Hijackthis Log - any suggestions? Nasties!

[chad]

I have suffered at the hand of evil viruses! Please help!

I have just reformatted my PC, then loaded XP 2002 and norton AV, plus some spyware progs. Before I went near the internet I did several scans, and all came up clean. I jumped online, all was OK for half an hour or so. Now, my PC chooses a moment to start reacting very slowly, if I click on something it takes up to 4 minutes to open, I cannot CRTL-ALT-DEL and there are other things which act strange!

I use dial-up to connect to the net, and I am not connected continually. When I reloaded windows I was not connected. I was careful to reload my antivirus prog, with new definitions, and anti spyware progs, then do scans, before getting on the net.


I'm running XP 2002 version 5.1 and I have an intel celeron chip 1100mhz. I have no service packs, as the SP2 I 'sourced' could not be installed, something to do with the reg key! (oops) I usually cope allright with my 1100 and 192mb of ram. The problem is not immediate, but happens within an hour or less of internet connection. I have completed a HijackThis scan, and the log is below (if anyone sees something obvious please help! I'm definitely open to suggestions!)


Would SP2 have an immediate impact, should I buy a copy? And does MSN Messenger allow evil nasties in?


Chadz69


Logfile of HijackThis v1.99.1
Scan saved at 1:36:41 PM, on 31/08/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Chad\Desktop\HijackThis.exe

O2 - BHO: SpywareGuard Download Protection -
{4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program
Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program
Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe"
/background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search &
Destroy\TeaTimer.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} -
C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links -
{c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O17 -
HKLM\System\CCS\Services\Tcpip\..\{F23BBADF-F974-4FFB-B565-26AFBEA9BB0A}:
NameServer = 203.0.178.191
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: DefWatch - Symantec Corporation -
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) -
Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe

[dl65]

 chad......you dont seem to have any SP1 installed either . Do you have a legit copy of XP. Assuming your XP is legit , you can have M/S mail you a copy of SP2.

Your hijackthis log looks ok.
Msn messenger will definately let nasties in .....However there are hotfixes that have corrected that I believe .
Were you using messenger just prior to the problems starting ?
How did you manage to get the latest Norton definitions if you werent on-line ?  ............

When I reloaded windows I was not connected. I was careful to reload my antivirus prog, with new definitions, and anti spyware progs, then do scans, before getting on the net.

Which nasty scanners are you using apart from Norton ?

let us know

dl65  

[chad]

Dl 65...

I'm very ashamed... my XP isn't legit!  

I downloaded the Norton definitions at work in the form of an Intelligent Update, and popped them on disk at work. Just open the RAR file and voila! Definitions updated!

And yes, I was on Messenger prior to the problem occurring. Apart from that, would having SP1 and or SP2 fix or improve my system?

I used Spybot, the Microsoft Malicious tool, Spyware Guard and Adaware... these all have good reputations. Nothing came up... do you have any suggestions?

chadz69

[Raptor]

I'm very ashamed... my XP isn't legit!  Embarassed

And yes, I was on Messenger prior to the problem occurring. Apart from that, would having SP1 and or SP2 fix or improve my system?  

It would definitely make it more secure.

[Fed]

The way microsoft is heading I can see nothing but trouble for people with pirated copies of xp.
Buy the real thing & jump through the microsoft hoops or get w2k for next to nothing at the $2 shop.

[Raptor]

The way microsoft is heading I can see nothing but trouble for people with pirated copies of xp.

Which is exactly what Microsoft wants to happen. I do not quite care, though. I have legal OS installed. I do not feel sympathy for someone who is trying to steal software when I paid for it.