Home network problem

Discussion in 'adware, spyware & hijack cleaning' started by Fraha, Mar 8, 2004.

Thread Status:
Not open for further replies.
  1. Fraha

    Fraha Registered Member

    Joined:
    Feb 3, 2003
    Posts:
    189
    Location:
    The Hague - Netherlands
    Hi all! Greetings from the Netherlands ;)

    As the next problem is probably related to some setting in a spyware program I'll ask here...

    I have an XP system and a Win 2000 system in a homenetwork called "thuisnet" I use an ADSL modem and a Router from Draytek, the Vigor 2200E.
    This home network is not working properly anymore. Since some time now the win 2000 system cannot look on my Harddisks. The share option is ok on my system. The little hand is visible on all HD's i want to share.
    There is no problem going to the internet on both machines either.

    So, where do i look and what can i try to fix?

    Need more info? ASK! :D

    Any takers?

    Frans
     
  2. Shadowwar

    Shadowwar Spyware Expert

    Joined:
    Feb 26, 2004
    Posts:
    305
    Can you do this for the 2000 machine:
    Please go to this link ,read the tuturial and download Hijackthis.
    http://www.mjc1.com/mirror/hjt/

    Do not fix anything yet. Most items are harmless and necessary for windows.

    Post your hijackthis log here.

    do you have any software firewalls on any of the machines?
     
  3. Fraha

    Fraha Registered Member

    Joined:
    Feb 3, 2003
    Posts:
    189
    Location:
    The Hague - Netherlands
    Hi and thanks for the reply.

    Yes I do have a firewall, but this has always been the case! I use norman AV and firewall and also a firewall within the draytec router.

    Here's the hJT:

    Logfile of HijackThis v1.97.7
    Scan saved at 0:12:06, on 10-3-2004
    Platform: Windows 2000 SP4 (WinNT 5.00.2195)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\csrss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\system32\spoolsv.exe
    C:\WINNT\System32\svchost.exe
    C:\Program Files\Norman\NPF\NPFSVICE.EXE
    C:\Norman\NVC\BIN\Zanda.exe
    C:\WINNT\Explorer.EXE
    C:\WINNT\system32\regsvc.exe
    C:\WINNT\system32\MSTask.exe
    C:\WINNT\System32\WBEM\WinMgmt.exe
    C:\WINNT\System32\mspmspsv.exe
    C:\WINNT\system32\svchost.exe
    C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    C:\Program Files\Messenger Plus! 2\MsgPlus.exe
    C:\NORMAN\Nvc\BIN\ZLH.EXE
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\Norman\NPF\NPFMSG.EXE
    C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
    C:\Program Files\United Devices\UD.EXE
    C:\Program Files\Outlook Express\msimn.exe
    C:\WINNT\System32\svchost.exe
    C:\Program Files\MultiPro\MultiPro.exe
    C:\Program Files\SpywareGuard\sgmain.exe
    C:\Program Files\SpywareGuard\sgbhp.exe
    C:\NORMAN\Nvc\BIN\nvcoas.exe
    C:\NORMAN\Nvc\BIN\NYMSE.EXE
    C:\NORMAN\Nvc\BIN\NIP.EXE
    C:\NORMAN\Nvc\BIN\NVCSCHED.EXE
    C:\NORMAN\Nvc\BIN\NJEEVES.EXE
    C:\NORMAN\Nvc\BIN\nipsvc.exe
    C:\NORMAN\Nvc\BIN\cclaw.exe
    C:\Program Files\United Devices\ud_6800466.exe
    C:\Program Files\United Devices\ud_6800466_0.dir\ud_ligfit_Release.exe
    C:\wincmd\WINCMD32.EXE
    C:\HijackThis\HijackThis.exe
    C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.fun4u.101.nl/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = wwwproxy.xs4all.nl:8080
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 192.168;<local>
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    O4 - HKLM\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe"
    O4 - HKLM\..\Run: [Norman ZANDA] C:\NORMAN\Nvc\BIN\ZLH.EXE /LOAD /SPLASH
    O4 - HKCU\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe" /WinStart
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - Startup: UD Agent.lnk = C:\Program Files\United Devices\UD.EXE
    O4 - Startup: Outlook Express starten.lnk = C:\Program Files\Outlook Express\msimn.exe
    O4 - Startup: MultiPro.lnk = C:\Program Files\MultiPro\MultiPro.exe
    O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: NPF Messenger.lnk = C:\Program Files\Norman\NPF\NPFMSG.EXE
    O9 - Extra button: WIC Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: WIC Messenger (HKLM)
    O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} (Microsoft Office Template and Media Control) - http://office.microsoft.com/templates/ieawsdc.cab
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
    O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37874.6131712963
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {DF6A0F17-0B1E-11D4-829D-00C04F6843FE} (Microsoft Office Tools on the Web Control) - http://dgl.microsoft.com/downloads/outc.cab

    Eagerly awaiting your comment!

    Regards

    Frans
     
  4. snowbound

    snowbound Retired Moderator

    Joined:
    Feb 18, 2003
    Posts:
    8,723
    Location:
    The Big Smoke
    Hi Fraha :)

    I can't help u with your log but i see that u have Messenger Plus 2! installed on your system.

    Take a look at this link,

    http://www.spywareinfoforum.com/newsletter/archives/june-2003/3.php

    u may want to get rid of it. ;)

    Hope this helps.



    snowbound
     
  5. Fraha

    Fraha Registered Member

    Joined:
    Feb 3, 2003
    Posts:
    189
    Location:
    The Hague - Netherlands
    If this program is a problem, how come the spybot does not 'see' this?

    Do I have a wrong setting in that program?

    Frans
     
  6. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,332
    Location:
    Netherlands
    MessengerPlus itself is not a problem. It is the software that gets bundled that is spyware.
    Either you paid attention during install or removed the spyware afterwards. ;)

    Regards,

    Pieter
     
  7. Fraha

    Fraha Registered Member

    Joined:
    Feb 3, 2003
    Posts:
    189
    Location:
    The Hague - Netherlands
    ok, thanks, but how does the rest of the hijackthis logfile looks to you?

    All clean?

    Frans
     
  8. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,332
    Location:
    Netherlands
    Yep,

    Pieter
     
Thread Status:
Not open for further replies.