Go Back   Computer Forums > General Computing > Hardware
Click Here to Login
Join Computer forums Today


Reply
 
Thread Tools Search this Thread Display Modes
 
Old 02-28-2007, 12:58 PM   #1
Solid State Member
 
Join Date: Jan 2006
Posts: 11
Default Need to evalute another computer/spyware issues

I am working on a computer next door to my home, and that computer is on dialup. It is relatively new, but has become infected with much spyware/many programs that open automatically when the computer opens. Many popups.

What is a good program taht I can download here on my high speed connection and take over there to see what needs to be removed?

Also, I have been on some of these forums that people have run a program and it copied the entire registry, and then they would post the registry online and someone would tell them what would need to happen. If you give hte name of that program as well, I'll copy that registry and put it up here for y'all do discect.

Thanks.

Jeremy
__________________

kf4qhk is offline   Reply With Quote
Old 02-28-2007, 02:15 PM   #2
In Runtime
 
medabomb2000's Avatar
 
Join Date: Jun 2005
Posts: 271
Send a message via AIM to medabomb2000
Default Re: Need to evalute another computer/spyware issues

For the spyware program. I would look into Lavasoft's adaware second edition. Or microsoft defender. Both are really good for spyware deletion and prevention.
__________________

__________________
PSU:OCZ 600W modular - Mobo:ASUS P8Z68-V PRO - Processor:Intel Core i7-2600K - CPU Coolant:ZALMAN CNPS11X Extreme - Memory:CORSAIR Vengeance 8GB DDR3 1866 - Hard Drive:4.0 TB [2]Seagate Barracuda XT 7200 RPM SATA 6.0Gb/s - Video Card:NVIDIA GeForce 7950 GT 512mb - DVD Drives:Sony 18x DVD+/- DL Burner and Samsung 18x DVD+/- DL Burner - OS: Windows 7 Ultimate 64-bit
medabomb2000 is offline   Reply With Quote
Old 02-28-2007, 02:24 PM   #3
Golden Master
 
freestyler105's Avatar
 
Join Date: Sep 2006
Posts: 7,883
Default Re: Need to evalute another computer/spyware issues

I think the program you're thinking of is HijackThis:
http://www.download.com/HijackThis/3...-10379544.html

And for free anti spyware, I would get Ad-aware:
http://www.download.com/Ad-Aware-SE-...ml?tag=lst-0-1

For anti-virus, get AVG Free:
http://www.download.com/AVG-Anti-Vir...ml?tag=lst-0-1
__________________
C2D E6600 | 4GB DDR2-800 | 9800GTX+ | Asus P5B-E | 150GB Raptor | 320GB 7200.10 | 750W Xigmatek PSU
freestyler105 is offline   Reply With Quote
Old 02-28-2007, 02:29 PM   #4
Daemon Poster
 
Join Date: Sep 2005
Posts: 1,027
Default Re: Need to evalute another computer/spyware issues

To Add to that, Spybot - Search And Destroy is one i use and it cleans a lot that Ad-Aware doesn't...

http://www.safer-networking.org/

Matt
Mattyl110792 is offline   Reply With Quote
Old 02-28-2007, 03:00 PM   #5
Golden Master
 
Raffaz's Avatar
 
Join Date: Sep 2006
Posts: 6,798
Send a message via AIM to Raffaz Send a message via MSN to Raffaz Send a message via Yahoo to Raffaz
Default Re: Need to evalute another computer/spyware issues

I normally just remove the drive and connect it to my pc, and run the tests that way. Ive never heard of AV transfer from 1 drive to another when nothing is actually running on the infected drive
Raffaz is offline   Reply With Quote
Old 02-28-2007, 03:01 PM   #6
Daemon Poster
 
Anubis1980's Avatar
 
Join Date: Jul 2006
Posts: 1,308
Send a message via MSN to Anubis1980 Send a message via Yahoo to Anubis1980
Default Re: Need to evalute another computer/spyware issues

I use AVAST for viruses if u wanted to check for them too, it lets u boot into a special virus cleaning dos mode for easier deletion.
__________________
Intel C2D E6750 (1333fsb) 2.66 @3.5ghz |EVGA 680i SLI Mobo | 2GB Twin XMS ddr800 @ 875 | Leadtek 7950 GX2 Core@601 Mem@1600
500GB IBM/HITACHI Sata2 7200/16MB | 160GB 7200rpm 8mb UDMA133 Maxtor | XION 600w dual 12v 44A total SLI PSU | X-fi Xtreme Music | 22" Widescreen Acer LCD
Anubis1980 is offline   Reply With Quote
Old 02-28-2007, 03:10 PM   #7
Solid State Member
 
Join Date: Jan 2006
Posts: 11
Default Re: Need to evalute another computer/spyware issues

Ok..

Here is the hijackthis logfile!

Thanks

Logfile of HijackThis v1.99.1
Scan saved at 2:04:38 PM, on 2/28/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\VISION~1\OneTouchMon.exe
C:\WINDOWS\System32\c8d97391.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\psc_mon.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\ctfmon.exe
C:\PROGRA~1\ScanSoft\PAPERP~1\PPWebCap.exe
C:\WINDOWS\System32\BMUpdate.exe
C:\Program Files\America Online 7.0e\aoltray.exe
C:\Program Files\AOL Companion\companion.exe
C:\Program Files\hp center\137903\Program\BackWeb-137903.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\System32\msiexec.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us7.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us7.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us7.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us7.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://us7.hpwis.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {0EC4AA6D-85DA-BC0E-8018-05149C4CAC4E} - C:\WINDOWS\System32\qysbwmj.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {593F150D-16E3-1759-50A4-01CF1D8CE6AA} - C:\WINDOWS\System32\wsnfjrm.dll
O2 - BHO: (no name) - {5DC8707F-7D4B-5624-B6A3-0349403B509C} - C:\WINDOWS\System32\hcpboh.dll
O2 - BHO: Plaxo - {81CA3009-6200-4a6d-93C6-F1E9A6821C7F} - C:\Program Files\Plaxo\IE Toolbar\1.0.0.11\plx_tlbr.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Plaxo - {81CA3009-6200-4a6d-93C6-F1E9A6821C7F} - C:\Program Files\Plaxo\IE Toolbar\1.0.0.11\plx_tlbr.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [AutoTBar] C:\hp\bin\autotbar.exe
O4 - HKLM\..\Run: [WCOLOREAL] "C:\Program Files\Coloreal\coloreal.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "c:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [OneTouch Monitor] C:\PROGRA~1\VISION~1\OneTouchMon.exe
O4 - HKLM\..\Run: [c8d97391.exe] C:\WINDOWS\System32\c8d97391.exe
O4 - HKLM\..\Run: [xtvikem.dll] C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\System32\xtvikem.dll,bwnmkjb
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [WT GameChannel] C:\Program Files\WildTangent\Apps\GameChannel.exe
O4 - HKLM\..\Run: [uveolcb.dll] C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\System32\uveolcb.dll,sbaahee
O4 - HKLM\..\Run: [Personal Security Center Monitor] C:\WINDOWS\System32\psc_mon.exe
O4 - HKLM\..\Run: [wwnmzbi.dll] C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\System32\wwnmzbi.dll,jabnone
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [PPWebCap] C:\PROGRA~1\ScanSoft\PAPERP~1\PPWebCap.exe
O4 - HKCU\..\Run: [BMUpdate] C:\WINDOWS\System32\BMUpdate.exe
O4 - HKCU\..\Run: [c8d97391.exe] C:\Documents and Settings\Owner\Local Settings\Application Data\c8d97391.exe
O4 - Startup: .protected
O4 - Global Startup: .protected
O4 - Global Startup: America Online 7.0 Tray Icon.lnk = C:\Program Files\America Online 7.0e\aoltray.exe
O4 - Global Startup: AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exe
O4 - Global Startup: Event Reminder.lnk = ?
O4 - Global Startup: hp center UI.lnk = C:\Program Files\hp center\137903\Shadow\ShadowBar.exe
O4 - Global Startup: hp center.lnk = C:\Program Files\hp center\137903\Program\BackWeb-137903.exe
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: officejet 6100.lnk = ?
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: MktBrowser - {17A27031-71FC-11d4-815C-005004D0F1FA} - C:\Program Files\MarketBrowser\lmt\MarketBrowser_Launch.xpy
O9 - Extra 'Tools' menuitem: MarketBrowser - {17A27031-71FC-11d4-815C-005004D0F1FA} - C:\Program Files\MarketBrowser\lmt\MarketBrowser_Launch.xpy
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache...up1.0.0.15.cab
O16 - DPF: {3889B933-8E75-74DE-0BC6-404F557E70FA} - http://85.255.115.229/1/gdnUS2312.exe
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.photofinale.com/ImageUplo...eUploader3.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: QuickBooks Database Manager Service (QBCFMonitorService) - - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS. exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
kf4qhk is offline   Reply With Quote
Old 02-28-2007, 03:14 PM   #8
Golden Master
 
freestyler105's Avatar
 
Join Date: Sep 2006
Posts: 7,883
Default Re: Need to evalute another computer/spyware issues

First of all, get him all the latest Windows updates. He's running IE 6, should be 7.

Fix all of these in HijackThis (do it in safe mode):
O4 - HKLM\..\Run: [c8d97391.exe] C:\WINDOWS\System32\c8d97391.exe

O4 - HKLM\..\Run: [c8d97391.exe] C:\WINDOWS\System32\c8d97391.exe

O4 - Startup: .protected

O4 - Global Startup: .protected

O4 - Global Startup: hp center.lnk = C:\Program Files\hp center\137903\Program\BackWeb-137903.exe

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocach...tup1.0.0.15.cab
__________________

__________________
C2D E6600 | 4GB DDR2-800 | 9800GTX+ | Asus P5B-E | 150GB Raptor | 320GB 7200.10 | 750W Xigmatek PSU
freestyler105 is offline   Reply With Quote
Reply

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off



All times are GMT -5. The time now is 10:01 PM.


Powered by vBulletin® Version 3.8.8 Beta 4
Copyright ©2000 - 2017, vBulletin Solutions, Inc.
Search Engine Friendly URLs by vBSEO 3.6.0