Jump to content


Photo

Wonder if you can help me find anything strange


  • This topic is locked This topic is locked
9 replies to this topic

#1 Scarecrow

Scarecrow

    Member

  • Full Member
  • Pip
  • 23 posts

Posted 14 June 2004 - 01:25 PM

Hi! Thx for taking time to read and help me! My problem is kind of "sort of"...I had Yahoo messenger some time ago but decided to delete it and also same with Kazaa. Im not quite sure that i had all the crap removed properly.

Ive done a scan with adaware and there is nothing to be found there. But if you woud help me take a look at it would make me feel better. And also if you find anything else thats fishy ofcourse.

I seem to have a problem with bandwith at times. Im not sure if this its my pc thats sucky or if its my internetprovider.

What do you suggest me to do?

Thanks again for taking time!

Scarecrow

#2 dave38

dave38

    Devout Murphyite!

  • Emeritus
  • PipPipPipPipPip
  • 8,508 posts

Posted 14 June 2004 - 01:40 PM

We need a closer look at what's happening.
Please download Hijack this
Copy it into its own folder, doubleclick HijackThis.exe, and hit "Scan".

When the scan is finished, the "Scan" button will change into a "Save Log" button.
Press that, save the log, do Ctrl-A to Select All, and copy its contents here. Most of what it lists will be harmless or even essential, don't fix anything yet.
Be wary of strong drink. It may make you shoot at tax collectors, and miss!
Please support SWI forum

#3 Scarecrow

Scarecrow

    Member

  • Full Member
  • Pip
  • 23 posts

Posted 14 June 2004 - 02:11 PM

Ok...here it comes!
And thx for the fast reply!


Logfile of HijackThis v1.97.7
Scan saved at 20:16:50, on 2004-06-14
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe
C:\Program\Norton Internet Security\NISUM.EXE
C:\Program\Delade filer\Symantec Shared\ccApp.exe
C:\Program\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program\MSN Messenger\msnmsgr.exe
C:\Program\Norton Internet Security\ccPxySvc.exe
C:\Program\Norton AntiVirus\navapsvc.exe
C:\Program\Internet Explorer\iexplore.exe
D:\Program\ICQ\Icq.exe
E:\Viruspryttlar\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://mypoiskovik.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://mypoiskovik.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://mypoiskovik.com/sp.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onlyforfun.se/start.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://mypoiskovik.com/sp.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Lšnkar
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [ccApp] "C:\Program\Delade filer\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program\Delade filer\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\Program\Symantec\LIVEUP~1\SNDMon.EXE
O8 - Extra context menu item: E&xportera till Microsoft Excel - res://D:\Program\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: ICQ Pro (HKLM)
O9 - Extra 'Tools' menuitem: ICQ (HKLM)
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab27571.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macr...director/sw.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yaho...s/yinst0401.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.micr...922/wmv9VCM.CAB
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab27571.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupd...8032.6437268518
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{9581A3A0-EE26-448D-9D41-90F016CD4275}: NameServer = 212.181.52.2,212.181.52.3

#4 hue_j

hue_j

    Member

  • Full Member
  • Pip
  • 9 posts

Posted 14 June 2004 - 02:21 PM

Hope this might help but with WINXP


"C:\Program\MSN Messenger\msnmsgr.exe"
f*cked up my computer everytime I was doin anything. So I'm done with MSN cuz it sucks but thats just what Ive been getting otta it

You can do:
Start, Run, type: msconfig, click on STARTUP TAB and then uncheck the msnmsgr.exe tab if that is affecting your computer


also with my WinXp these few files were messing with my system so I just deleted them from starting up and so far everything I do is going fine:

C:\Program\Delade filer\Symantec Shared\ccApp.exe
C:\Program\Logitech\MouseWare\system\em_exec.exe
C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe

You can always disable these @ start up and restart and seeif that helps IF not, just go back to msconfig, start up and CHECK off the boxes.

~From my experience the less the programs that are on start up the faster your PC loads, which should be true



QUOTE: "I seem to have a problem with bandwith at times. Im not sure if this its my pc thats sucky or if its my internetprovider."


^^ Bandwidth is ure ISP(internetprovider) so if you need more bandwidth or u are running slowly using the internet, thats ISP problems. Now if ure CPU is running up most of its "juice" which u can find out how much with "CTL ALT DEL" and then click on the PERFORMANCE button theres info there to help.

^^ so yes it can also be affected from CPU speed / Memory


Sorry this is long..just I type too much sometimes

~S

#5 Scarecrow

Scarecrow

    Member

  • Full Member
  • Pip
  • 23 posts

Posted 14 June 2004 - 03:58 PM

Ok ill try to do as you say...but i dont think its the cpu thats the issue. I got a 2700+ with 1 G dual ddr and in the "performance" section it seems ok.

I guess i should talk to my internetprovider then? Since its really a bandwith problem i got. I thought it might be something that was disturbing in the background perhaps that i couldnt spot.

#6 dave38

dave38

    Devout Murphyite!

  • Emeritus
  • PipPipPipPipPip
  • 8,508 posts

Posted 14 June 2004 - 05:56 PM

The latest version of CWshredder should remove this pest.
Please download from please download here

Plea followup Hijack this log when done.
Be wary of strong drink. It may make you shoot at tax collectors, and miss!
Please support SWI forum

#7 Scarecrow

Scarecrow

    Member

  • Full Member
  • Pip
  • 23 posts

Posted 15 June 2004 - 09:40 AM

OK i ran the cwshredder and after that a fresh hijack that:

Logfile of HijackThis v1.97.7
Scan saved at 16:44:42, on 2004-06-15
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe
C:\Program\Norton Internet Security\NISUM.EXE
C:\Program\Delade filer\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program\MSN Messenger\msnmsgr.exe
C:\Program\Logitech\MouseWare\system\em_exec.exe
C:\Program\Norton Internet Security\ccPxySvc.exe
C:\Program\Norton AntiVirus\navapsvc.exe
E:\Viruspryttlar\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onlyforfun.se/start.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Lšnkar
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [ccApp] "C:\Program\Delade filer\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program\Delade filer\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\Program\Symantec\LIVEUP~1\SNDMon.EXE
O8 - Extra context menu item: E&xportera till Microsoft Excel - res://D:\Program\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: ICQ Pro (HKLM)
O9 - Extra 'Tools' menuitem: ICQ (HKLM)
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab27571.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macr...director/sw.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yaho...s/yinst0401.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.micr...922/wmv9VCM.CAB
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab27571.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupd...8032.6437268518
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{9581A3A0-EE26-448D-9D41-90F016CD4275}: NameServer = 212.181.52.2,212.181.52.3

#8 discogail

discogail

    "All you need is a gorilla and a dream"

  • Emeritus
  • Pip
  • 86 posts

Posted 15 June 2004 - 10:04 AM

Looking clean........Scarecrow..some advice on staying that way..............
Stop IE hijacking before it happens

#9 Scarecrow

Scarecrow

    Member

  • Full Member
  • Pip
  • 23 posts

Posted 15 June 2004 - 10:18 AM

Thanks a lot for helping!

Have a great one!!

Scarecrow

#10 dave38

dave38

    Devout Murphyite!

  • Emeritus
  • PipPipPipPipPip
  • 8,508 posts

Posted 15 June 2004 - 03:15 PM

Glad we could help!

If you need this topic reopened, please request this by sending the moderating team an email with the address of the thread. This applies only to the original topic starter. Everyone else please begin a New Topic.
Be wary of strong drink. It may make you shoot at tax collectors, and miss!
Please support SWI forum




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button