iansnooke

May 8, 2007

A man walks into the kitchen with a duck under his arm and says : " This is the pig that I've been doing the last 20 years. " His wife says to him : " Thats not a pig, it's a duck! " He replies: " I was talking to the duck. "

I hope this joke is acceptable.

May 8, 2007

Well, the first time that I touched a pc was when I was 17. I'm now 23 and its really just in this past year or so that I really got to play on a pc. So just about 90 percent of my knowledge is thanks to a french guy ( who cant speak a word of english ) who is a computer technician. So Imagine all the dumb moments I'm feeling, trying to learn computers and french!!

Btw I'm from South Africa, and never heard french before untill 18. Immigrated when I was 21.

May 8, 2007

No problem, here we go.

Logfile of HijackThis v1.99.1

Scan saved at 10:28:53 AM, on 2007/05/08

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

C:\Program Files\RealVNC\VNC4\WinVNC4.exe

C:\WINDOWS\NCLAUNCH.EXe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

C:\Program Files\SpywareGuard\sgmain.exe

C:\Program Files\SpywareGuard\sgbhp.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\WgaTray.exe

C:\Documents and Settings\snookedoggydog\Mes documents\Computers\Computer safety\HJT\HJT.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.co.za

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.co.za

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.co.za

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: QFX Software KeyScrambler - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll

O2 - BHO: SpywareGuardDLBLOCK.CBrowserHelper - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"

O4 - HKLM\..\Run: [spywareBot] C:\Program Files\SpywareBot\SpywareBot.exe -boot

O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKCU\..\Run: [NCLaunch] C:\WINDOWS\NCLAUNCH.EXe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [spywareBot] C:\Program Files\SpywareBot\SpywareBot.exe -boot

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - Startup: OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe

O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra button: (no name) - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll

O9 - Extra 'Tools' menuitem: &KeyScrambler... - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{621003E4-F62B-4890-9899-CC2257A751FB}: NameServer = 212.27.32.176,212.27.32.177

O17 - HKLM\System\CCS\Services\Tcpip\..\{671C48EE-DB87-49DB-AB92-53ACB6BF0AA1}: NameServer = 212.27.53.252,212.27.54.252

O17 - HKLM\System\CS1\Services\Tcpip\..\{621003E4-F62B-4890-9899-CC2257A751FB}: NameServer = 212.27.32.176,212.27.32.177

O17 - HKLM\System\CS3\Services\Tcpip\..\{621003E4-F62B-4890-9899-CC2257A751FB}: NameServer = 212.27.32.176,212.27.32.177

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe

O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - C:\Program Files\RealVNC\VNC4\WinVNC4.exe" -service (file missing)

You will see that Kaspersky is not on there. I turned it off because its outdated and its asking me for my product key. Problem is, not that long ago my motherboard fried and I replaced it, but in the process cant find my key.

Anyways, thanx!

May 7, 2007

Hi! Well, I was playing around my options in the firfox browser and saw that the sites where the popups comes from, was somehow authorised. So I deleted that lists and no more popups. Dont know how they got athourised, but they gone now.

May 5, 2007

Log is actually looking really good, seems we may have done it with one fell swoop.
I do have a couple of question about 2 of the programs you show installed.
WinVNC4 Did you install this?? If so that's fine I just remember it (or a version of it) used to be installed by some trojans for THEIR manipulation of the computer. If YOU installed it and it's used properly/securly it's a fine program.
SpywareBot...Not a lot of info specifically on this but many reference as "program of dubious origin". It seems it and another program that this is/was based on were, IN THE PAST, listed as rougue/suspect program on MWW. Note the emphesis on in the past....They are not longer listed as such. It just with ALL the known/great Anti-malware programs around using one that has any doubts about it seems.......... you fill in the blank. But if YOU like it and have had no trouble with it feel free to say so. The more good review that a prog like this get will only serve to bring it out of the shadow of suspicion it is under from past assocations.
Take a day or so to see how the computer is running and then post with any comments and complaints and a final (?) HJT log.

Thanks a lot for your help. Avg found a trojan that adaware se didnt or couldnt. I still have the popup problem though. I did install vnc, found it usefull in my neighbourhood ( that meaning my wife who calls me every two minutes to look at something on her pc ) Spywarebot? I installed spybot sd, spywaregaurd ( thats very good against browser hijacking and spywareblaster ( wich I think I will uninstall ).

I will post another log in a few days time and give my pc time to see what happenes. But thanks again! You guys are great!

May 3, 2007

Also, the problem with the spreadsheet is that it runs on the worldcup, i wanna do one for the local team. Thanks anyway!

May 3, 2007

Firstly, thanx a lot! it just goes to show, its not what u know, but who u know ( in my case, met ) :thumbsup:

new hjt log:

Logfile of HijackThis v1.99.1

Scan saved at 10:43:23 AM, on 2007/05/03

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe

C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\WINDOWS\NCLAUNCH.EXe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

C:\Program Files\WinZip\WZQKPICK.EXE

C:\WINDOWS\System32\svchost.exe

C:\Program Files\SpywareGuard\sgmain.exe

C:\Program Files\OpenOffice.org 2.2\program\soffice.exe

C:\Program Files\SpywareGuard\sgbhp.exe

C:\Program Files\RealVNC\VNC4\WinVNC4.exe

C:\Program Files\OpenOffice.org 2.2\program\soffice.BIN

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\system32\wscntfy.exe

C:\PROGRA~1\MICROS~2\OFFICE11\WORDVIEW.EXE