Jump to content


Photo

program connecting w/o consent....


  • Please log in to reply
3 replies to this topic

#1 dlumia

dlumia

    Member

  • New Member
  • Pip
  • 3 posts

Posted 11 July 2004 - 08:40 AM

i have noticed recently that a program is trying to dial out on my computer to a foreign website. depending on the day, sometimes there tends to be a lot of undeliverable mail messages returned to my email address on outlook, so i'm assuming the issue is connected. i have posted the HTJ log below. I have set up a a separate administrator account on this computer, which I only use when need be - this issue i have noticed when I am on my customized user level (allowing Power User, Backup Operator, etc. rights and priveleges)...thanks for any help you're able to give.


Logfile of HijackThis v1.97.7
Scan saved at 9:39:52 AM, on 7/11/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\COMMAN~1\COMMAN~1\dvprpt.exe
C:\WINDOWS\MMKeybd.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Netropa\Onscreen Display\OSD.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.att.net/
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {029CA12C-89C1-46a7-A3C7-82F2F98635CB} - C:\PROGRAM FILES\KONTIKI\BIN\BH309190.DLL
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: CCHelper - {0CF0B8EE-6596-11D5-A98E-0003470BB48E} - C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER\CCHELPER.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Pa&nicware Pop-Up Stopper - {7E82235C-F31E-46CB-AF9F-1ADD94C585FF} - C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER\PSTOPPER.DLL
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [CSAV_CheckViruses] C:\PROGRA~1\COMMAN~1\COMMAN~1\vchk.exe
O4 - HKLM\..\Run: [untray] C:\PROGRA~1\COMMAN~1\COMMAN~1\untray.exe
O4 - HKLM\..\Run: [dvprpt] C:\PROGRA~1\COMMAN~1\COMMAN~1\dvprpt.exe
O4 - HKLM\..\Run: [avtray] C:\PROGRA~1\COMMAN~1\COMMAN~1\avtray.exe
O4 - HKLM\..\Run: [DellTouch] C:\WINDOWS\MMKeybd.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PCDRealtime] C:\WINDOWS\realtime.exe
O4 - HKCU\..\Run: [RamBooster] C:\Program Files\RamBooster\Rambooster.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O9 - Extra button: AIM (HKLM)
O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O12 - Plugin for .mp3: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: Win32 Classes -
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg...t/c381/chat.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macr...director/sw.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yaho...s/yinst0401.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.r...ip/RdxIE601.cab
O16 - DPF: {5D9E4B6D-CD17-4D85-99D4-6A52B394EC3B} (WSDownloader Control) - http://www.webshots....SDownloader.ocx
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installen...gine/isetup.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupd...7948.8232986111
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E9724349-347B-4808-B12A-6CB39B30B0EF}: NameServer = 204.127.129.1 204.127.160.1

#2 Trilobite

Trilobite

    Malware Hunter

  • Trusted Advisor
  • PipPipPipPipPip
  • 711 posts

Posted 12 July 2004 - 03:35 PM

You log does not look that bad. There are indications that you could have a dialer (netster) which would coincide with your observations of the computer attempting to dial out to a foreign website.

Your Windows and Internet Explorer do not have the most recent updates. After following these instructions, run Windows Update to install the most recent Windows and Internet Explorer security fixes.

Run HijackThis and check all of the following – BUT DO NOT FIX YET:
R3 - Default URLSearchHook is missing
O16 - DPF: Win32 Classes –
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http: //software-dl.real.com/02384fade0a7f5...ip/RdxIE601.cab


The following is an optional fix:
Many people consider Kontiki to be borderline malware. If you chose to ‘fix’ the following entry, you should also uninstall Kontiki via the ‘Add/Remove programs’ option under Wundows control panel.
O2 - BHO: (no name) - {029CA12C-89C1-46a7-A3C7-82F2F98635CB} - C:\PROGRAM FILES\KONTIKI\BIN\BH309190.DLL

After you have checked everything that needs to be fixed (items in red) and any optional fixes (items in blue), close all open windows including Internet Explorer and Windows Explorer and click the “Fix Checked” button.

Reboot

Regular scans with Ad-Aware and Spybot will help eliminate malicious programs that have infected your system. Please note however, that these tools will not prevent malware from being installed on your computer. For information on preventing or reducing your risk of future malware infections, click here. Run Windows Update to install the most recent Windows and Internet Explorer security fixes.

#3 dlumia

dlumia

    Member

  • New Member
  • Pip
  • 3 posts

Posted 12 July 2004 - 06:17 PM

thanks for the help. i have not noticed any of the problems arising anymore, but i will give it a few days and ensure that everything is running alright. also, i am installing the IE and XP updates as suggested. Thank you for your help

#4 Trilobite

Trilobite

    Malware Hunter

  • Trusted Advisor
  • PipPipPipPipPip
  • 711 posts

Posted 20 July 2004 - 09:43 AM

You’re welcome. I’m glad we could help.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button