Throckmorton3rd Posted October 25, 2004 Share Posted October 25, 2004 You guys are amazing, you have answered so many of my questions for me I feel embaresed to ask another question:unsure:..Im still very new to the insides of my computer but lately its been slowing down & doing some wiered things, I've been told I have an infected registry (?) I try to keep my machine as kleen as pos by using "spysweeper", "spyware Doctor", but how many anti virus programs do you need??. Anyway my question is this (it was recomended to me to ask you guys) can you look at my HJT log and tell me just how "sick" my machine is, Please... Again..I realy appreciate all your help.T. Logfile of HijackThis v1.98.2Scan saved at 11:33:25 PM, on 25/10/2004Platform: Windows XP (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 (6.00.2600.0000)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\SYSTEM32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\PREVX\Prevx Home\PXAgent.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Microsoft Money\System\Money Express.exeC:\Program Files\mozilla.org\Mozilla\Mozilla.exeC:\Program Files\Webroot\Spy Sweeper\SpySweeper.exeC:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exeC:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exeC:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exeC:\Program Files\PREVX\Prevx Home\SAGUI.exeC:\PROGRA~1\INCRED~1\bin\IMApp.exeC:\Program Files\GIANT Company Software\GIANT AntiSpyware\gcasDtServ.exeC:\WINDOWS\System32\wuauclt.exeC:\WINDOWS\System32\taskmgr.exeC:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exeC:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exeC:\Documents and Settings\Ray Peerless\My Documents\Spyware related\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.shoal.net.auR0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.shoal.net.auR0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dllO4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exeO4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsersO4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exeO4 - HKLM\..\Run: [gcasServ] "C:\Program Files\GIANT Company Software\GIANT AntiSpyware\gcasServ.exe"O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"O4 - HKCU\..\Run: [OLE] C:\WINDOWS\svchosts.exeO4 - HKCU\..\Run: [incrediMail] C:\PROGRA~1\INCRED~1\bin\IncMail.exe /cO4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\Program Files\mozilla.org\Mozilla\Mozilla.exe" -turboO4 - HKCU\..\Run: [spySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /1O4 - Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXEO4 - Startup: PowerReg Scheduler.exeO4 - Global Startup: hp psc 1000 series.lnk = ?O4 - Global Startup: hpoddt01.exe.lnk = ?O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXEO4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXEO4 - Global Startup: Prevx Home.lnk = C:\Program Files\PREVX\Prevx Home\SAGUI.exeO8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htmO8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZRxdm075XXAUO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000O17 - HKLM\System\CCS\Services\Tcpip\..\{E8607F20-093D-47D7-86AA-BCD23672CF79}: NameServer = 203.194.27.57 203.194.56.150O20 - AppInit_DLLs: PAVWAIT.DLLThank you...... Link to comment Share on other sites More sharing options...
red_house Posted October 25, 2004 Share Posted October 25, 2004 A good start would be to get rid of MyWebSearch - http://www.mac-net.com/445088.page Link to comment Share on other sites More sharing options...
Synapse Posted October 25, 2004 Share Posted October 25, 2004 Other then the MyWebSearch everything looks Ok.. Link to comment Share on other sites More sharing options...
gamehead200 Posted October 25, 2004 Share Posted October 25, 2004 Yup, that looks like the only problem! Sometimes, it takes me an hour to get rid of everything, because I first start off my figuring out what everything is, then removing and testing. If everything goes well, then you're all set! I actually did one by remote assistance on Friday night! Link to comment Share on other sites More sharing options...
Drewdatrip Posted October 25, 2004 Share Posted October 25, 2004 Get rid of all your spyware apps and run Spybot search and destroy and Lava Soft's Ad-aware. Keep thos guys uptodate and you will be golden.As for Virus apps, just run one, using many at one timecan casue issues.I would reccomend te lates Norton Antivirus or if you can get your hands on their corp and biz version, Symantac Anti virus aka SAV|Drew| Link to comment Share on other sites More sharing options...
red_house Posted October 25, 2004 Share Posted October 25, 2004 I second Drewdatrip's post but, I would, also, add "SpywareBlaster" from - http://www.javacoolsoftware.com/spywareblaster.html - it sits in the registry and prevents these suckers from installing themselves in the first place. It need to be updated regularly to be effective. Link to comment Share on other sites More sharing options...
redder Posted October 25, 2004 Share Posted October 25, 2004 Dude! By the looks of that look you don't appear to have an AV, that's just DANGEROUS using XP, you should consider downloading one of the internet, and a FW would be good too, even if you don't know much about managing which programs should have access to the internet or not, you would at least see which ones are connected and then you could block the ones that are obvious viruses or spyware. Try AVG as an Antivirus, its free. And look for a firewall that would suit your needs, personally i like Agnitum Outpost (free), but many people prefer Kerio Personal Firewall (also free). Link to comment Share on other sites More sharing options...
Schadenfroh Posted October 26, 2004 Share Posted October 26, 2004 the following is best done in safe modeO4 - HKCU\..\Run: [OLE] C:\WINDOWS\svchosts.exethat is not the legit windows file, svchost.exe, the S makes the differance. It is the Backdoor.Zinx Trojan. O4 - Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXEO8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZRxdm075XXAUthat is the mywebsearch adware, fix it, then delete its foldercheck out the prevention section of my Guide To Malware for tips, info, and links to freeware programs, that can help prevent the infection from happening again. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now