PDA

View Full Version : Funky Internet + Just Scanend 21 Problems



funkmeister99
2007-07-31, 11:31
Well, first of all...somehow I am typing this...while on my taskbar it does not show FireFox open.

I was watching a few YouTube videoes when everything was going fine, then...it all went bad. I don't know what happened, but my computer just started going slow.

Now I'm typing this without even seeing FireFox, and after deleting 21 problems, it was like 6 actually, but some had like 5, or 4 or 2-1's.

Anyways...I removed them, but I assume they will come back...as all my Spyware have done until I received some help from this site.

It is also difficult to start programs as they start up very slowly...

On an extra note, my friend sent me a file through X-fire which was pretty big (10 mb) so I right clicked and tried to reduce it and all. This happened yesterday.

I play UltimateBaseballOnline and I know for a real fact that site has a lot of advertising little hidden advertisement sites, they go by quick at the bottom of my internet thing, but I see them.

My computer hasn't crashed, and I will do my PC-Cillin 2007 Firewall scan before I go to bed in a few minutes, and if the spyware does come back tomorrow I'll try and type up what they are as a reply.

Oh, and for another probably important note...I use MySpace and my friend changed his profile where they used a comment box, so we click it, and then we type something, and hit submit. I clicked that today.

My HJT Log, I'm not sure if this is infected, or if anything else on my computer is.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 오전 1:34:00, on 2007-07-31
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\sstray.exe
C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Trend Micro\Internet Security 2007\TMAS_OE\TMAS_OEMon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Silicon Image\SiISATARaid\SATARaid.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Korean IME Migration] C:\PROGRA~1\COMMON~1\MICROS~1\IME12\IMEKR\IMKRMIG.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [OE] "C:\Program Files\Trend Micro\Internet Security 2007\TMAS_OE\TMAS_OEMon.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: SATARaid.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE12\EXCEL.EXE/3000
O8 - Extra context menu item: Microsoft Excel로 내보내기(&X) - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1183440985606
O16 - DPF: {77538FC7-CE52-4704-9865-494FE92BC320} (LaunchUBO.Ulit) - http://www.ultimatebaseballonline.com/myubo/launchubo.OCX
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Trend Micro Protection Against Spyware (PcScnSrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe

--
End of file - 5827 bytes

Thanks to all helpers,

funkmeister99
2007-07-31, 20:30
Sorry for double-posting, but I'm typing up the Spyware information that Spybot S&D found.

(From Bototm to Top)

Tradedoubler
-Tracking cookie (Firefox: default)
Firefox(default): .tradedoubler.com/ (TD_PIC)

Statcounter
-Tracking cookie (Firefox: default)
Firefox (default): .statcounter.com/ (session296146)

Hitbox
-Tracking cookie (Firefox: default)
Firefox (default): .hitbox.com/ (WSS_GW)

-Tracking cookie (Firefox: default)
Firefox (default): .hitbox.com/ (CTG)

-Tracking cookie (Firefox: default)
Firefox (default): .ehg-newegg.hitbox.com/ (WSS MIGRATION)

-Tracking cookie (Firefox: default)
Firefox (default): .ehg-dig.hitbox.com/ (DM51033068DWV6)

-Tracking cookie (Firefox: default)
Firefox (default): .ehg-dig.hitbox.com/ (DM5103083LCAV6)

DoubleClick

-Tracking cookie (Firefox: default)
Firefox (default): .doubleclick.net/ (id)

CasaleMedia

-Tracking cookie (Firefox: default)
Firefox (default): .casalemedia.com/ (CMID)

-Tracking cookie (Firefox: default)
Firefox (default): .casalemedia.com/ (CMJ)

-Tracking cookie (Firefox: default)
Firefox (default): .casalemedia.com/ (CMPH)

-Tracking cookie (Firefox: default)
Firefox (default): .casalemedia.com/ (CMFP)

Advertising.com

-Tracking cookie (Firefox: default)
Firefox (default): .advertising.com/ (ROLL)

-Tracking cookie (Firefox: default)
Firefox (default): .advertising.com/ (F1)

-Tracking cookie (Firefox: default)
Firefox (default): .advertising.com/ (BASE)

-Tracking cookie (Firefox: default)
Firefox (default): .advertising.com/ (ACID)

AdRevolver

-Tracking cookie (Firefox: default)
Firefox (default): media.adrevolver.com/adrevolver/ (adrevid)

-Tracking cookie (Firefox: default)
Firefox (default): media.adrevolver.com/adrevolver/ (freq or treq) font is kind of small

-Tracking cookie (Firefox: default)
Firefox (default): media.adrevolver.com/adrevolver/ (uid)

-Tracking cookie (Firefox: default)
Firefox (default): .adrevolver.com/ (prefs)

-Tracking cookie (Firefox: default)
Firefox (default): .adrevolver.com/ (adrev_dgp)

-Tracking cookie (Firefox: default)
Firefox (default): .adrevolver.com/ (adrev_adpath)

On an extra note, these were all in red. Spybot S&D said that this time it was 22 problems. On another note, FireFox was updated just today. I'm wondering if that improved security as much as I.E. does, or should I use I.E. instead of FireFox?

pskelley
2007-08-02, 15:41
Welcome to Safer Networking, I wish to be sure you have viewed and understand this information.
"BEFORE you POST" (READ this Procedure before Requesting Assistance)
http://forums.spybot.info/showthread.php?t=288
All advice given is taken at your own risk.
Please make sure you have read this information so we are on the same page.

Posting additional comments or logs before a volunteer responds, can push you back instead of forward, because your thread ends up with a newer date. Also, helpers may think you are already being assisted because of the post count. The same applies to 'bumping'. Please review the instructions, the quoted information will tell you why you have not received help before.
Please read the directions, only post what is requested.
You have posted tracking cookies Spybot is locating and we do not reqest those. If you need help using Spybot, here are tutorials:
http://spyware-free.us/tutorials/spybot/
http://www.bleepingcomputer.com/forums/tutorial43.html
http://www.safer-networking.org/en/tutorial/index.html

Let me take a moment to point out that I covered all of this information with you here:
http://forums.spybot.info/showthread.php?t=16188
Are you bothering to read the information I post?

If you have questions about Spybot S&D you may ask them here:
http://forums.spybot.info/forumdisplay.php?f=4

This is the malware removal forum and your HJT log is clean. Malware could be hidden but so far you have given me no reason to think so. Supply symptoms that are occuring and any error messages you receive "word for word".

I can tell you that places you are going like yes, MySpace are dangerous. Opening files from "friends" can be dangerous. If a friend's computer gets infected the malware can send infected files to you without your "friend" even knowing.

Have a look at some of this information:
http://users.telenet.be/bluepatchy/miekiemoes/prevention.html
http://forums.spybot.info/showthread.php?t=279
http://russelltexas.com/malware/allclear.htm
http://forum.malwareremoval.com/viewtopic.php?t=14
http://www.bleepingcomputer.com/forums/topict2520.html
http://cybercoyote.org/security/not-admin.shtml
Once you finish review the information I have posted, if you have some reason to believe you have malware on your computer, communicate that information to me.

Thanks

funkmeister99
2007-08-04, 03:50
Yeah, I am reading everything you post.

Sorry for bothering you with the Tracking Cookies. They were read, and so I believed those to be dangerous.

I am reading everything that you post, but my last post was some other Spyware I received.

Anyways, thanks for the help, good to know my computer is clean from Malware.

pskelley
2007-08-04, 13:57
No problem, but please spend some time in the Spybot S&D tutorials to help you understand how to use that great tool.

Thanks...pskelley
Safer Networking Forums
http://www.spybot.info/en/donate/index.html
If you are reading this information...thank a teacher,
If you are reading it in English...thank a soldier.