[Done]Spyware Help, log added

Discussion in 'adware, spyware & hijack cleaning' started by Jeffrey Hager, Jul 10, 2004.

Thread Status:
Not open for further replies.
  1. Jeffrey Hager
    Offline

    Jeffrey Hager Registered Member

    I am having trouble with internet explore. WHenever I log on a homepage called Casino pops up. I reset my home page to MSN and when i log off and then back on the same thing happens. I run Spybot search and destroy and it finds nothing. WHat can I do
  2. passinthru
    Offline

    passinthru Guest

    Re: Spyware Help

    what version of spybot did you use? did you also get the latest updates before running (a new set came out yesterday)? you might also want to try ad-aware, latest version and latest defs. it's odd that the first one "found nothing". they almost always find some piece of these things even if they can't clean it all.
  3. Jeffrey Hager
    Offline

    Jeffrey Hager Registered Member

    Re: Spyware Help

    Thnx, I have 1.3 Spybot, I have gone online for updates and have updated. I also ran a free online spyware program ad-aware they both did initially find a few thing but it didn't correct the problem. Right now I have windows message box on the desktop says "Windows detects that this computer is infected with a spyware called "Subsearch, Money Tree Aornum Win32/Aspam.Trojan THen asks would you like to find out how spyware removal software can protect your privacy and boost performance, however I received that message earlier and when I responded yes it took me to a site that requested payment. ANy ideas of what I should do. One other thing, sometimes while I am online suddenly nasty porn sites will pop up ?
  4. Jeffrey Hager
    Offline

    Jeffrey Hager Registered Member

    Re: Spyware Help

    attached is a copy of hijacklog any ideas
    Logfile of HijackThis v1.97.7
    Scan saved at 1:14:04 PM, on 7/10/2004
    Platform: Windows 2000 SP4 (WinNT 5.00.2195)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\system32\spoolsv.exe
    C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe
    C:\WINNT\System32\svchost.exe
    C:\Program Files\Norton Utilities\NPROTECT.EXE
    C:\WINNT\system32\regsvc.exe
    C:\WINNT\system32\MSTask.exe
    C:\WINNT\System32\tcpsvcs.exe
    C:\WINNT\System32\snmp.exe
    C:\Program Files\Speed Disk\nopdb.exe
    C:\WINNT\System32\WBEM\WinMgmt.exe
    C:\Program Files\McAfee\McAfee VirusScan\VsStat.exe
    C:\WINNT\System32\mspmspsv.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\System32\inetsrv\inetinfo.exe
    C:\Program Files\McAfee\McAfee VirusScan\Vshwin32.exe
    C:\Program Files\McAfee\McAfee VirusScan\Avconsol.exe
    C:\Program Files\McAfee\McAfee VirusScan\Webscanx.exe
    C:\WINNT\Explorer.EXE
    C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
    C:\Program Files\McAfee\McAfee VirusScan\alogserv.exe
    C:\Program Files\MSN Apps\Updater\01.02.0000.2693\en-us\msnappau.exe
    C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe
    C:\WINNT\system32\taskmgn.exe
    C:\WINNT\System32\svchost.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Documents and Settings\jeff\Local Settings\Temporary Internet Files\Content.IE5\ADBG4RIT\HijackThis[1].exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINNT\system32\mfplay.dll/sp.html (obfuscated)
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINNT\system32\mfplay.dll/sp.html (obfuscated)
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://msn.com.url/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINNT\system32\mfplay.dll/sp.html (obfuscated)
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINNT\system32\mfplay.dll/sp.html (obfuscated)
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINNT\system32\mfplay.dll/sp.html (obfuscated)
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINNT\system32\mfplay.dll/sp.html (obfuscated)
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by America Online
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {85CBFDE0-B26B-4EE5-BD3C-4DE111DE763E} - C:\WINNT\system32\winnet.dll
    O2 - BHO: (no name) - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.02.0000.2693\en-xu\stmain.dll
    O2 - BHO: (no name) - {A32A8EE8-CE70-40E1-8C8C-6DC1CE635D3E} - C:\WINNT\system32\mfplay.dll
    O2 - BHO: (no name) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.0000.2693\en-us\msntb.dll
    O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.0000.2693\en-us\msntb.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [LoadQM] loadqm.exe
    O4 - HKLM\..\Run: [Alogserv] C:\Program Files\McAfee\McAfee VirusScan\alogserv.exe
    O4 - HKLM\..\Run: [Updater] "C:\Program Files\MSN Apps\Updater\01.02.0000.2693\en-us\msnappau.exe"
    O4 - HKCU\..\Run: [McAfee.InstantUpdate.Monitor] "C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" /startmonitor
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O16 - DPF: Pop Fu by pogo - http://popfu.pogo.com/applet-5.8.3.26/popfu/popfu-ob-assets.cab
    O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} (Microsoft Office Template and Media Control) - http://office.microsoft.com/templates/ieawsdc.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38137.5052314815
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/zuma/default/popcaploader_v5.cab
    O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
  5. Jeffrey Hager
    Offline

    Jeffrey Hager Registered Member

    Re: Spyware Help, log added

    still trying to clear this up
  6. Jeffrey Hager
    Offline

    Jeffrey Hager Registered Member

    Re: Spyware Help, log added

    Still waiting for sum help, how long is the normal wait, new at this iste should I hold tight or post again, or give up?
  7. Jeffrey Hager
    Offline

    Jeffrey Hager Registered Member

    Re: Spyware Help, log added

    In response to threads below; I think I may have solved most of my problems with the about:blank and Casino issues. I haven't had trouble for the past 2 days, fingers crossed, I followed a number of the suggestions given in other threads and it seemingly helped. Below is my current hijackThis log. Thanks for any help given.
    Logfile of HijackThis v1.97.7
    Scan saved at 8:55:57 PM, on 7/14/2004
    Platform: Windows 2000 SP4 (WinNT 5.00.2195)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\system32\spoolsv.exe
    C:\WINNT\System32\svchost.exe
    C:\Program Files\Norton Utilities\NPROTECT.EXE
    C:\WINNT\system32\regsvc.exe
    C:\WINNT\system32\MSTask.exe
    C:\WINNT\System32\tcpsvcs.exe
    C:\WINNT\System32\snmp.exe
    C:\Program Files\Speed Disk\nopdb.exe
    C:\WINNT\System32\WBEM\WinMgmt.exe
    C:\WINNT\System32\mspmspsv.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\System32\inetsrv\inetinfo.exe
    C:\WINNT\Explorer.EXE
    C:\Program Files\McAfee\McAfee VirusScan\alogserv.exe
    C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe
    C:\Program Files\McAfee\McAfee VirusScan\VsStat.exe
    C:\Program Files\McAfee\McAfee VirusScan\Vshwin32.exe
    C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
    C:\Program Files\McAfee\McAfee VirusScan\Webscanx.exe
    C:\Program Files\McAfee\McAfee VirusScan\Avconsol.exe
    C:\Program Files\Microsoft Office\Office\WINWORD.EXE
    C:\Documents and Settings\jeff\Local Settings\Temporary Internet Files\Content.IE5\BEJNSKCL\HijackThis1977[1].exe

    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {85CBFDE0-B26B-4EE5-BD3C-4DE111DE763E} - C:\WINNT\system32\winnet.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [LoadQM] loadqm.exe
    O4 - HKLM\..\Run: [Alogserv] C:\Program Files\McAfee\McAfee VirusScan\alogserv.exe
    O4 - HKCU\..\Run: [McAfee.InstantUpdate.Monitor] "C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" /startmonitor
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O16 - DPF: Pop Fu by pogo - http://popfu.pogo.com/applet-5.8.3.26/popfu/popfu-ob-assets.cab
    O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} (Microsoft Office Template and Media Control) - http://office.microsoft.com/templates/ieawsdc.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38137.5052314815
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/zuma/default/popcaploader_v5.cab
    O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
  8. Jeffrey Hager
    Offline

    Jeffrey Hager Registered Member

    Re: Spyware Help, log added

    This issue is resolved, how do I close this thread? Not sure
  9. Taz71498
    Offline

    Taz71498 Registered Member

    Re: Spyware Help, log added

    Hello,

    I am so sorry that no one has gotten to you. Are you sure things are resolved? What you had tends to come back if not properly removed. If you would like, post another log and we can take a look.
  10. Jeffrey Hager
    Offline

    Jeffrey Hager Registered Member

    Re: Spyware Help, log added

    Thanks for the reply. No I'm not certain that all is ok. I am posting HiJack log done today. If someone has time to review and respond that would be great. Thanks for any assistance

    Logfile of HijackThis v1.98.1
    Scan saved at 8:49:30 PM, on 8/2/2004
    Platform: Windows 2000 SP4 (WinNT 5.00.2195)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\system32\spoolsv.exe
    C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe
    C:\WINNT\System32\svchost.exe
    C:\Program Files\Norton Utilities\NPROTECT.EXE
    C:\WINNT\system32\regsvc.exe
    C:\WINNT\system32\MSTask.exe
    C:\WINNT\System32\tcpsvcs.exe
    C:\WINNT\System32\snmp.exe
    C:\Program Files\Speed Disk\nopdb.exe
    C:\WINNT\System32\WBEM\WinMgmt.exe
    C:\WINNT\System32\mspmspsv.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\System32\inetsrv\inetinfo.exe
    C:\Program Files\McAfee\McAfee VirusScan\VsStat.exe
    C:\Program Files\McAfee\McAfee VirusScan\Vshwin32.exe
    C:\WINNT\Explorer.EXE
    C:\Program Files\McAfee\McAfee VirusScan\Avconsol.exe
    C:\Program Files\McAfee\McAfee VirusScan\Webscanx.exe
    C:\Program Files\McAfee\McAfee VirusScan\alogserv.exe
    C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe
    C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Microsoft Office\Office\WINWORD.EXE
    C:\Documents and Settings\jeff\Local Settings\Temporary Internet Files\Content.IE5\CHMJSH63\HijackThis1981[1].exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [LoadQM] loadqm.exe
    O4 - HKLM\..\Run: [Alogserv] C:\Program Files\McAfee\McAfee VirusScan\alogserv.exe
    O4 - HKCU\..\Run: [McAfee.InstantUpdate.Monitor] "C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" /startmonitor
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O15 - Trusted Zone: http://zone.msn.com
    O16 - DPF: Pop Fu by pogo - http://popfu.pogo.com/applet-5.8.3.26/popfu/popfu-ob-assets.cab
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/zuma/default/popcaploader_v5.cab
    O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab

    Thanks
  11. Taz71498
    Offline

    Taz71498 Registered Member

    Re: Spyware Help, log added

    Hello,

    Your log looks pretty good.

    This one is a resource hog and if you don't use it alot you can check it and have HJT fix. It only removes the link:

    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

    This one says there is no file, so you can check that also. Doesn't hurt to leave it either:

    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)


    If you are not experiencing any problems then I say you are clean.

    Here is a link for you to go to that will give you suggestions on how to keep your computer safe:
    http://www.wilderssecurity.com/showthread.php?t=27971
  12. Jeffrey Hager
    Offline

    Jeffrey Hager Registered Member

    Re: Spyware Help, log added

    Hello, Thanx for your reply and advice. I went ahead and and checked / fixed the 2 items you listed. I haven't been having any recent problems. This website has been extremely helpful in suggesting tools and downloads to help clean and protect. WHat a great service. Keep up the GREAT work.
Thread Status:
Not open for further replies.