will be forthcoming, and I wish you luck, but if it were me....Wow. i had no idea it would be this bad. this is a new laptop ive had it for a couple of months. everything was fine until i clicked on the .exe file a couple of days ago. im sorry for sounding persistent but is there anything i else i can try before reformatting? anything i can fix based on the HiJack This Log? and if i do reformat what would be ur suggestion in the future? no quicktime or messenger and these types of programs? because i have used em for so long and so has everyone else i know... the symptoms arent even that bad, i mean my previous computers have been stuffed up even worse than this in the past. i would have presumed this current problem was going to be easy to fix. other than the advertisements my pc is running fine. i'd really like one last attempt before resorting to a reinstall/reformat... -Bill LatifI'm sure DL65 will be back soon with his solution. |
|