Tech Support banner

Status
Not open for further replies.
1 - 19 of 19 Posts

·
Registered
Joined
·
12 Posts
Discussion Starter #1
i started my computer today and realized there was a dialing going on followed by a 1-2-3 beeping kind of sound then sounds of processing.. obviously a dialer..but i dont know what it is or how to remove it. i stopped it by opening network connections (i use windows XP home) and disabling the Local Area Network connection which was enabled, odd because i use dialup to use the internet. When I hit disable the dialer seemed to stop running..or maybe it just quit to try again later as coincidence. Anyway, I got online using my standard dialup connection to look for anti dialer advice, and when i got off after having found nothing and opening Symantec Norton Antivirus to scan (which found nothing) the dialer started again. This time the LAN was already disabled obviously and I had to unplug the phone jack from the wall to stop the dialer. There is no warning, just dialing. I'm downloading Spybot and I will download Hijackthis but I doubt they will help..Any advice? I would like to get rid of this, or at least disable it so it does not cause me trouble.
 

·
Registered
Joined
·
139 Posts
Yup. Sounds like you have a trojan that tries to secretly connect to the internet. Or, you could have a program that is set to connect to the 'net whenever you boot up.

Do you have a firewall? They can alert you to suspicious activity and stop it.

I can't stress enough how important it is to have a firewall these days. It's not enough to have just an antivirus anymore.
 

·
Registered
Joined
·
12 Posts
Discussion Starter #3
have firewall

i have norton personall firewall, but it doesnt seem to help. i dont know how to use it to block outgoing calls. is there a program that will block all calls except your service provider?

also here is the log from Hijackthis
Logfile of HijackThis v1.97.2
Scan saved at 2:49:34 PM, on 10/5/2003
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton Personal Firewall\NISUM.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\devldr32.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\DELLMMKB.EXE
C:\WINDOWS\System32\qttask.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb06.exe
C:\WINDOWS\System32\hphmon03.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\WINDOWS\Nhksrv.exe
C:\WINDOWS\System32\PackethSvc.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Program Files\Norton Personal Firewall\ccPxySvc.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~1\NORTON~2\SPEEDD~1\nopdb.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Netropa\OSD.exe
C:\WINDOWS\System32\HPHipm09.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Jonathan\Local Settings\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://www.dellnet.com/
O2 - BHO: (no name) - {0096CC0A-623C-4829-AD9C-19AF0DC9D8FE} - C:\Program Files\DAP\DAPIEBar.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: (no name) - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [POINTER] C:\Program Files\Microsoft Hardware\Mouse\point32.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [AHQInit] C:\Program Files\Creative\SBLive\Program\AHQInit.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [DellTouch] C:\WINDOWS\DELLMMKB.EXE
O4 - HKLM\..\Run: [QuickTime Task] C:\WINDOWS\System32\qttask.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb06.exe
O4 - HKLM\..\Run: [HPHmon03] C:\WINDOWS\System32\hphmon03.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\RunOnce: [SpyBotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: America Online 6.0 Tray Icon.lnk = C:\Program Files\America Online 6.0\aoltray.exe
O4 - Global Startup: Camio Viewer 2000.lnk = C:\Program Files\Sierra Imaging\Image Expert 2000\IXApplet.exe
O4 - Global Startup: Forget Me Not.lnk = C:\Program Files\Broderbund\AG CreataCard\AGremind.exe
O4 - Global Startup: Internet Answering Machine.lnk = C:\Program Files\CallWave\IAM.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O9 - Extra button: AOL Instant Messenger (SM) (HKLM)
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: MoneySide (HKLM)
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O12 - Plugin for .wav: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} (Microsoft Office Template and Media Control) - http://office.microsoft.com/templates/ieawsdc.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37289.731724537
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://lw10fd.law10.hotmail.msn.com/activex/HMAtchmt.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{E6520FAC-612C-409A-8C07-FBF788229958}: NameServer = 207.251.201.10 207.251.201.11
 

·
Registered
Joined
·
5,955 Posts
O3 - Toolbar: (no name) - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - (no file)
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?

O17 - HKLM\System\CCS\Services\Tcpip\..\{E6520FAC-612C-409A-8C07-FBF788229958}: NameServer = 207.251.201.10 207.251.201.11

You can safely delete all of the above. I think that the 017 entry might be your problem, as it is a browser hijacker with dialing capabilities. The "Updreg" is also a potential for "phone home".

Open HJT, scan, check all of the itmes above. Make sure that all browser windows are closed, then fix the problems. Reboot.

Let us know how you are doing after this.
 

·
Registered
Joined
·
139 Posts
Do not get rid of the Adobe Gamma. That is tied to the Photoshop software and can be useful to you. It's not hurting anything.

Other than what jgvernonco pointed out, I don't see anything amiss there.

As far as your Norton firewall is concerned, you need to start with high security settings and go from there.
 

·
Registered
Joined
·
12 Posts
Discussion Starter #6
when i deleted 017, internet explorer stopped finding web sites so i turned the computer off, turned it back on and got online - it worked now, and after the scan that line is back. The dialer stopped running after i unchecked most of the options for the LAN connection..but the 017 thing didnt seem to help. Maybe that is the program and its protecting itself?
 

·
Registered
Joined
·
12 Posts
Discussion Starter #8
here it is

Logfile of HijackThis v1.97.2
Scan saved at 8:28:15 PM, on 10/7/2003
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton Personal Firewall\NISUM.EXE
C:\WINDOWS\Nhksrv.exe
C:\WINDOWS\System32\PackethSvc.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Program Files\Norton Personal Firewall\ccPxySvc.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~1\NORTON~2\SPEEDD~1\nopdb.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\devldr32.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\DELLMMKB.EXE
C:\WINDOWS\System32\qttask.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb06.exe
C:\WINDOWS\System32\hphmon03.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Netropa\OSD.exe
C:\Program Files\CallWave\IAM.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\WINDOWS\System32\HPHipm09.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Jonathan\Local Settings\Temp\Temporary Directory 3 for hijackthis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://www.dellnet.com/
O2 - BHO: (no name) - {0096CC0A-623C-4829-AD9C-19AF0DC9D8FE} - C:\Program Files\DAP\DAPIEBar.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: (no name) - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [POINTER] C:\Program Files\Microsoft Hardware\Mouse\point32.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [AHQInit] C:\Program Files\Creative\SBLive\Program\AHQInit.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [DellTouch] C:\WINDOWS\DELLMMKB.EXE
O4 - HKLM\..\Run: [QuickTime Task] C:\WINDOWS\System32\qttask.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb06.exe
O4 - HKLM\..\Run: [HPHmon03] C:\WINDOWS\System32\hphmon03.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: America Online 6.0 Tray Icon.lnk = C:\Program Files\America Online 6.0\aoltray.exe
O4 - Global Startup: Camio Viewer 2000.lnk = C:\Program Files\Sierra Imaging\Image Expert 2000\IXApplet.exe
O4 - Global Startup: Forget Me Not.lnk = C:\Program Files\Broderbund\AG CreataCard\AGremind.exe
O4 - Global Startup: Internet Answering Machine.lnk = C:\Program Files\CallWave\IAM.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O9 - Extra button: AOL Instant Messenger (SM) (HKLM)
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: MoneySide (HKLM)
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O12 - Plugin for .wav: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089}
(Microsoft Office Template and Media Control) - http://office.microsoft.com/templates/ieawsdc.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37289.731724537
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://lw10fd.law10.hotmail.msn.com/activex/HMAtchmt.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{E6520FAC-612C-409A-8C07-FBF788229958}: NameServer = 207.251.201.10 207.251.201.11
 

·
Registered
Joined
·
5,955 Posts
O3 - Toolbar: (no name) - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - (no file)
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe (did I miss this? bad boy! Gotta go!)
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ? (and this one is broken, too)

O17 - HKLM\System\CCS\Services\Tcpip\..\{E6520FAC-612C-409A-8C07-FBF788229958}: NameServer = 207.251.201.10 207.251.201.11

I am confused about why the 017 comes up again; that's really fishy. Would you go to add/remove programs and make sure that there is nothing there that you don't recognize. If in doubt, giveit to us, and somebody will recognize it.

017 is actively hijacking your browser

Calling all techs! Why didn't 017 go away? Does anyone recognize this thing?

Anyway, open HJT, run the scan, make sure all browser windowes are closed and tell HJT to fix these. Reboot.

Send another log. if that 017 reinstalls itself on the reboot, we'll have to get nasty.
 

·
Registered
Joined
·
4,890 Posts
017 Is needed

That is derived from your TCP/IP settings. Those are the addresses of the nameservers (DNS) that your machine uses to resolve FQDN (Fully Qualified Domain Names, such as www.techsupportforum.com) to IP Addresses.

It is not hijacking anything.
 

·
Registered
Joined
·
12 Posts
Discussion Starter #11 (Edited)
um

ok, so that would explain why deleting it caused IE not to work. everytime I open IE after turning on the computer, 017 reinstalls, be it good or bad. anyway... norton personall firewall seems to have found the dialer (NOW?!) calling it Default Block Netspy Trojan Horse. It told me to use Norton Antivirus to remove it. I've tried but it finds nothing. I use Ad-aware and Spybot also and they seem not to have found what I'm looking for. At least the firewall blocks it..or so it says. It told me the connection could not be traced because it was coming from a computer on my network. I'm guessing that means THIS computer. So..any other ideas? thanks

I'm also very afraid to use a credit card now at places like amazon or ebgames.com..should i worry or not?
 

·
Registered
Joined
·
5,955 Posts
Re: 017 Is needed

Chevy said:
That is derived from your TCP/IP settings. Those are the addresses of the nameservers (DNS) that your machine uses to resolve FQDN (Fully Qualified Domain Names, such as www.techsupportforum.com) to IP Addresses.

It is not hijacking anything.
I actually managed to completely foul up my whois search on that one! I made one error and continued through the entire process!
My apologies all around! The 017 is your ISP!

:upset:
 

·
Registered
Joined
·
5,955 Posts
From the Philadelphia Enquirer:

Things learned along the way. Much to my chagrin, Norton Internet Security recently took to sounding continuous alarms that my computer was infected with the Netspy Trojan horse.

Turned out that the warning was coming up because Windows XP's Fax, which I had just used, raises false alarms in Norton Internet Security or Personal Firewall about the presence of a Trojan horse.

So if you use Fax service, you should configure Norton to stop treating it as a threat.

Doing so, Symantec says, won't stop Personal Firewall or Internet Security from alerting you if a real Trojan horse appears at your gates.

The procedure for quelling Norton's Netspy alarm is outlined in an online article. It is named Rule Default Block Netspy Trojan Horse Matched, but applies to the Windows Fax problem.

On the Web

www.symantec.com/search

(Use Netspy Trojan horse as a search term.)


Is this a possible problem on your system?

PS...since you shop on-line (I do too), lets do one more log to make sure updreg is gone, then I think you will be in good shape.
 

·
Registered
Joined
·
12 Posts
Discussion Starter #14
oops..sorry for posting this as a new thread.

it could be fax i suppose, but the "dialer" stopped dialing originally when i disabled the local area network.. ?? any other clues? what's updreg?


Logfile of HijackThis v1.97.2
Scan saved at 4:50:17 PM, on 10/16/2003
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton Personal Firewall\NISUM.EXE
C:\WINDOWS\Nhksrv.exe
C:\WINDOWS\System32\PackethSvc.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Program Files\Norton Personal Firewall\ccPxySvc.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~1\NORTON~2\SPEEDD~1\nopdb.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\System32\HPHipm09.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINDOWS\System32\devldr32.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\DELLMMKB.EXE
C:\WINDOWS\System32\qttask.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb06.exe
C:\WINDOWS\System32\hphmon03.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\CallWave\IAM.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Netropa\OSD.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Jonathan\Local Settings\Temp\Temporary Directory 6 for hijackthis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://www.dellnet.com/
O2 - BHO: (no name) - {0096CC0A-623C-4829-AD9C-19AF0DC9D8FE} - C:\Program Files\DAP\DAPIEBar.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: (no name) - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [POINTER] C:\Program Files\Microsoft Hardware\Mouse\point32.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [AHQInit] C:\Program Files\Creative\SBLive\Program\AHQInit.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [DellTouch] C:\WINDOWS\DELLMMKB.EXE
O4 - HKLM\..\Run: [QuickTime Task] C:\WINDOWS\System32\qttask.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb06.exe
O4 - HKLM\..\Run: [HPHmon03] C:\WINDOWS\System32\hphmon03.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: America Online 6.0 Tray Icon.lnk = C:\Program Files\America Online 6.0\aoltray.exe
O4 - Global Startup: Camio Viewer 2000.lnk = C:\Program Files\Sierra Imaging\Image Expert 2000\IXApplet.exe
O4 - Global Startup: Forget Me Not.lnk = C:\Program Files\Broderbund\AG CreataCard\AGremind.exe
O4 - Global Startup: Internet Answering Machine.lnk = C:\Program Files\CallWave\IAM.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O9 - Extra button: AOL Instant Messenger (SM) (HKLM)
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: MoneySide (HKLM)
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O12 - Plugin for .wav: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} (Microsoft Office Template and Media Control) - http://office.microsoft.com/templates/ieawsdc.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37289.731724537
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://lw10fd.law10.hotmail.msn.com/activex/HMAtchmt.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{E6520FAC-612C-409A-8C07-FBF788229958}: NameServer = 207.251.201.10 207.251.201.11
 

·
Registered
Joined
·
5,955 Posts
O3 - Toolbar: (no name) - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - (no file)
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe


Open an HJT log, check fix these, then, with all browser and explorer windows closed, tell HJT to fix them.

Before you reboot...

delete C:\WINDOWS\Updreg.exe


Reboot

It should be all good !

John
 

·
Registered
Joined
·
12 Posts
Discussion Starter #16
thanks very much. just wondering..uh..i ordered something earlier today before i removed those 3 things..is that bad? also, theres something called uneng..anything to worry about? thanks very much once again!
 

·
Registered
Joined
·
12 Posts
Discussion Starter #18
actually uneng was just a file in the windows directory and i guess i'm paranoid..oh well. anyway, norton personal firewall still alerts me from time to time on bootup that netspy trojan horse has attacked. pretty clueless i am. i dont know why its only from time to time tho.
 

·
Registered
Joined
·
5,955 Posts
jgvernonco’s
recommended
security
software

Zonealarm Firewall (free edition) Zone Labs:

http://www.zonelabs.com/store/content/company/products/znalm/freeDownload.jsp

Free antivirus software

http://www.avast.com/i_idt_153.html


Spyware blocking programs (free):

Spyware Blaster and Spyware Guard (the link will take you to the Blaster page. The menu bar at the top will take you to the Guard page. These two programs, written by the same developer, work hand-in-hand to protect you from invasions).

http://www.javacoolsoftware.com/spywareblaster.html


Spyware Killers (free)!

Spybot Search & Destroy

http://download.com.com/3000-2144-10122137.html?part=104443&subj=dlpage&tag=button

Adaware
Ad-aware - Software - Lavasoft

http://www.lavasoftusa.com/software/adaware/

I run both of these, as they occasionally find something that the other did not.

Additionally, Microsoft has made some poor choices about default settings in the OSs, resulting in multiple security weaknesses. Gibson Research has a number of little programs that will help you close security holes without having to edit your registry, wander My Computer, etc., just to get secure. I highly recommend this resource.

Gibson Research Corporation Home Page

http://grc.com/default.htm

The secret to running these programs is to update at least weekly! Update Adaware and Spybot before you run a scan every time. Don’t forget to update Blaster and Guard when you are doing your maintenance. Make sure the antivirus software us up-to-date. Put a note on your computer reminding you to do it!

Last, but not least, if you are a Microsoft user, update, update, update! Put it on your list! The only Trojan that ever made it through my security did not take me down because I was current on my security patches, which limited what the Trojan could do. (It was still a big pain, though). Most of you will have a Windows Update selection when you click “start”, but if you do not, here’s a link:

Microsoft Windows Update

http://v4.windowsupdate.microsoft.com/en/default.asp

Stay safe! Enjoy the WWW!

jg

[email protected]

Another Stupid Computer Newsletter
 
1 - 19 of 19 Posts
Status
Not open for further replies.
Top