Jump to content


Photo

Please check my Log.


  • This topic is locked This topic is locked
3 replies to this topic

#1 Zephon

Zephon

    Member

  • Full Member
  • Pip
  • 1 posts

Posted 21 April 2007 - 04:34 AM

Hey, Well here is the rundown.. I have not had any spyware or virus's worse then a "cookie" for a couple years (I thank CWS for this.. When I "ran" into it years ago it was such a pain in the ass to get removed I have paid very close attention to what goes on my computer sense then) but anyways..

Just today I tried to login to my myspace account (yes I know I hate it someone talked me into getting one..) and it said my shit was phished and they said thats because I logged into a "fake" myspace page and well it got my shit from there. Now I could careless if my myspace is gone. hacked or whatever.. But here is the thing.

I use firefox and run the addon "cookieculler" which makes it so when I close my firefox all the cookies that I don't have protected are deleted. Now myspace is one I have protected so I don't have to login to it EVER. As you see my problem, I have never had to enter my login info into a fake myspace page or the real one since I made my account.. So it made me start to worry that maybe i have a keylogger , spyware or something that allowed it to gain access or whatever.

So that is what brings me here.. I am curious if you guys can look there my Hijackthis log and see if you see anything wrong just to be on the safe side.

I have ran Spybot , Ad-Aware , Spy Sweeper , Kaspersky AV.. And well as usual my computer didn't have anything on it. (Well minus some spyware cookies). Also I have NOT had any signs of spyware such as pop ups , Lagging internet , such like that.

Now when I ran spybot I checked its "System Start-Up" under tools and found 1 thing I do not like..

"System.ini -------- Senslogn ----------- WINotify.dll"

I have checked google and various things and it says its part of "A Better Internet" spyware, But also another site said it has to do with Windows Updates. So I am curious if anyone knows anything about that.

Here is my Hijackthis log:

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 5:31:48 AM, on 4/21/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\NGO ATI Optimized Driver v1.6.6\ATT\atitray.exe
C:\Program Files\Wallpaper Changer\Wallpaper.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hijackthis\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [LtcyCfgApply] "C:\Program Files\NGO ATI Optimized Driver v1.6.6\PCI Latency Tool\LtcyCfg.exe" /a
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKCU\..\Run: [AtiTrayTools] "C:\Program Files\NGO ATI Optimized Driver v1.6.6\ATT\atitray.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [WallPaper] C:\Program Files\Wallpaper Changer\Wallpaper.exe /h
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1121733410920
O17 - HKLM\System\CCS\Services\Tcpip\..\{9F0AC6A6-F476-4750-A31A-56AA8D8C97B3}: NameServer = **.**.*.*,**.**.*.*
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe

--
End of file - 3630 bytes


Also just so you know I did edit this line :

O17 - HKLM\System\CCS\Services\Tcpip\..\{9F0AC6A6-F476-4750-A31A-56AA8D8C97B3}: NameServer = **.**.*.*,**.**.*.*

Only in this post cause it contained an IP not sure if its important or not but personally don't like having it publicly displayed.

Edited by Zephon, 21 April 2007 - 04:44 AM.


#2 SWI Support Robot

SWI Support Robot

    Helper robot

  • SWI Bot
  • PipPipPipPipPip
  • 23,523 posts

Posted 23 April 2007 - 06:30 AM

Welcome to SWI. We apologize for the delay; our helpers have been very busy.
If you have not received help after 3 days, please CLICK HERE, and post a link to your log and the date it was originally posted.

Thank you for your patience.

[this is an automated reply]
This is an automated message. It does not count as help.

#3 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,091 posts

Posted 18 May 2007 - 08:19 AM

Hi,

Sorry for this long delay.

If you still need help please post a fresh HijackThis log. I will see what I can do.
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#4 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,091 posts

Posted 29 May 2007 - 08:18 AM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please tell the moderating team by replying here with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button