Wan Mini/possable spyware?

Discussion in 'adware, spyware & hijack cleaning' started by lightning113, Apr 16, 2004.

Thread Status:
Not open for further replies.
  1. lightning113

    lightning113 Registered Member

    Apr 15, 2004
    Western New York
    Hello,I am new to the forum and this is my first post.I am wondering if I have a Spyware problem.I switched to cable modem from dial up(non-broadband) about three weeks ago.The machine has been running great and about three days ago I couldn't connect and I happened to notice that I had a yellow sign and an exclaimation mark at the Wan Mini Port in the device manager.When I tryed to uninstall it Windows wouldn't allow it saying it may be needed to boot machine.When I tried to roll back the drivers it would say they were not backed up or Windows would not load them.After fooling with the cable modem(unplugged) and rebooting the machine two or three times it suddenly allowed me to install the drivers and everything worked fine.It just happened again tonight but it allowed me to connect with the yellow sign and exclaimation mark.....I then again tried to install drivers and the folder picture showed the drivers loading again and now its ok again.Can this be related to the way the machine is set up for Cable?Or Spyware?Its an HP box with plenty of Ram and Hard Drive space,WinXP,I keep it pretty clean.there is IE SPYAD,Spywareblaster,Spyware Guard,Windows patches and updates are current, anti-virus software up to date.I just ran Adaware ver 6.....came up clean.I would like to post a Hijack This Log.....If someone has some experiance with the mini port issue I would appreciate it.Thanks so much in advance.LightningLogfile of HijackThis v1.97.7
    Scan saved at 9:00:14 PM, on 4/16/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\Program Files\Sygate\SPF\smc.exe
    c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    c:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    C:\Program Files\Netscape\Netscape\Netscp.exe
    C:\Program Files\America Online 9.0b\aoltray.exe
    C:\Program Files\SpywareGuard\sgmain.exe
    c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
    C:\Program Files\SpywareGuard\sgbhp.exe
    C:\Program Files\America Online 9.0b\waol.exe
    C:\Program Files\America Online 9.0b\shellmon.exe
    C:\Program Files\Common Files\Aol\aoltpspd.exe
    C:\Documents and Settings\Owner\Desktop\PROGRAMS\hijackthis\hijackthis\HijackThis.exe
    C:\Program Files\Messenger\msmsgs.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.adelphiapowerpage.com/myPowerPage.cfm
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    N3 - Netscape 7: user_pref("browser.startup.homepage", "http://search.netscape.com/ns/boomframe.jsp?query=adelphia+power+page&page=1&offset=0&result_url=redir%3Fsrc%3Dwebsearch%26requestId%3Da468aac1eeb2d55e%26clickedItemRank%3D1%26userQuery%3Dadelphia%2Bpower%2Bpage%26clickedItemURN%3Dhttp%253A%252F%252Fwww.adelphiapowerpage.com%252F%26invocationType%3D-%26fromPage%3DNSBoom%26amp%3BampTest%3D1&remove_url=http%3A%2F%2Fwww.adelphiapowerpage.com%2F"); (C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\1rrm39hw.slt\prefs.js)
    N3 - Netscape 7: user_pref("browser.search.defaultengine", ""); (C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\1rrm39hw.slt\prefs.js)
    O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [ccRegVfy] "c:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
    O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
    O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\Program Files\Netscape\Netscape\Netscp.exe" -turbo
    O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
    O4 - Global Startup: America Online Tray Icon.lnk = C:\Program Files\America Online 9.0b\aoltray.exe
    O4 - Global Startup: AOL Companion.lnk.disabled
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
    O9 - Extra button: AOL Toolbar (HKLM)
    O9 - Extra 'Tools' menuitem: AOL Toolbar (HKLM)
    O9 - Extra button: Real.com (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Messenger (HKLM)
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O15 - Trusted Zone: http://www.adultswim.com
    O15 - Trusted Zone: http://www.anomalies.net
    O15 - Trusted Zone: http://www.cartoonnetwork.com
    O15 - Trusted Zone: http://www.coasttocoastam.com
    O15 - Trusted Zone: http://www.darkplanetonline.com
    O15 - Trusted Zone: http://www.earthfiles.com
    O15 - Trusted Zone: http://www.enterprisemission.com
    O15 - Trusted Zone: http://www.fly.faa.gov
    O15 - Trusted Zone: http://www.libertyforum.org
    O15 - Trusted Zone: http://*.lurkhere.com
    O15 - Trusted Zone: http://www.net-integration.net
    O15 - Trusted Zone: http://www.rense.com
    O15 - Trusted Zone: http://www.surfingtheapocalypse.com
    O15 - Trusted Zone: http://smb.sygate.com
    O15 - Trusted Zone: http://*.windowsupdate.com
    O15 - Trusted Zone: http://*.www.spywareinfo
    O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/beta/qdiagcc.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{8CB932C4-5791-4B61-AACD-FF9A4D44893B}: NameServer =
  2. puff-m-d

    puff-m-d Registered Member

    Feb 13, 2002
    North Carolina, USA
    Hi lightning113,

    Welcome to Wilders!

    Your HJT log is clean. I see no problems with it. I can not help you with the Wan Mini Port issue but perhaps one of the other Experts here may be able to help. You may want to ask that question in a more appropiate forum where it will get more response since you are not having any problems with hijacks.

Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.