Is it spyware - I need help

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by got2know, Oct 23, 2004.

  1. got2know

    got2know Private E-2

    Hi,

    I am running Windows ME. Here are the symptoms:

    - I login using one of two profiles "John" or "JB"

    - I can't run IE under my "John" user profile. It loads but won't access any website. If I try more than once or twice, it will totally hang.

    - I can run email, Firefox, etc. from my "John" user profile. No problems.

    - I can run everything, including IE from my "JB" user profile.

    I've alway run Norton AV and Adaware and a few other protection programs. I downloaded and ran through all the other processes that the "Read me first ..." thread instructed me to. With all the scans, etc., only one thing came up "DSO Exploit found" - which the program fixed (I forget exactly which program found that one"

    So I'm at the point where I downloaded "Hijack This" and ran it (see attached). I'm a little gun-shy about doing the "fixes" and was hoping someone with more experience could view the file and give me some direction.

    If you don't feel this is a Spyware issue, if you could offer any advice on other routes to fix (besides get rid of ME and never use IE) :)

    Thanks.
     

    Attached Files:

    got2know, Oct 23, 2004
    #1
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Please follow our guidelines next time. HJT log must only be posted when we request them and you must shut down browsers and other unnecessary programs anytime you use HJT.

    You may need to post another HJT log from the account that works. I do not see anything obvious here but I do have a couple questions and comments for you:

    1) Check out this link: http://www.answersthatwork.com/Tasklist_pages/tasklist_t.htm
    and scroll down to T G D M D.EXE and read about this garbage.

    You have these in your log from it:
    C:\PROGRAM FILES\SUPPORT.COM\BIN\TGCMD.EXE
    O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\bin\tgcmd.exe" /server

    2) The below two are also from your ISP. While not a problem, why give them free advertisement and do you really want them to be your home page?
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Cox High Speed Internet
    O14 - IERESET.INF: START_PAGE_URL=http://www.cox.net

    3) This line: O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 207.155.183.72,206.173.119.72
    shows two IP addresses, possibly for DNS servers. Do you recognize them? Are they in the JB account too?

    Here is who they belong to:
    207.155.183.72 = [ hudson.concentric.net ]
    206.173.119.72 = [ tycho.concentric.net ]

    4) I would have HJT fix the below lines (unless you really know you need them):
    O9 - Extra button: Dell Home - {08DCFC6C-B6E4-480C-95A4-FC64F37B787E} - http://www.dellnet.com (file missing) (HKCU) <--- the file is missing anyway, thus you don't need it.
    O16 - DPF: {34805D32-AD89-469E-8503-A5666AEE4333} (RdxIE Class) - http://207.188.25.44/094f94e56dfa00f89d21/netzip/RdxIE.cab
    O16 - DPF: {3AC3D009-2E89-4F1E-9F51-04D4FBD50122} (Shoretel SClientInstall) - http://manchego/ShorewareDirector/ClientInstall/ShoretelClientInstall.ocx
    O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/dj/qdiagh.cab?305\

    This next one is again due to your ISP:
    O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://usercenter.cox.net/rsuite/sdccommon/download/tgctlcm.cab
    O16 - DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} (PWMediaSendControl Class) - http://216.249.24.143/code/PWActiveXImgCtl.CAB
    O16 - DPF: {72C23FEC-3AF9-48FC-9597-241A8EBDFE0A} (InstallShield International Setup Player) - http://ftp.hp.com/pub/automatic/player/isetupML.cab
     
    chaslang, Oct 23, 2004
    #2
  3. got2know

    got2know Private E-2

    Thanks for the info and advice. Sorry about the premature .txt attachment.

    I compared the "Hijack This" scans for both profiles. Everything running on John was also running on JB.

    I ended up starting to have other issues with Explorer, too. Finally, I just said forget it, decided it was time for an upgrade and reformatted and installed XP.

    I'd been having a lot of other non-related issues that were related to Me. So this was just the last straw to push me to upgrade.

    Thanks for the help, though.
     
    got2know, Oct 24, 2004
    #3
  4. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Okay! But you should get all of your Windows Updates to XP asap or you can run into problems again. Also, it would be good to do the remainder of the steps in the following thread to: How to Protect yourself from malware!
     
    chaslang, Oct 24, 2004
    #4

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds