Problems?

Discussion in 'adware, spyware & hijack cleaning' started by DAVIDCOWAN01, Jun 18, 2004.

Thread Status:
Not open for further replies.
  1. DAVIDCOWAN01

    DAVIDCOWAN01 Registered Member

    Joined:
    Jun 18, 2004
    Posts:
    5
    Please Help me,
    Logfile of HijackThis v1.97.7
    Scan saved at 15:17:36, on 18/06/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\windows\System32\smss.exe
    C:\windows\system32\winlogon.exe
    C:\windows\system32\services.exe
    C:\windows\system32\lsass.exe
    C:\windows\system32\svchost.exe
    C:\windows\System32\svchost.exe
    C:\windows\system32\spoolsv.exe
    F:\PROGRA~1\Grisoft\AVG6\avgserv.exe
    C:\WINDOWS\System32\CTsvcCDA.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\windows\System32\nvsvc32.exe
    C:\WINDOWS\System32\PGPsdkServ.exe
    C:\windows\System32\tcpsvcs.exe
    C:\windows\System32\snmp.exe
    C:\windows\system32\ssoftsrv.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\windows\Explorer.EXE
    C:\windows\System32\NVATray.exe
    C:\windows\System32\CTHELPER.EXE
    C:\windows\System32\rundll32.exe
    C:\Program Files\Creative\ShareDLL\CtNotify.exe
    F:\Program Files\Creative\SBLive\AudioHQ\AHQTBU.EXE
    C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe
    C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
    C:\Program Files\Creative\ShareDLL\MediaDet.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    F:\Program Files\Grisoft\AVG6\avgcc32.exe
    C:\windows\System32\RUNDLL32.EXE
    F:\WCESCOMM.EXE
    F:\Program Files\Yahoo!\Messenger\YPager.exe
    F:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\WINDOWS\System32\cisvc.exe
    C:\WINDOWS\System32\cidaemon.exe
    C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
    C:\Documents and Settings\Sandra\Desktop\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bbc.co.uk
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bbc.co.uk
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {5F50A50A-0A0F-4F58-8B1C-62BC60F9B05A} - F:\NewzCrawler\NCRSSAuto.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NVIDIA nForce APU1 Utilities] NVATray.exe
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
    O4 - HKLM\..\Run: [RecSche] C:\TV Capture Card\RecSche.exe /Startup
    O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
    O4 - HKLM\..\Run: [Jet Detection] "F:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
    O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
    O4 - HKLM\..\Run: [AudioHQU] F:\Program Files\Creative\SBLive\AudioHQ\AHQTBU.EXE
    O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe icon
    O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
    O4 - HKLM\..\Run: [BBDial] C:\Program Files\BT Voyager 105 ADSL Modem\BT Broadband.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [AVG_CC] F:\Program Files\Grisoft\AVG6\avgcc32.exe /startup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [Zone Labs Client] "F:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKCU\..\Run: [Yahoo! Pager] F:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
    O4 - HKCU\..\Run: [H/PC Connection Agent] "F:\WCESCOMM.EXE"
    O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
    O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
    O8 - Extra context menu item: Subscribe in NewzCrawler - file://F:\NewzCrawler\context.htm
    O9 - Extra button: Newz Crawler (HKLM)
    O9 - Extra 'Tools' menuitem: Newz Crawler (HKLM)
    O9 - Extra button: Yahoo! Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
    O12 - Plugin for .mp3: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin4.dll
    O12 - Plugin for ¸æb: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin4.dll
    O12 - Plugin for ¸æ{: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin4.dll
    O12 - Plugin for ôå: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin4.dll
    O16 - DPF: ppctlcab - http://www.pestscan.com/scanner/ppctlcab.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{EAFAED5C-31C4-4D63-83CF-8A88DC17E38A}: NameServer = 194.74.65.68 194.72.9.34

    It seems when I go on any website with some ad on it, like yahoo all i get is an empty box with that thing in the corner and my computer freezes for anything upto 10 minutes

    Perhaps there is a problem with something above.
     
    Last edited: Jun 18, 2004
  2. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,330
    Location:
    Netherlands
    Well I agree with them in this case, but maybe if you can tell us the symptoms, that will help us pinpoint the problem.

    Regards,

    Pieter
     
  3. DAVIDCOWAN01

    DAVIDCOWAN01 Registered Member

    Joined:
    Jun 18, 2004
    Posts:
    5
    I have now listed what problems i am having
     
  4. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,330
    Location:
    Netherlands
    Are you by any chance running the XP firewall and ZoneAlarm alongside?
    To check for the XP firewall rightclick your internetconnection, check under Properties on the Advanced tab.

    Regards,

    Pieter
     
  5. DAVIDCOWAN01

    DAVIDCOWAN01 Registered Member

    Joined:
    Jun 18, 2004
    Posts:
    5
    I was running a Windows XP Firewall along side Zone Alarm but I have disabled that.

    I dont know if this is any different but i still have the same problem. Whe there is an ad on the page nothing appears and it just says in the box action cancelled when i know that it works because I've tried it on another computer. An example would be www.fs2002.com when the page loads up on the right hand side is the ad. When it tries to load up i have notice at the bottom the page some thing along the lines of c://windows.........dns error.

    Logfile of HijackThis v1.97.7
    Scan saved at 14:25:14, on 23/06/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\windows\System32\smss.exe
    C:\windows\system32\winlogon.exe
    C:\windows\system32\services.exe
    C:\windows\system32\lsass.exe
    C:\windows\system32\svchost.exe
    C:\windows\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\windows\system32\spoolsv.exe
    F:\PROGRA~1\Grisoft\AVG6\avgserv.exe
    C:\WINDOWS\System32\cisvc.exe
    C:\WINDOWS\System32\CTsvcCDA.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\windows\System32\nvsvc32.exe
    C:\WINDOWS\System32\PGPsdkServ.exe
    C:\Program Files\Norton AntiVirus\SAVScan.exe
    C:\windows\System32\tcpsvcs.exe
    C:\windows\System32\snmp.exe
    C:\windows\system32\ssoftsrv.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\WINDOWS\System32\cidaemon.exe
    C:\windows\Explorer.EXE
    C:\windows\System32\NVATray.exe
    C:\windows\System32\rundll32.exe
    C:\windows\System32\CTHELPER.EXE
    C:\Program Files\Creative\ShareDLL\CtNotify.exe
    F:\Program Files\Creative\SBLive\AudioHQ\AHQTBU.EXE
    C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe
    C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    F:\Program Files\Grisoft\AVG6\avgcc32.exe
    C:\windows\System32\RUNDLL32.EXE
    F:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\WINDOWS\PROTECT\PR2003.EXE
    F:\Program Files\Yahoo!\Messenger\ypager.exe
    C:\Program Files\Creative\ShareDLL\MediaDet.exe
    F:\WCESCOMM.EXE
    C:\Program Files\Atomic Clock Sync\Atomic.exe
    C:\windows\System32\svchost.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\windows\System32\wuauclt.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Messenger\msmsgs.exe
    C:\Documents and Settings\Sandra\Desktop\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bbc.co.uk
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bbc.co.uk
    F1 - win.ini: run=F:\UserData\PR20Y\PR2003.EXE
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_19_0.dll
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {5F50A50A-0A0F-4F58-8B1C-62BC60F9B05A} - F:\NewzCrawler\NCRSSAuto.dll
    O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_19_0.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NVIDIA nForce APU1 Utilities] NVATray.exe
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
    O4 - HKLM\..\Run: [RecSche] C:\TV Capture Card\RecSche.exe /Startup
    O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
    O4 - HKLM\..\Run: [Jet Detection] "F:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
    O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
    O4 - HKLM\..\Run: [AudioHQU] F:\Program Files\Creative\SBLive\AudioHQ\AHQTBU.EXE
    O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe icon
    O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [AVG_CC] F:\Program Files\Grisoft\AVG6\avgcc32.exe /startup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [Zone Labs Client] "F:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [PR2003] C:\WINDOWS\PROTECT\PR2003.EXE
    O4 - HKLM\..\Run: [BBDial] C:\Program Files\BT Voyager 105 ADSL Modem\BT Broadband.exe
    O4 - HKCU\..\Run: [Yahoo! Pager] F:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
    O4 - HKCU\..\Run: [H/PC Connection Agent] "F:\WCESCOMM.EXE"
    O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
    O4 - HKLM\..\RunOnce: [ Windows & Internet Cleaner] C:\Program Files\NeoImagic Computing\Windows & Internet Cleaner\WICleaner.exe /ErIEIndex
    O4 - HKCU\..\RunOnce: [ Windows & Internet Cleaner] C:\Program Files\NeoImagic Computing\Windows & Internet Cleaner\WICleaner.exe /ErIEIndex
    O8 - Extra context menu item: Subscribe in NewzCrawler - file://F:\NewzCrawler\context.htm
    O9 - Extra button: NTKit (HKLM)
    O9 - Extra 'Tools' menuitem: Network Tools Kit (HKLM)
    O9 - Extra button: Newz Crawler (HKLM)
    O9 - Extra 'Tools' menuitem: Newz Crawler (HKLM)
    O9 - Extra button: Yahoo! Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
    O12 - Plugin for .mp3: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin4.dll
    O12 - Plugin for ¸æb: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin4.dll
    O12 - Plugin for ¸æ{: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin4.dll
    O12 - Plugin for ôå: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin4.dll
    O16 - DPF: ppctlcab - http://www.pestscan.com/scanner/ppctlcab.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{EAFAED5C-31C4-4D63-83CF-8A88DC17E38A}: NameServer = 194.74.65.68 194.72.9.34
     
  6. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,330
    Location:
    Netherlands
    So we can safely conclude there is some kind of adblocker that is being too strict for your taste.

    Now all we have to find out is which program is doing it. Again my first thougt would be your firewall.

    Regards,

    Pieter
     
  7. DAVIDCOWAN01

    DAVIDCOWAN01 Registered Member

    Joined:
    Jun 18, 2004
    Posts:
    5
    I cant be my firewall. I am using Zone Alarm Pro and I have the ad seetings on Off. On some websites i have problems running Java, i think i have some missing components. Also when i go on a website at the bottom where it displays what is loading, when the words ad.adtracker or ad.... - it stops that website. When I search for music on www.dogpile.com i get "The page cannot be displayed" and at the bottom "Cannot find server or DNS Error
    Internet Explorer".
     
    Last edited: Jun 24, 2004
  8. DAVIDCOWAN01

    DAVIDCOWAN01 Registered Member

    Joined:
    Jun 18, 2004
    Posts:
    5
    I think i may have found the problem. My computer keeps going through a proxy. 127.0.0.1
     
  9. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,330
    Location:
    Netherlands
    Hi David,

    Be carefull in pursuing this. 127.0.0.1 is under normal circumstances defined as "local machine" in other words your computer.
    Programs that filer web or mail-content often set this proxy so they can intercept and check the traffic before it is allowed on your computer.

    Regards,

    Pieter
     
Thread Status:
Not open for further replies.