SPYWAREGUARD PROBLEM

Discussion in 'adware, spyware & hijack cleaning' started by stanley0789, Jul 2, 2004.

Thread Status:
Not open for further replies.
  1. stanley0789

    stanley0789 Registered Member

    Joined:
    Jul 2, 2004
    Posts:
    5
    Location:
    LA
    hello:

    The following log is posted after running adaware. While my computer is loading I get a pop up saying SpywareGuard Browser Protection Alert. It states that my IE local machine search page has been changed to www. microsoft.com/isap/redir.dll?pdr=iear=iesearch. I didnt even know I had a search page set up. How do I get rid of this problem so that it doesnt happen every time I start my computer. Your aid would be appreciated.

    Logfile of HijackThis v1.97.7
    Scan saved at 9:56:17 PM, on 7/2/2004
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\TPWRTRAY.EXE
    C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
    C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe
    C:\WINDOWS\System32\TFNF5.exe
    C:\Program Files\Toshiba\TOSHIBA Controls\TFncKy.exe
    C:\WINDOWS\System32\TDispVol.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\WINDOWS\System32\SxgTkBar.exe
    C:\Toshiba\Ivp\ISM\pinger.exe
    C:\Program Files\BroadJump\Client Foundation\CFD.exe
    C:\WINDOWS\System32\00THotkey.exe
    C:\Program Files\Caere\OmniPagePro90\opware32.exe
    C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
    C:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
    C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
    C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
    C:\WINDOWS\system32\ntvdm.exe
    C:\Program Files\Real\RealPlayer\RealPlay.exe
    c:\progra~1\mcafee.com\vso\mcvsescn.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    C:\Program Files\Iomega QuikSync 3\quiksync3.exe
    C:\Program Files\SpywareGuard\sgmain.exe
    c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
    C:\Program Files\Norton Utilities\NPROTECT.EXE
    C:\WINDOWS\System32\nvsvc32.exe
    C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
    C:\Program Files\SpywareGuard\sgbhp.exe
    C:\Program Files\Speed Disk\nopdb.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    c:\progra~1\mcafee.com\vso\mcvsftsn.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\DWIGHT V. HART\Local Settings\Temporary Internet Files\Content.IE5\TF7B15CE\HijackThis[1].exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rr.com/flash/index.cfm
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rr.com/flash/index.cfm
    O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
    O4 - HKLM\..\Run: [TSysSMon] c:\toshiba\sysstability\tsyssmon.exe /detect
    O4 - HKLM\..\Run: [Tpwrtray] TPWRTRAY.EXE
    O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
    O4 - HKLM\..\Run: [TosHKCW.exe] C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe
    O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
    O4 - HKLM\..\Run: [TFncKy] C:\Program Files\Toshiba\TOSHIBA Controls\TFncKy.exe /Type 05
    O4 - HKLM\..\Run: [TDispVol] TDispVol.exe
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [SxgTkBar] SxgTkBar.exe
    O4 - HKLM\..\Run: [Pinger] C:\Toshiba\Ivp\ISM\pinger.exe /run
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
    O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
    O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe
    O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
    O4 - HKLM\..\Run: [OmniPage] C:\Program Files\Caere\OmniPagePro90\opware32.exe
    O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
    O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
    O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
    O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
    O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
    O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
    O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
    O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe /0
    O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
    O4 - HKCU\..\Run: [wsock32] C:\WINDOWS\System32\wsock32.exe
    O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Iomega QuikSync 3.lnk = C:\Program Files\Iomega QuikSync 3\quiksync3.exe
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
    O12 - Plugin for .kar: C:\Program Files\Internet Explorer\PLUGINS\npvmidi.dll
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O12 - Plugin for .vbs: C:\Program Files\Internet Explorer\PLUGINS\npvmidi.dll
    O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com
    O16 - DPF: ppctlcab - http://www.pestscan.com/scanner/ppctlcab.cab
    O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (sys Class) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.pestscan.com/scanner/axscanner.cab
    O16 - DPF: {3AF4DACE-36ED-42EF-9DFC-ADC34DA30CFF} (PatchInstaller.Installer) - file://E:\content\include\XPPatchInstaller.CAB
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://bin.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,76/mcinsctl.cab
    O16 - DPF: {597C45C2-2D39-11D5-8D53-0050048383FE} (OPUCatalog Class) - http://office.microsoft.com/productupdates/content/opuc.cab
    O16 - DPF: {638AF6A2-81A1-4655-9FFA-9FC09CDE22CF} (CScanner Object) - http://www.pestscan.com/scanner/ppctlcab.cab
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {6FB9FE59-7D3B-483D-9909-C870BE5AFA1F} (DiskHealth Class) - http://www.pcpitstop.com/pcpitstop/diskhealth.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2003120501/housecall.antivirus.com/housecall/xscan53.cab
    O16 - DPF: {78960E0E-0B0C-11D4-8997-00104BD12D94} (AV Class) - http://www.pcpitstop.com/antivirus/PCPAV.CAB
    O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
    O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} (mhLabel Class) - http://www.pcpitstop.com/mhLbl.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37916.9343171296
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/1,5,0,4320/mcfscan.cab
     
  2. stanley0789

    stanley0789 Registered Member

    Joined:
    Jul 2, 2004
    Posts:
    5
    Location:
    LA
    HELLO. WOULD SOMEONE PLEASE REPLY TO MY POST? THANKS........... o_O
     
  3. Gavin - DiamondCS

    Gavin - DiamondCS Former DCS Moderator

    Joined:
    Feb 10, 2002
    Posts:
    2,080
    Location:
    Perth, Western Australia
    Hi,

    Please be patient :)

    Tick the following item, then choose fix checked and reboot.

    O4 - HKCU\..\Run: [wsock32] C:\WINDOWS\System32\wsock32.exe

    Please send the file wsock32.exe to submit@diamondcs.com.au so I can analyse it

    As for your problem, it seems like you are running a few antispyware programs. One of them may have a "reset homepage" option ? please try to find that, since that is probably the problem - when that certain program starts, it will reset it to the default Microsoft homepage. Then SpywareGuard sees the change and complains..
     
  4. stanley0789

    stanley0789 Registered Member

    Joined:
    Jul 2, 2004
    Posts:
    5
    Location:
    LA
    thanks for the info. i was able to fix my problem..did a search for wsock32.exe and it was not found. one of my programs must have deleted it..sorry.
     
  5. snapdragin

    snapdragin Administrator

    Joined:
    Feb 16, 2002
    Posts:
    8,415
    Location:
    Southern Ont., Canada
    Hi stanley0789,

    Could you please post a new hijackthis log so we can check to be sure it is clean. :)

    Regards,

    snap
     
Thread Status:
Not open for further replies.