Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HJT - agentmuldaruk


  • Please log in to reply
12 replies to this topic

#1 agentmulderuk

agentmulderuk

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:09:17 PM

Posted 19 February 2005 - 02:07 PM

EDIT: additional details in this thread:
first details post(s)

I checked processes. Nothing was taking anything except system idle.

There are about 4 copies of svchost.exe , each using 0% ? ? ?


I also thought of adware/etc. I have avast running and my system is pretty empty.

Anyway,As for HijackTHis Log.......


Logfile of HijackThis v1.99.1
Scan saved at 19:03:05, on 19/02/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-gb\msnappau.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Parallel Tasking\ptask.exe
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\Mulder\My Documents\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.co.uk/
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.02.3000.1002\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-gb\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-gb\msntb.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-gb\msnappau.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Parallel Tasking] C:\Program Files\Parallel Tasking\ptask.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: ENat Voice for MSN Messenger.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmesse...pdownloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{8EEA5517-0068-4832-90AF-7811FD3D6B09}: NameServer = 62.30.112.39,194.117.134.19
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

Edited by phawgg, 19 February 2005 - 02:22 PM.


BC AdBot (Login to Remove)

 


m

#2 phawgg

phawgg

    Learning Daily


  • Members
  • 4,543 posts
  • OFFLINE
  •  
  • Location:Washington State, USA
  • Local time:06:17 PM

Posted 20 February 2005 - 03:00 AM

I will analyze your log (after a good night's sleep). :thumbsup:
Expect a reply in about 24 hours.
More thorough that way.
patiently patrolling, plenty of persisant pests n' problems ...

#3 phawgg

phawgg

    Learning Daily


  • Members
  • 4,543 posts
  • OFFLINE
  •  
  • Location:Washington State, USA
  • Local time:06:17 PM

Posted 20 February 2005 - 11:08 PM

http://www.bleepingcomputer.com/forums/ind...ic=11719&st=0&#

agentmuldaruk, some findings:

I dont get it....as from 2 days ago, suddenly it takes IE6 (and Firefox cos I tested that too) about 50-60 seconds to get to the internet. The progress bar crawls along.

I use XP. Once the explorer window is open everything is as normal. But try to open that inital window or an additional window...and back to the crawl...My PC just takes ages to open any new Explorer window. I can operate within the current window, switch between sites,etc at noramal speed. But close it, and its back to the long start up next time.

Still does it. Even more strangely, this morning was fine, no problems, but it didn't last. Almost as if something gets 'jammed up' and stays that way for a while.

I clear the various temp files quite regularly, especially recently, as I also thought that may be the case of the problem...but its still there.....arrrrghhhh

Is there anyway I can actually find out what EXACTLY is happening whilst the blur bar crawls across the bottom of the screen. Maybe that will help determine the cause?

The answer to the first four observations seems to be one program.
The answer to the last question, about exactly what processes are acting when the progress bar progresses towards resolving a webpage in Internet Explorer ... often wondered that myself.
Grinler has helped us both in that regard,
"Whenever you visit a website, the browser reads the entire html document
and then starts download the images.
As the images and other elements are downloaded from the various
sites where they are stored,
the progress bar will show increased completion of this.
Its just the progress of the browser downloading all the elements of the webpage".

I also thought of adware/etc. I have avast running and my system is pretty empty.

If this deletion cleans it up, and we'll know with a follow up HJT log, I'll have several recommendations
that will comprise the next post.

As for fixing the problem:

Set your PC to: show hidden files.
Additional information here.

Reboot into Safe Mode
by tapping F8 continuously until the DOS screen appears.
press "Yes"at the dialog box.
Use the up arrow to choose safe mode.
Hit enter.
"OK" the choice.


Open your C:\HJT folder and double-click the icon.
Close everything except HijackThis, nothing else on your desktop.

Run Hijackthis:
click Scan, and put a checkmark next to each of the following object:

O4 - HKLM\..\Run: [Parallel Tasking] C:\Program Files\Parallel Tasking\ptask.exe

Click the Fix button.

Search for, and
Delete manually:

C:\Program Files\Parallel Tasking\ptask.exe

Delete Temp Files
To clean out your temp files use:
Start-->Run-->type in: %temp% and press the ok button.
This should open up the temp directory that your machine uses.
Please delete all files and folders found in the temp folder.
If you get an error when deleting a file, skip that file and delete all the others.
Doing this in Safe Mode you should be able to delete all the files.


Reboot your computer to go back to normal mode.

Delete Temporary Internet Files
use: once again the
Start Button-->Internet Explorer-->Tools-->Internet Options-->
General tab-->Delete Files button. Put a checkmark in Delete offline content.
Press the OK button.
This may take quite a while,
but when it is done your Temporary Internet Files will be deleted.


Empty the recycle bin.

Run HijackThis again and post the new log as a reply to this post.
(Include comments regarding any problems you might have had,
and let us know if its working better. Some additional options may exist)

Edited by phawgg, 21 February 2005 - 12:40 AM.

patiently patrolling, plenty of persisant pests n' problems ...

#4 agentmulderuk

agentmulderuk
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:09:17 PM

Posted 21 February 2005 - 05:51 PM

Followed your excellent instructions...seems to have gone!

IE now gets pages instantly.
Looks like you have cracked it sir!


I cannot thank you enough for your help. You have made my day.



Here is my Log, just in case.


C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-gb\msnappau.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\JDSoft\ENat Voice for MSN Messenger\ENatVoice.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Mulder\My Documents\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.co.uk/
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.02.3000.1002\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-gb\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-gb\msntb.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-gb\msnappau.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: ENat Voice for MSN Messenger.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmesse...pdownloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{8EEA5517-0068-4832-90AF-7811FD3D6B09}: NameServer = 62.30.112.39,194.117.134.19
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

#5 phawgg

phawgg

    Learning Daily


  • Members
  • 4,543 posts
  • OFFLINE
  •  
  • Location:Washington State, USA
  • Local time:06:17 PM

Posted 21 February 2005 - 05:58 PM

It does look better.
In fact please check back
later for some tidying up and
further recommendations.
We are just about done. :thumbsup:
patiently patrolling, plenty of persisant pests n' problems ...

#6 phawgg

phawgg

    Learning Daily


  • Members
  • 4,543 posts
  • OFFLINE
  •  
  • Location:Washington State, USA
  • Local time:06:17 PM

Posted 21 February 2005 - 10:13 PM

agentmuldaruk, it's lookin' good!

Open your C:\HJT folder and double-click the icon.
Close everything except HijackThis, nothing else on your desktop.

Run Hijackthis:
click Scan, and put a checkmark next to the following object(s):

O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file) <--orphan entry
information - what this was when the file was present

Click the Fix button

That finished, you have a clean log.

You should disable & re-enable your System Restore to set a new restore point.
This insures that there are no infected files found in a restore point left over from what we have just cleaned.
Additional information & instructions are here.


Some other steps to be taken are:

1. Use secure Internet Explorer settings
  • Open IE and check tools-->internet options-->security-->click internet icon-->(default is medium).
  • Click custom and check that these settings are:
  • Download unsigned ActiveX controls - prompt
  • Initialize and script ActiveX controls not marked as safe - disable
  • Installation of desktop items - prompt
  • Launching programs and files in IFRAME - prompt
  • Navigate sub-frames across different domains - prompt
2. Use AntiVirus Software & Update Frequently. It's best to use only one.
  • An excellent free program is AVG, if you need an option.
  • This program can be set to automatically scan & either auto-update or
  • you may choose to do that yourself.
  • Virus definition updates with this program occur frequently, which is very good.
3. Use a Firewall, but use only one. If you install your own, disable the built-in winXP firewall.
  • Excellent free programs available include:
  • Sygate
  • Kerio
  • (others are also available)
  • Choose one (if you do not already use a firewall). Keep your Firewall up & monitor it's configurations
  • (fully understanding it's operation may require some thought & a little practice,
  • but it helps greatly to have it installed and functioning)
4. Use Microsoft Windows Updates Frequently
  • SP2 is the most recent Service Pack available.
  • More updates have already been to it, so remain current in regards to security issues in particular.
5. Use Spybot S&D & Update
  • Install and use this program with its TeaTimer option. (Advanced Mode-->Tools-->Resident)
  • It provides realtime spyware & hijacker protection alongside your virus protection.
  • Scan with this program on a regular basis, just as you would an antivirus software.
  • Check for updates when you do. Use the help menu, and a tutorial is available.
6. Use SpywareBlaster & Update
  • Install and use this program
  • Adding a large list of sites/programs into your Browser settings, it protects you from
  • running or downloading known malicious programs.
  • You may customize it if required to accomodate your individual needs,
  • and updates are also frequently issued with new definitions added
  • Make it a habit to run and update on a regular basis.
7. Use Ad-Aware & Update
  • Install, configure and use this program with the others.
  • It is very well thought of in it's effectiveness, it complements the actions of the others.
  • It provides for additional plug-in specialty tools as well as an upgrade if you choose them.
  • Updates are frequent, so I suggest that you do both that and run the program regularly.
8. Use an alternative Browser Frequently. You may use several if you like.
  • Consider using Firefox as an alternative to IE
    for fundamental security reasons.
  • You can have both easily. Doing so will provide you with several benefits and options.
  • Other alternative browsers are also available at no charge
  • They do not have inherent vulnerabilities to the extent that IE does.
  • They are not subject to the same attention by malware creators as IE, which is much more commonly used.
  • All of these recommendations will provide a valuable service to you,
  • and no conflicts exist when operating them together on your PC & winXP OS.
  • Please enact them for your own sake at that of the Internet itself.
9. Use BleepingComputer Tutorials & Resources Frequently. "and check for updates...:thumbsup:"
  • While cleaning your PC important tutorials were offered to explain what was being done.
  • Urgency to accomplish the task may have compromised your full understanding of what all was involved.
  • There is always room for improvement when using a personal computer.
  • Resources are available here and improving all the time.
  • Some that deal with these recommendations & other topics include:
Tutorials available for more in-depth considerations.
Switching from Internet Explorer to Firefox
Four Simple Steps for removing Spyware, Hijackers, Viruses, and other Malware
Simple and easy ways to keep your computer safe and secure on the Internet
Using Spybot - Search & Destroy to remove Spyware from Your Computer
Using Ad-Aware SE to remove Spyware & Hijackers from Your Computer
Using SpywareBlaster to protect your computer from Spyware, Hijackers, and Malware
Guide to Windows XP Recovery Features
Steps to take when connecting a new computer to the Internet
Microsoft Anti-spyware Beta 1 "let's see screenshots"

For your information.
Additional modifications can be made to your PC.
Optional running processes & the registry entries that make them run are not malware,
but can effect your boot initialization & other characteristics of how your PC operates.
You can enter the running process filenames into any of these online databases to learn more about them.
Bleepincomputer Startup Database.
ATW Task List.
Windows Startup Online.
ProcessLibrary
There are also other sites.
Since only you know how you use your programs, it's fair to say you might benefit
by knowing more about each of the ones that appear in your log.

For example:
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
startup database info

Questions about them will best be answered after you've had a chance to
check some of them out first, as your PC is now technically clean.


Edited by phawgg, 21 February 2005 - 10:14 PM.

patiently patrolling, plenty of persisant pests n' problems ...

#7 agentmulderuk

agentmulderuk
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:09:17 PM

Posted 23 February 2005 - 08:15 AM

Many thanks for an excellent and informative answer.

I ran Hijackthis again and posted it here for completeness.


C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-gb\msnappau.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\System32\rsvp.exe
C:\Documents and Settings\Mulder\My Documents\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.co.uk/
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.02.3000.1002\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-gb\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-gb\msntb.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-gb\msnappau.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: ENat Voice for MSN Messenger.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmesse...pdownloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{8EEA5517-0068-4832-90AF-7811FD3D6B09}: NameServer = 62.30.112.39,194.117.134.19
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

#8 agentmulderuk

agentmulderuk
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:09:17 PM

Posted 23 February 2005 - 01:04 PM

It's back....or something is back.

Connection to intenet to uploading & displaying a page has now gone back to a LONG delay...not as bad as before...but the delay is definite.

LOG FOLLOWS



Logfile of HijackThis v1.99.1
Scan saved at 18:03:48, on 23/02/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-gb\msnappau.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Mulder\My Documents\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.co.uk/
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.02.3000.1002\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-gb\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-gb\msntb.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-gb\msnappau.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: ENat Voice for MSN Messenger.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmesse...pdownloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{8EEA5517-0068-4832-90AF-7811FD3D6B09}: NameServer = 62.30.112.39,194.117.134.19
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

#9 agentmulderuk

agentmulderuk
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:09:17 PM

Posted 24 February 2005 - 05:44 AM

Found it, splatted it!

It's a mystery where this damn things keep coming from.....I only visit a few sites.....

#10 SaxonManFinland

SaxonManFinland

  • Members
  • 159 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:British was living on Russian Boarder in Finland
  • Local time:03:17 AM

Posted 24 February 2005 - 07:44 AM

Out of Interest WHAT did you find?? and HOW did you splat it??

Its like reading a book and finding the last two pages missing!!!!

:thumbsup:

#11 phawgg

phawgg

    Learning Daily


  • Members
  • 4,543 posts
  • OFFLINE
  •  
  • Location:Washington State, USA
  • Local time:06:17 PM

Posted 24 February 2005 - 12:20 PM

I think the firewall installation would appropriate.
I don't see one running, agentmuldaruk.
Sygate would work well stopping intruders. :thumbsup:
patiently patrolling, plenty of persisant pests n' problems ...

#12 agentmulderuk

agentmulderuk
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:09:17 PM

Posted 24 February 2005 - 09:05 PM

Thanks phawgg. I was hoping XP firewall was going to be adequate. Should've known better really.

Installed the Sygate one. Fascinating to watch it in action.

#13 phawgg

phawgg

    Learning Daily


  • Members
  • 4,543 posts
  • OFFLINE
  •  
  • Location:Washington State, USA
  • Local time:06:17 PM

Posted 24 February 2005 - 09:15 PM

Basically both firewalls will provide you with "stealth" cover when you are online.

The difference being that Sygate monitors and allows you to block traffic going
outbound from your PC to the internet, and the winXP built in does NOT.

The difference is apparent if and when you have any number of trojans and/or virii
that send private information out of your PC as what they were written to do.

That can be done quickly and without your knowledge without a personal firewall,
often before you know what hit ya'.

It is fascinating, and the logs that are kept for you will allow you much more control & awarenes of what REALLY goes on when you are online.

I am pleased you have the program.
Both for your own knowledge & safety
and also for the fact that it helps
deter problems online,
which helps us all.
patiently patrolling, plenty of persisant pests n' problems ...




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users