MyTechSupport.ca :: Your Computer Technical Resource Headquarters! MyTechSupport.ca :: Your Computer Technical Resource Headquarters!
HOME FORUMS RESOURCES & TOOLS ARTICLES ONLINE STORE ABOUT US
Computer Support Forums arrow Internet & Network Support arrow Security & Viruses arrow Topic: Hijack This HELP!!! My computer is loaded w/JUNK!
September 20, 2019, 08:50:46 AM
 

Home Forum Rules Help Search Mobile Version Login Register

Welcome, Guest. Please login or register.
Did you miss your activation email?
September 20, 2019, 08:50:46 AM

Login with username, password and session length
 
News
Welcome to MyTechSupport.ca! - Registration is FREE, so why not join our friendly community today?
  0 Members and 1 Guest are viewing this topic.
Pages: [1] Go Down Print
Author Topic: Hijack This HELP!!! My computer is loaded w/JUNK!  (Read 1293 times)
Methodryder
Newbie
*

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 1


Bookmark and Share

View Profile
« on: October 09, 2004, 07:11:03 PM »

I have never posted here before and I feel so bad that my first post is a request for HELP, but this is beyond my knowledge so when drowning, I have found, it is sometimes best to just look to the person with the life saver!  I do not know what information is relevant so I will just post with as much detail as possible:

I ussually keep my computer fit and trim but I have a new room mate who has been using my computer for the last 6 months and he is not computer literate in the slightest (not that I am a genious in any measure).  In any case, since the very beginning when he started using it I discovered I would have to combat an abnormal amount of spyware and adware and virus's (he lacks the years of experience it takes to scale down your volume of attacks by just avoiding situations that make you vulnerable, i guess).  Well I was running Windows XP until recently with no need to update to any service packs but I recently bought an external USB 2.0 hard drive for mobile storage and had to upgrade to SP1 (i had recalled many people having SP1 problems in the beginning so I had never really felt the need to upgrade).  So as you know, Sp1 has the USB 2.0 EHCI integrated into the update so I finally broke down and did the update straight from the windows website(i had not noticed any weird things until this time).  Now I dont know if most virus's and mallware is geared towards Sp1 or upgrades but the second I did the upgrade i noticed my computer running slow and on bootup, both of my installed web browsers fire up and go to variances of a website apparantly names freeg*yspace  with a "www" and a ".com" at the end (i do not write it as a usable link because i believe the site, when entered into your browser, may be the source of some virus or some parts or something to that effect...in any case, i do not recomend going to the site to verify...it is just basically some sick pop ups that i would prefer to not have to see 10 times a day (as it loads 5 times into my mozillia browser VER 1.7.1 and my IE browser SP1 updated (do not know version because i do not actually use it).

In any case, I upgraded to Norton Antivirus 2005 which identified a gazillion spyware/adware and other things but could not delete them all, i used the online site: trend micro house call to do a virus scan with basically the same results.  I tried Adaware SE (latest version fully updated) and I tried Spybot SD(latest version fully updated)...with similiar effects (every time it will located a whole mess of stuff and delete or remove some of it and leave a bunch of it there...in fact when I see it scanning I see a mess of stuff it scans and scips that I know cannot be anything legit)...I've tried running all of these a hundred times, in safe mode and in vairances of safe mode but the effects are always the same.  If i go to start>run>msconfig>selective startup>startup there is a HUGE list of stuff I KNOW to be spyware and JUNK that no matter how much I try to delete or remove it it will come back...in fact one time I booted up and a HOST of NEW programs loaded at startup (myhorroscope???, lookitup and a bunch of other junk).

There are some sites that my browsers wouldnt go to, by the way, when i was trying to download Hijack This and thanks to your site, I was finally able to download a copy (i dont know if that is virus related or if it is just downed links but I thought it might be useful information)  So here goes:

System:
Genuine Intel D865GBF main board with 1 gig Kingston DDR
using onboard graphics and onboard SoundMAX audio
Intel P4 2.4 800MHZ
HD1 Western Digital 60gig
HD2 Western Digital 120gig
HD3 External USB 2.0 Maxtor 190gig
1394 PCI card
LG 52x CDRW DVD combo Drive

Windows XP SP1
Mozilla version 1.7.1

Hijack This log as follows:
Logfile of HijackThis v1.98.2
Scan saved at 1:25:34 PM, on 10/9/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Intel\Intel(R) Active Monitor\imonnt.exe
C:\WINDOWS\System32\systemproc.exe
C:\WINDOWS\System32\windowsupdate.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Intel\Intel(R) Active Monitor\imontray.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\System32\P2P Networking\P2P Networking.exe
C:\WINDOWS\System32\svhost.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\mediaplayer32.exe
C:\WINDOWS\System32\wuauclt.exe
C:\PROGRA~1\MOZILLA.ORG\MOZILLA\MOZILLA.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Hijack This\HijackThis.exe

R3 - URLSearchHook: (no name) - {5D60FF48-95BE-4956-B4C6-6BB168A70310} - (no file)
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe
O2 - BHO: Clear Search - {00000000-0000-0000-0000-000000000240} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {4AAA410B-E347-7CC3-8451-6D557E842B4B} - C:\WINDOWS\System32\pmbh.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Ipswitch.WsftpBrowserHelper - {601ED020-FB6C-11D3-87D8-0050DA59922B} - C:\Program Files\Ipswitch\WS_FTP Pro\wsbho2k0.dll
O2 - BHO: CHungryBHO Object - {BCF96FB4-5F1B-497B-AECC-910304A55011} - (no file)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: ADP UrlCatcher Class - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - C:\WINDOWS\System32\msbe.dll
O3 - Toolbar: (no name) - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [IMONTRAY] C:\Program Files\Intel\Intel(R) Active Monitor\imontray.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [Advanced Tools Check] C:\RECYCLER\S-1-5-21-73586283-1580436667-725345543-1003\Dc41\ADVTOOLS\ADVCHK.EXE
O4 - HKLM\..\Run: [HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run] windowsupdate.exe
O4 - HKLM\..\Run: [Microsoft Update Machine] svhost.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Microsoftkeysd] systemproc.exe
O4 - HKLM\..\Run: [Start Upping] mediaplayer32.exe
O4 - HKLM\..\RunServices: [Start Upping] mediaplayer32.exe
O4 - HKLM\..\RunServices: [Microsoft Update Machine] svhost.exe
O4 - HKLM\..\RunServices: [Microsoftkeysd] systemproc.exe
O4 - HKLM\..\RunServices: [HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run] windowsupdate.exe
O4 - HKLM\..\RunOnce: [Microsoftkeysd] systemproc.exe
O4 - HKLM\..\RunOnce: [HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run] windowsupdate.exe
O4 - HKCU\..\Run: [Xfi] C:\WINDOWS\System32\t?skmgr.exe
O4 - HKCU\..\Run: [HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run] windowsupdate.exe
O4 - HKCU\..\Run: [Start Upping] mediaplayer32.exe
O4 - HKCU\..\Run: [Microsoftkeysd] systemproc.exe
O4 - HKCU\..\Run: [Microsoft Update Machine] svhost.exe
O4 - HKCU\..\RunOnce: [HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run] windowsupdate.exe
O4 - HKCU\..\RunOnce: [Microsoftkeysd] systemproc.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Web Rebates - file://C:\Program Files\Web_Rebates\Sy1150\Tp1150\scri1150a.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: (no name) - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\System32\maxspeed.exe (file missing)
O9 - Extra 'Tools' menuitem: MaxSpeed - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\System32\maxspeed.exe (file missing)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_file.php?bt=ie&p=c668392eb5a7ccbea12bbf3d52c5eb1ae8b3619b545075d9f46bac9a82aed0e3d248c03a5dd703c701422aa83095eab6cc356abe3d3b44fddf4cf013ad47dc:2897908bf511be2b6847fc1a7f1aedfb
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - file://C:\TempEI4\EI40_\msxml4.cab
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} - http://www.mt-download.com/MediaTicketsInstaller.cab
O16 - DPF: {E0CE16CB-741C-4B24-8D04-A817856E07F4} - http://cabs.media-motor.net/cabs/mmed.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6BC90FF8-A0C1-4DFF-B16F-60361C81EF82}: NameServer = 209.47.15.118,64.157.143.38,208.38.65.35,208.38.65.37
O18 - Protocol: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll

I hope this was detailed enough...even in my program folder I am constant finding new adware stuff that I can delete or remove with the add/remove programs function but they come back or something else shows up...it seems everytime i delete one, two more pop up out of nowhere.  PLEASE HELP!!!
Logged

 
jvic
Visiting Administrator
Hero Member
*****

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 1238


Bookmark and Share

View Profile
« Reply #1 on: October 09, 2004, 09:12:10 PM »

Please download and run the following programs:

AD-AWARE

Go here: http://www.lavasoftusa.com/support/download/
and download Ad-Aware SE Personal

Install the program and launch it.

First, in the bottom right-hand corner of the main window click on Check for updates now then click Connect
and download the latest reference files.

Then, in the main window: Click Start and under
Select a scan Mode tick Perform full system scan.

Then, deselect Search for negligible risk entries.

To start the scan, click the Next button.

When the scan is finished mark everything for
removal and get rid of it. (Right-click the window
and choose select all from the drop down menu and
then click Next)

Restart your computer.


SPYBOT SEARCH & DESTROY

http://majorgeeks.com/download2471.html

Open Spybot Search & Destroy (Click Start, Programs, Spybot S&D (Advanced Mode).
Click online, Search for updates,
Download all available updates.
Close all Browser windows,
Click ''Check for Problems''.
 Anything that needs to be fixed it will show
in red and have a green check in the box to the left.
 Click ''Fix Selected Problems'',
 Then restart your computer.
Run hijack this and post a new log

« Last Edit: October 09, 2004, 09:14:09 PM by jvic » Logged

John Vickers
gudmk
Newbie
*

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 2


Bookmark and Share

View Profile
« Reply #2 on: October 11, 2004, 01:42:07 PM »

Spybot and Adaware didn't work for me.
So I created a web page for what I did to fix it:
http://geocities.com/karlsson/mediaplayer_worm.html
Logged

G. Karlsson
jvic
Visiting Administrator
Hero Member
*****

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 1238


Bookmark and Share

View Profile
« Reply #3 on: October 11, 2004, 01:46:28 PM »

Adaware and spybot are both great programs,however running these is just the beginning of the cleanup.
Logged

John Vickers
gudmk
Newbie
*

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 2


Bookmark and Share

View Profile
« Reply #4 on: October 11, 2004, 02:48:17 PM »

I agree you should definitely run spybot and adaware as a first step.
They will find and fix lots of problems, but in my case they didn't find
the problem with this mediaplayer32.exe.
Logged

G. Karlsson
Pages: [1] Go Up Print 
 
Jump to:  

Powered by MySQL Powered by PHP

Powered by SMF 1.1.21 | SMF © 2015, Simple Machines

Valid XHTML 1.0! Valid CSS!

Disclaimer
This site is NOT responsible for any damage that the information on this site may cause to your system. Everything you try, whether inspired by the response given from this site or not, is entirely at your own risk. All product names and company names used herein are for identification purpose only and may be trademarks or registered trademarks of their respective owners. We are in no way affiliated or representing any of the companies on this site unless specified.
Back to Top
Stop Spam Harvesters, Join Project Honey Pot Fight Back Against Spammers! Get Firefox! Get Thunderbird! View Sylvain Amyots profile on LinkedIn
Back to Top
Google visited last this page July 30, 2018, 10:50:41 AM