New Computer.

[Blink]

HI all, ive just built myself a new computer, its pretty flash and im pretty happy with it. My problem is, i keep contracting spyware and stuff in large amounts. im running adaware, avast, spybot search and destroy. its to the point where if i do an adaware scan each hour im almost guaranteed to have picked up some more. i have no idea what is causing it. ive posted a hijack this log below, appreciate any help i can get. I have no idea what it is that is attracting so much spyware to my computer, im not downloading or anything. Thanks.

Logfile of HijackThis v1.99.1
Scan saved at 11:40:30 PM, on 22/05/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ASUS WiFi-AP Solo\RtWLan.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\Brendon\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.ninemsn.com.au/0SEENAU/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.ninemsn.com.au/0SEENAU/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gibblets.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.ninemsn.com.au/0SEENAU/SAOS01?FORM=TOOLBR
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\system32\JMRaidTool.exe boot
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: ASUS WiFi-AP Solo.lnk = ?
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

[CBMatt]

I don't see anything malicious in this log.  I am a bit curious about the following entry, though...

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gibblets.com/

Are you familiar with this Gibblets site?  If not, then this is something we should address.



Do you recall any of the the spyware that has been picked up by your scanners?  Are you sure they weren't just Tracking Cookies?  Next time you perform a scan, perhaps you can post a log of the results.  Perhaps it's not as worrisome as you think it is.

Also, do you have a firewall?  If not, you should definitely get one.  I'd be happy to give you some suggestions.




You may want to look into getting SpywareBlaster and SpywareGuard on this computer.  However, don't install these programs until after I see a log from at least one of your malware scanners.  Mainly for curiosity's sake.

[unlovedwarrior]

also to aide get superantispyware


EDIT: oh my my head is a weird shape now like an egg

[Blink]

thanks for the replys, yeah gibblets.com is a gaming forum that i frequent so there is no worries there at all.

you were right on the money with the scans as well. they are in fact tracking cookies, the thing is that i dont understand (as i dont no a lot about spyware) is how can i be getting 7 - 10 tracking cookies after half an hour of browsing trusted sites?

however last week i didnt do a scan for the week and when i did one i found over 95 critical objects that was all sorts of stuff, however at this point i have removed all of those and it seems that only tracking cookies are hitting me at this point.

i dont have a firewall at this point, ive heard good things about comodo.... any thoughts on this?

[Blink]

ive been doing a bit of reading and wondered, is it better to remove avast, put on avg and also the avg antispyware??? if i did this, should i still run ad aware and spybot search n destroy in conjunction with these?

[CBMatt]

Although you know the sites to be trustworthy, they probably still have ads.  And that's where the tracking cookies often come from.  And the sites themselves might be downloading them on your computer for whatever purposes.  It's really nothing to be worried about.  They're just little text files that keep track of a little bit of information.  If you use Spyware Blaster, that will block a lot of the cookies from unwanted sites.  The majority of the ones that do get on your system will be no cause for concern.

Avast vs. AVG is mainly a matter of preference/opinion.  Personally, I greatly prefer AVG and I would suggest switching over to it.  But that's up to you.  Try it out and see if you like it or not.  Either way, I would advise getting the Anti-Spyware.  It's very, very useful and has a load of features.  And yes, you can still use Ad-Aware and Spybot.  Just make sure you don't use them at the same time; let them take turns.

I personally haven't used Comodo, but I also hear good things about it.  It's worth looking into and it's certainly better than just using your Windows Firewall (which you'll want to disable when installing a new one).  ZoneAlarm tends to be more popular, but some people have bad luck with it slowing down their computers.  Just try them (one at a time) and see which suits you best.

[oddjob]

These two tutorials will take you through all you need to help keep a stand alone computer safe (the link to all free downloads are given) .....

http://www.help2go.com/Tutorials/Protect_Your_PC/Avoid_Web_Browser_Hijackers.html

http://www.castlecops.com/t7736-So_how_did_I_get_infected_in_the_first_place.html


In addition you can download Superantispyware and/or (IF you are on Windows 2000 or XP) AVG Anti Spyware. They are both excellent scanners and malware removers but the free versions, after the trial periods, don't have any "real time" protection.

Superantispyware > http://www.superantispyware.com/downloadfile.html?productid=SUPERANTISPYWAREFREE

AVG Anti Spyware >
http://www.ewido.net/en/



OJ

[Blink]

thanks heaps for all your help guys. taken a load off my mind. i built a fairly expensive rig so i wanted it to all run smoothly. thanks again.

[CBMatt]

Definitely understandable.  I felt the same way when I first got my current computer, which is what got me interested in malware removal.  I'm glad we could help put your mind at ease.

[oddjob]

Especially with a "self build" like Blink has ... no support to fall back on!


OJ

[unlovedwarrior]

that one con of custom computers but its well worth it to have one...

also if you use forefox you will get less tracking cookies and your online browsering will be better

[CBMatt]

As this issue appears to be resolved, I am closing this topic.  If you are the original poster and you would like this topic to be re-opened for any reason, PM me or another moderator and it can be arranged.

If you are not the original poster and you require help, please start a New Topic with information about your computer and your problem.