|
|
|
|
|||||
|
|
|
|
|
|
|||
| Welcome
to Tech Support Forum home to more then 136,000 problems solved. Issues
have included: Spyware, Malware, Virus Issues, Windows, Microsoft,
Linux, Networking, Security, Hardware, and Gaming Getting your
problem solved is as easy as: 1. Registering for a free account 2. Asking your question 3. Receiving an answer Registered members: * See fewer ads. * And much more..
|
| Want to know how to post a question? click here | Having problems with spyware and pop-ups? First Steps |
|
|||||||
| Resolved HJT Threads Resolved spyware and popup issues. |
|
|
LinkBack | Thread Tools |
12-08-2006, 01:28 AM
|
#1 (permalink) |
|
Registered User
Join Date: Jul 2006
Location: India
Posts: 91
OS: XP Pro - SP2
|
Generic Host Process Win32 Error Bugs Me
Hi,
This is the basic problem I am getting(quoting from my previous thread):  I am on XP SP2 P4 2.6 GHz and 512 MB RAM. I am frequently getting this error for about a month now. When I click for details this is what I get: Error Signature: EventType : BEX P1 : svchost.exe P2 : 5.1.2600.2180 P3 : 41107ed6 P4 : netapi32.dll P5 : 5.1.2600.2180 P6 : 411096ac P7 : 0000a3c0 P8 : c0000409 P9 : 00000000 Technical Information: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\WER5b1d.dir00\svchost.exe.mdmp C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\WER5b1d.dir00\appcompat.txt All of a sudden this error pops out and what it does is that if i click on "Close" button. my broadband internet connection stops. The status shows connected but I am not able to open any sites then and if I just ignore this error by dragging it to one side without closing it, i get the same problem with my internet after a few minutes i.e. I am unable to open any sites. I have to restart the PC before I can access the net again. Everything else seems to work normally except the net. I have discussed this problem in this thread earlier: Generic Host Process Win32 Error Bugging Me Following the advice I am posting the HJT log here. First i'd state here how I went about the procedure which I followed to get the HJT log. As instructed I started in Safe Mode and scanned with Spybot S&D and found about 4 main problems and removed them. Adaware didnt find anything nor my Kaspersky Anti Virus. I rebooted normally and enabled everything in msconfig's startup option. When I started HJT(Ver. 1.99.0.1) scan it first gave me an error and then ran normally. I am posting the error and HJT log as follows: An unexpected error has occurred at procedure: modMain_CheckOther1Item() Error #5 - Invalid procedure call or argument Please email me at merijn@spywareinfo.com, reporting the following: * What you were trying to fix when the error occurred, if applicable * How you can reproduce the error * A complete HijackThis scan log, if possible Windows version: Windows NT 5.01.2600 MSIE version: 6.0.2900.2180 HijackThis version: 1.99.1 This message has been copied to your clipboard. Click OK to continue the rest of the scan. Logfile of HijackThis v1.99.1 Scan saved at 2:45:24 PM, on 12/8/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Unable to get Internet Explorer version! Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\WINDOWS\ALCMTR.EXE C:\Program Files\Deskshare\Active Web Reader\Active Web Reader.exe C:\WINDOWS\system32\inetsrv\inetinfo.exe C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Google\Google Talk\googletalk.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\WINDOWS\system32\wscntfy.exe C:\HJT\HijackThis.exe C:\WINDOWS\system32\wuauclt.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Raminder's Net O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: IeHelper Class - {A491D208-B353-490F-B81A-A8A3DC97042D} - C:\WINDOWS\system32\smiehlp.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file) O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll O4 - HKLM\..\Run: [kis] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [Active Web Reader] C:\Program Files\Deskshare\Active Web Reader\Active Web Reader.exe -background O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart O4 - Global Startup: BTTray.lnk = ? O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O8 - Extra context menu item: &WordWeb... - res://C:\WINDOWS\wweb32.dll/lookup.html O8 - Extra context menu item: Add to Kaspersky Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\\ie_banner_deny.htm O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing) O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Kaspersky Internet Security 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" -r (file missing) O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe Please help me in this regard. Thanks in advance. Regards... |
|
     |
| Sponsored Links |
|
12-12-2006, 08:35 PM
|
#3 (permalink) |
|
Mentor, Analyst - Security Team
Join Date: May 2006
Location: Oregon
Posts: 2,503
OS: MacOS X, Debian, OpenBSD, Windows
|
Hello, and welcome to the HijackThis Help Forum.
Apologies for any delay in replying, but we have been rather busy lately. Since it has been a few days since you first posted, please post a fresh HijackThis Log if you still need assistance. Thank you.
__________________
The chance to begin again in a golden land of opportunity and adventure. Need HijackThis help? Please read MicroBell's Five Step Process before posting.
Please donate and help keep this site free to all.  UNITE/ASAP: Proud member since 2006 |
|
|
|
|
12-12-2006, 10:51 PM
|
#4 (permalink) | |
|
Registered User
Join Date: Jul 2006
Location: India
Posts: 91
OS: XP Pro - SP2
|
Quote:
Thanks for the reply mate, i needed it bad! here's the latest HJT scan log: Logfile of HijackThis v1.99.1 Scan saved at 12:19:19 PM, on 12/13/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Unable to get Internet Explorer version! Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\WINDOWS\ALCMTR.EXE C:\Program Files\Deskshare\Active Web Reader\Active Web Reader.exe C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Google\Google Talk\googletalk.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\WINDOWS\system32\inetsrv\inetinfo.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\wscntfy.exe C:\HJT\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Raminder's Net O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: IeHelper Class - {A491D208-B353-490F-B81A-A8A3DC97042D} - C:\WINDOWS\system32\smiehlp.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file) O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll O4 - HKLM\..\Run: [kis] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [Active Web Reader] C:\Program Files\Deskshare\Active Web Reader\Active Web Reader.exe -background O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart O4 - Global Startup: BTTray.lnk = ? O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O8 - Extra context menu item: &WordWeb... - res://C:\WINDOWS\wweb32.dll/lookup.html O8 - Extra context menu item: Add to Kaspersky Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\\ie_banner_deny.htm O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing) O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Kaspersky Internet Security 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" -r (file missing) O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe |
|
|
|
|
|
12-13-2006, 07:37 PM
|
#5 (permalink) |
|
Mentor, Analyst - Security Team
Join Date: May 2006
Location: Oregon
Posts: 2,503
OS: MacOS X, Debian, OpenBSD, Windows
|
Okay, just run through a few scans to see what turns up. You may wish to Subscribe to this thread so that you are notified when you receive a reply. To do this click Thread Tools (above the first post), then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.
Please print out or copy this page to Notepad in order to assist you when carrying out the following instructions. If there is anything you don't understand, please ask BEFORE proceeding with the fixes. Please do these steps in order and do not skip any. Download CleanUp! Download and install CleanUp! but do not run it yet. WARNING: CleanUp! deletes EVERYTHING out of temporary folders and does not make backups. If you have any documents or programs that are saved in any temporary folders, please make a backup of these before running CleanUp! WARNING: Do not run cleanup under Windows XP x64 Edition. If you're not sure if you have the 64-bit version of Windows then you probably do not; however, you can check by using IE to download the whichcpu tool and then running it. Download AVG Anti-Spyware Please download, install, and update AVG Anti-Spyware.
Reboot Reboot your system to Safe Mode by repeatedly tapping the F8 key until the menu appears and choosing Safe Mode from the list. On some systems, this may be the F5 key so try that if F8 doesn't work. Login on with your usual account. Make sure to close any open windows. HijackThis Fixes Open HijackThis and click on 'Do a System Scan Only'. Check the following entries if they still exist (make sure you do not miss any): O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions presentPlease remember to close all other windows, including browsers then click Fix checked. Close HijackThis. Run CleanUp! Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu). Set the program up as follows:
Run AVG Anti-Spyware
Reboot Reboot your system to Normal Mode. Online Scan Perform an online scan with Internet Explorer with Panda ActiveScan.
Download Autoruns
Generate An Uninstall List
With Your Next Post... Please paste the following with your next reply (in this order please):
__________________
The chance to begin again in a golden land of opportunity and adventure. Need HijackThis help? Please read MicroBell's Five Step Process before posting.
Please donate and help keep this site free to all. UNITE/ASAP: Proud member since 2006 |
|
|
|
|
12-14-2006, 02:05 AM
|
#6 (permalink) |
|
Registered User
Join Date: Jul 2006
Location: India
Posts: 91
OS: XP Pro - SP2
|
Thanks for the instructions Deckard. Here are the results:
1. AVG Anti-Spyware scan report: --------------------------------------------------------- AVG Anti-Spyware - Scan Report --------------------------------------------------------- + Created at: 1:36:37 PM 12/14/2006 + Scan result: C:\Program Files\Total Video Converter\patch.exe -> Backdoor.Bifrose.aas : Cleaned with backup (quarantined). E:\Format Essentials\Format Essentials DvD New July-27-2006\DvD - VcD Tools\Tmpgenc.2.524.63.81\bgbtmp25.zip/cracker.exe -> Downloader.INService.ja : Cleaned with backup (quarantined). E:\Format Essentials\Format Essentials DvD New July-27-2006\DvD - VcD Tools\tmpg dvd author1,6,34,89\Pegasys[1].TMPGEnc.DVD.Author.v1.6.34.89-DVT.ZIP/cracker.exe -> Downloader.INService.ja : Cleaned with backup (quarantined). E:\Format Essentials\Format Essentials DvD New July-27-2006\After Writing\Utilities\FaceOnBody_v[1].2.2.1.rar/FaceOnBody_v.2.2.1\FaceOnBody_v.2.2.1\Crack.eXe -> Logger.Bancos.kq : Cleaned with backup (quarantined). E:\Format Essentials\Format Essentials DvD New July-27-2006\Multimedia\Dj software BPM oledetc\MJ Studio 1.16\crack.exe -> Logger.Banker.zn : Cleaned with backup (quarantined). E:\Format Essentials\Format Essentials DvD New July-27-2006\After Writing\Serb SoftwareS\visual_mp3_splitter_joiner.rar/mp3_splitter_joiner.exe -> Logger.Delf.ta : Cleaned with backup (quarantined). C:\System Volume Information\_restore{74256105-3019-40EB-B61A-8AB333000E7E}\RP116\A0213566.dll -> Logger.Peflog.30 : Cleaned with backup (quarantined). C:\System Volume Information\_restore{74256105-3019-40EB-B61A-8AB333000E7E}\RP116\A0213569.dll -> Not-A-Virus.Monitor.Win32.Perflogger.ab : Cleaned with backup (quarantined). C:\System Volume Information\_restore{74256105-3019-40EB-B61A-8AB333000E7E}\RP116\A0213564.exe -> Not-A-Virus.Monitor.Win32.Perflogger.ad : Cleaned with backup (quarantined). C:\System Volume Information\_restore{74256105-3019-40EB-B61A-8AB333000E7E}\RP116\A0213565.dll -> Not-A-Virus.Monitor.Win32.Perflogger.al : Cleaned with backup (quarantined). C:\System Volume Information\_restore{74256105-3019-40EB-B61A-8AB333000E7E}\RP116\A0213567.exe -> Not-A-Virus.Monitor.Win32.Perflogger.an : Cleaned with backup (quarantined). C:\System Volume Information\_restore{74256105-3019-40EB-B61A-8AB333000E7E}\RP116\A0213568.exe -> Not-A-Virus.Monitor.Win32.Perflogger.aq : Cleaned with backup (quarantined). E:\Format Essentials\Format Essentials DvD New July-27-2006\After Writing\Utilities\Mix_3 SOFTWARES.rar/Pass Crackers\NIRSOFT\asterwin.exe -> Not-A-Virus.PSWTool.Win32.AsterWin.a : Cleaned with backup (quarantined). E:\Format Essentials\Format Essentials DvD New July-27-2006\After Writing\Utilities\Mix_3 SOFTWARES.rar/Pass Crackers\NIRSOFT\dialupass.exe -> Not-A-Virus.PSWTool.Win32.Dialupass.f : Cleaned with backup (quarantined). E:\Format Essentials\Format Essentials DvD New July-27-2006\After Writing\Utilities\Mix_3 SOFTWARES.rar/Pass Crackers\NIRSOFT\mspass.exe -> Not-A-Virus.PSWTool.Win32.Messen.106 : Cleaned with backup (quarantined). E:\Format Essentials\Format Essentials DvD New July-27-2006\After Writing\Utilities\Mix_3 SOFTWARES.rar/Pass Crackers\NIRSOFT\netpass.exe -> Not-A-Virus.PSWTool.Win32.NetPass.b : Cleaned with backup (quarantined). E:\Format Essentials\Format Essentials DvD New July-27-2006\After Writing\Utilities\Mix_3 SOFTWARES.rar/Pass Crackers\NIRSOFT\Netscapass.exe -> Not-A-Virus.PSWTool.Win32.NetScaPass.a : Cleaned with backup (quarantined). E:\Format Essentials\Format Essentials DvD New July-27-2006\After Writing\Utilities\Mix_3 SOFTWARES.rar/Pass Crackers\NIRSOFT\pspv.exe -> Not-A-Virus.PSWTool.Win32.PassView.162 : Cleaned with backup (quarantined). E:\Format Essentials\Format Essentials DvD New July-27-2006\Multimedia\winamp plugins and dfx\DFX PATCH For All.zip/DFXCrack.exe -> Not-A-Virus.VirTool.Win32.AvSpoffer.a : Cleaned with backup (quarantined). E:\Format Essentials\Format Essentials DvD New July-27-2006\Utilities\Trial Reset\Trial_Reset[1].v2.5.rar/Trial-Reset.v2.5\Trial-Reset.v2.5.exe -> Trojan.LdPinch.abn : Cleaned with backup (quarantined). ::Report end 2. Panda scan report: Incident Status Location Adware:adware/ist.istbar Not disinfected Windows Registry 3. Autoruns log: Administrator - Thu 12/14/2006@15:31:04.90 running from C:\Documents and Settings\Administrator\Desktop\GenErrorFix Files\Autoruns\ Other users of this machine: * Raminder ---------------------------------------------------------------------------------- HKLM\System\CurrentControlSet\Services AVG Anti-Spyware Guard AVG Anti-Spyware guard (Not verified) Anti-Malware Development a.s. c:\program files\grisoft\avg anti-spyware 7.5\guard.exe AVP Provides protection against computer viruses and spyware, hacker attacks, cyber-crime and spam. (Not verified) Kaspersky Lab c:\program files\kaspersky lab\kaspersky internet security 6.0\avp.exe btwdins Bluetooth Support Server (Not verified) WIDCOMM, Inc. c:\program files\widcomm\bluetooth software\bin\btwdins.exe HKLM\System\CurrentControlSet\Services AVG Anti-Spyware Driver c:\program files\grisoft\avg anti-spyware 7.5\guard.sys AvgAsCln AVG7 Clean Driver (Not verified) GRISOFT, s.r.o. c:\windows\system32\drivers\avgascln.sys BTKRNL Bluetooth Protocol Driver for Windows 2000 (Not verified) WIDCOMM, Inc. c:\windows\system32\drivers\btkrnl.sys BTSERIAL c:\windows\system32\drivers\btserial.sys BTSLBCSP Bluetooth Serial Driver for Windows 2000 (Not verified) WIDCOMM, Inc. c:\windows\system32\drivers\btslbcsp.sys BTWUSB Driver for Bluetooth USB Devices (Not verified) WIDCOMM, Inc. c:\windows\system32\drivers\btwusb.sys imagedrv NERO IMAGEDRIVE SCSI miniport (Not verified) Ahead Software AG c:\windows\system32\drivers\imagedrv.sys imagesrv Nero Image Server (Not verified) Ahead Software AG c:\windows\system32\drivers\imagesrv.sys InCDPass File not found: system32\drivers\InCDPass.sys InCDRm File not found: system32\drivers\InCDRm.sys JiaoCap JiaoVideoCap Driver (Not verified) Microsoft Corporation c:\windows\system32\drivers\jiaocap.sys JiaoIO JiaoIO Driver (Not verified) Microsoft Corporation c:\windows\system32\drivers\jiaoio.sys kl1 Kaspersky Unified Driver (Not verified) Kaspersky Lab c:\windows\system32\drivers\kl1.sys klif spuper-ptor (Not verified) Kaspersky Lab c:\windows\system32\drivers\klif.sys pfc Padus(R) ASPI Shell (Not verified) Padus, Inc. c:\windows\system32\drivers\pfc.sys PxHelp20 Px Engine Device Driver for Windows 2000/XP (Not verified) Sonic Solutions c:\windows\system32\drivers\pxhelp20.sys sm Secretmaker driver (Not verified) Secretmaker AG c:\windows\system32\drivers\sm.sys SMBios Intel(R) System Management BIOS Driver (Not verified) Intel Corporation c:\windows\system32\drivers\smbios.sys TSP spuper-ptor (Not verified) Kaspersky Lab c:\windows\system32\drivers\klif.sys windrvNT c:\windows\system32\windrvnt.sys ZSMC301b Video streaming and Capture Device Driver (Not verified) VM c:\windows\system32\drivers\usbvm31b.sys HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify klogon Logon Visualizer (Not verified) Kaspersky Lab c:\windows\system32\klogon.dll WRNotifier File not found: WRLogonNTF.dll HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors Bluetooth Printer Port bthcrp DLL (Not verified) WIDCOMM, Inc. c:\windows\system32\bthcrp.dll Microsoft Document Imaging Writer Monitor Microsoft® Document Imaging (Not verified) Microsoft Corporation c:\windows\system32\mdimon.dll HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Appinit_Dlls C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll kldialhk (Not verified) Kaspersky Lab c:\program files\kaspersky lab\kaspersky internet security 6.0\adialhk.dll HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run kis Kaspersky Anti-Virus (Not verified) Kaspersky Lab c:\program files\kaspersky lab\kaspersky internet security 6.0\avp.exe !AVG Anti-Spyware AVG Anti-Spyware (Not verified) Anti-Malware Development a.s. c:\program files\grisoft\avg anti-spyware 7.5\avgas.exe HKLM\SOFTWARE\Classes\Protocols\Filter application/octet-stream Microsoft .NET Runtime Execution Engine (Not verified) Microsoft Corporation c:\windows\system32\mscoree.dll application/x-complus Microsoft .NET Runtime Execution Engine (Not verified) Microsoft Corporation c:\windows\system32\mscoree.dll application/x-msdownload Microsoft .NET Runtime Execution Engine (Not verified) Microsoft Corporation c:\windows\system32\mscoree.dll HKCU\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components 0 File not found: About:Home HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components n/a Microsoft .NET IE SECURITY REGISTRATION (Not verified) Microsoft Corporation c:\windows\system32\mscories.dll C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup BTTray.lnk Bluetooth Tray Application (Not verified) WIDCOMM, Inc. c:\program files\widcomm\bluetooth software\bttray.exe Task Scheduler AppleSoftwareUpdate.job Software Application (Not verified) Apple Computer, Inc. c:\program files\apple software update\softwareupdate.exe HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects AcroIEHlprObj Class AcroIEHelper Module (Verified) Adobe Systems, Incorporated c:\program files\adobe\acrobat 5.0\reader\activex\acroiehelper.ocx {53707962-6F74-2D53-2644-206D7942484F} Bad download blocker (Verified) Safer Networking Ltd. c:\program files\spybot - search & destroy\sdhelper.dll IeHelper Class Secretmaker popup blocker (Not verified) Secretmaker c:\windows\system32\smiehlp.dll Google Toolbar Helper Google IE Client Toolbar (Verified) Google Inc c:\program files\google\googletoolbar3.dll HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks AVG Anti-Spyware 7.5 AVG Anti-Spyware shellexecutehook (Not verified) Anti-Malware Development a.s. c:\program files\grisoft\avg anti-spyware 7.5\shellexecutehook.dll HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved Display Panning CPL Extension File not found: deskpan.dll WinZip WinZip Shell Extension DLL (Not verified) WinZip Computing, Inc. c:\program files\winzip\wzshlstb.dll WinZip WinZip Shell Extension DLL (Not verified) WinZip Computing, Inc. c:\program files\winzip\wzshlstb.dll WinZip WinZip Shell Extension DLL (Not verified) WinZip Computing, Inc. c:\program files\winzip\wzshlstb.dll WinZip WinZip Shell Extension DLL (Not verified) WinZip Computing, Inc. c:\program files\winzip\wzshlstb.dll WinRAR shell extension c:\program files\winrar\rarext.dll My Bluetooth Places BTNeighborhood DLL (Not verified) WIDCOMM, Inc. c:\windows\system32\btneighborhood.dll PhoneBrowser Phone Browser (Not verified) Nokia c:\program files\nokia\nokia pc suite 6\phonebrowser.dll Message View Phone Browser Message View (Not verified) Nokia c:\program files\nokia\nokia pc suite 6\messageview.dll NeroDigitalIconHandler Nero Digital Shell Extension (Not verified) Nero AG c:\program files\common files\ahead\lib\nerodigitalext.dll NeroDigitalPropSheetHandler Nero Digital Shell Extension (Not verified) Nero AG c:\program files\common files\ahead\lib\nerodigitalext.dll Haali Column Provider c:\program files\haali\matroskasplitter\mmfinfo.dll Fusion Cache Microsoft .NET Runtime Execution Engine (Not verified) Microsoft Corporation c:\windows\system32\mscoree.dll Right Click Image Converter Extension c:\program files\kristanix\right click image converter\extrcic.dll GMail Drive GMail File System Shell Namespace Extension (Not verified) Bjarke Viksoe c:\windows\system32\shellext\gmailfs.dll GMailFS Property Sheet GMail File System Shell Namespace Extension (Not verified) Bjarke Viksoe c:\windows\system32\shellext\gmailfs.dll GMailFS Drop Handler GMail File System Shell Namespace Extension (Not verified) Bjarke Viksoe c:\windows\system32\shellext\gmailfs.dll GMailFS Context Menu GMail File System Shell Namespace Extension (Not verified) Bjarke Viksoe c:\windows\system32\shellext\gmailfs.dll Web Anti-Virus Script Monitor Internet Explorer plugin (Not verified) Kaspersky Lab c:\program files\kaspersky lab\kaspersky internet security 6.0\scieplugin.dll AZR Context Menu Shell Extension ShellExt Module c:\program files\azr\azrshl.dll IZArc DragDrop Menu c:\program files\izarc\izarccm.dll IZArc Shell Context Menu c:\program files\izarc\izarccm.dll HKLM\Software\Classes\Folder\Shellex\ColumnHandlers Haali Column Provider c:\program files\haali\matroskasplitter\mmfinfo.dll NeroDigitalColumnHandler Class Nero Digital Shell Extension (Not verified) Nero AG c:\program files\common files\ahead\lib\nerodigitalext.dll HKLM\Software\Microsoft\Internet Explorer\Toolbar googletoolbar3.dll Google IE Client Toolbar (Verified) Google Inc c:\program files\google\googletoolbar3.dll HKLM\Software\Microsoft\Internet Explorer\Extensions @btrez.dll,-4017 c:\program files\widcomm\bluetooth software\btsendto_ie.htm Yahoo! Messenger Yahoo! Messenger (Verified) Yahoo! Inc. c:\program files\yahoo!\messenger\yahoomessenger.exe 4. Uninstall list: µTorrent Active Web Reader 2.45 Ad-aware 6 Personal Ad-aware 6 Professional Adobe Acrobat 5.0 Adobe Flash Player 9 ActiveX Adobe Photoshop CS2 Advanced Zip Repair v1.7 Anim-FX Apple Software Update AV Bros. Page Curl Pro 2.1 (Remove Only) AVG Anti-Spyware 7.5 Azureus Blaze Media Pro Buddy Spy 2.2.10 CCleaner (remove only) CleanUp! DFX for Winamp EF Duplicate Files Manager FLV Player 1.3.3 Folder Lock 5.6.1 Framing Studio 1.35 GMail Drive Shell Extension Google Talk (remove only) Google Toolbar for Internet Explorer Hide IP Platinum 3.1 High Definition Audio Driver Package - KB888111 HijackThis 1.99.1 ImageHigh Uploader v0.1 Intel(R) Graphics Media Accelerator Driver Intel(R) PRO Network Adapters and Drivers IZArc 3.5 beta 3 J2SE Runtime Environment 5.0 Update 4 Kaspersky Internet Security 6.0 LimeWire 4.12.6 MakeTorrent v2.1 Media Studio for Nokia 2.5 Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Microsoft Office Professional Edition 2003 Mozilla Firefox (1.5.0.8) Mozilla Thunderbird (1.5) Mp3 Filter MP3 Sound Cutter 1.40 MSConfig CleanUp 1.0 Nancarrow MultiPic Nero 7 Demo Nero Suite Nokia Connectivity Cable Driver Nokia Multimedia Converter Pro v2.0 Nokia PC Suite Panda ActiveScan Photomatix Pro version 2.2.2 PhotoWatermark Professional Picget 2.5 PowerDVD Premium Clock version 2.35 QuickTime Real Alternative 1.41 Realtek High Definition Audio Driver Right Click Image Converter Riva FLV Encoder 2.0 Secretmaker (remove only) Skype 2.5 SmartMovie Converter (for Symbian phones) Spybot - Search & Destroy 1.4 Subtitle Workshop 2.51 SUPER © Version 2006.19 (FIX) Total Video Converter 3.01 TweakNow PowerPack 2006 Professional Tweakui Powertoy for Windows XP Update for Windows XP (KB894391) USB PC Camera 301P USB Web Camera Driver Video Converter 3 VideoLAN VLC media player 0.8.5 Website Ripper Copier WIDCOMM Bluetooth Software Winamp (remove only) WinASO Registry Optimizer 2.7 Windows Media Format 11 runtime Windows Media Format 11 runtime Windows Media Player 11 Windows Media Player 11 WinRAR archiver WinZip WordWeb Pro XMLinst Yahoo! Messenger Zip Repair Pro Zip Repair v1.0 5. New HiJackThis log: Logfile of HijackThis v1.99.1 Scan saved at 3:34:24 PM, on 12/14/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Unable to get Internet Explorer version! Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\WINDOWS\system32\inetsrv\inetinfo.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\HJT\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Raminder's Net O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: IeHelper Class - {A491D208-B353-490F-B81A-A8A3DC97042D} - C:\WINDOWS\system32\smiehlp.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file) O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll O4 - HKLM\..\Run: [kis] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - Global Startup: BTTray.lnk = ? O8 - Extra context menu item: &WordWeb... - res://C:\WINDOWS\wweb32.dll/lookup.html O8 - Extra context menu item: Add to Kaspersky Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\\ie_banner_deny.htm O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{6E3A219D-9D32-45A2-8BDD-C2C5E848F12E}: NameServer = 218.248.255.193 218.248.255.145 O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing) O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Kaspersky Internet Security 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" -r (file missing) O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe ------------------------------------------------------------------------ Waiting for your response now :) Regards |
|
|
|
|
12-14-2006, 07:05 PM
|
#8 (permalink) |
|
Mentor, Analyst - Security Team
Join Date: May 2006
Location: Oregon
Posts: 2,503
OS: MacOS X, Debian, OpenBSD, Windows
|
We don't recommend using any sort of cracks or illegal software here. We are not here to pass judgment; however, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It may be contributing to your current situation.
I also see you have P2P software (i.e. µTorrent, Azureus, LimeWire) installed on your machine. Like cracked software, we are not here to pass judgment on file-sharing as a concept but it carries the same warnings --engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. Download FixISTBar Please download the ISTBar removal tool from Symantec to your Desktop and run it. Download SilentRunners Please download SilentRunners.vbs - Right click & choose Save As... SilentRunners.vbs Before proceeding, disable any anti-virus or anti-spyware programs that may block/disable scripts. Launch SilentRunners by double-clicking the downloaded file. In the ensuing Window, select 'No' to avoid skipping supplementary searches. Please be patient as the script requires a few minutes to complete. When it's done, you'll receive the prompt "All Done!". It will create a file called "Startup Programs". Post ALL its contents here in your next reply. Deletions Delete the following Files indicated in RED if they still exist. E:\Format Essentials\Format Essentials DvD New July-27-2006\After Writing\Serb SoftwareS\visual_mp3_splitter_joiner.rar Download GMER Download GMER and extract it to your desktop. Double-click gmer.exe to run it and select the Rootkit tab. Press scan. When it has finished, press copy and paste the log back here. Online Scan Please perform an BitDefender Online Scan using Internet Explorer. Once finished, click on the Details button to view the results. To the upper right of the results you will see an option saying "Click here to export the scan results". Please do so and save it to your desktop. Copy and paste the results of the scan with your next post. With Your Next Post... Please paste the following with your next reply (in this order please):
__________________
The chance to begin again in a golden land of opportunity and adventure. Need HijackThis help? Please read MicroBell's Five Step Process before posting.
Please donate and help keep this site free to all. UNITE/ASAP: Proud member since 2006 |
|
|
|
|
12-15-2006, 01:11 AM
|
#9 (permalink) |
|
Registered User
Join Date: Jul 2006
Location: India
Posts: 91
OS: XP Pro - SP2
|
Thanks for the warnings and suggestions. I will make sure that other person using this computer should read the instructions too. :) I really appreciate your valuable suggestions.
Here are the latest reports: 1. SilentRunners Report: "Silent Runners.vbs", revision 49, http://www.silentrunners.org/ Operating System: Windows XP SP2 Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: --------------------------------- HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++} "kis" = ""C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe"" ["Kaspersky Lab"] "High Definition Audio Property Page Shortcut" = "HDAShCut.exe" ["Windows (R) Server 2003 DDK provider"] "!AVG Anti-Spyware" = ""C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized" ["Anti-Malware Development a.s."] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided) -> {HKLM...CLSID} = "AcroIEHlprObj Class" \InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx" [empty string] {53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided) -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Program Files\Spybot - Search & Destroy\SDHelper.dll" ["Safer Networking Limited"] {A491D208-B353-490F-B81A-A8A3DC97042D}\(Default) = (no title provided) -> {HKLM...CLSID} = "IeHelper Class" \InProcServer32\(Default) = "C:\WINDOWS\system32\smiehlp.dll" ["Secretmaker"] {AA58ED58-01DD-4d91-8333-CF10577473F7}\(Default) = (no title provided) -> {HKLM...CLSID} = "Google Toolbar Helper" \InProcServer32\(Default) = "c:\program files\google\googletoolbar3.dll" ["Google Inc."] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ "{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Display Panning CPL Extension" -> {HKLM...CLSID} = "Display Panning CPL Extension" \InProcServer32\(Default) = "deskpan.dll" [file not found] "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal Icon Ext" -> {HKLM...CLSID} = "HyperTerminal Icon Ext" \InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."] "{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Program Files\Microsoft Office\OFFICE11\msohev.dll" [MS] "{E0D79304-84BE-11CE-9641-444553540000}" = "WinZip" -> {HKLM...CLSID} = "WinZip" \InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."] "{E0D79305-84BE-11CE-9641-444553540000}" = "WinZip" -> {HKLM...CLSID} = "WinZip" \InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."] "{E0D79306-84BE-11CE-9641-444553540000}" = "WinZip" -> {HKLM...CLSID} = "WinZip" \InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."] "{E0D79307-84BE-11CE-9641-444553540000}" = "WinZip" -> {HKLM...CLSID} = "WinZip" \InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."] "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] "{6af09ec9-b429-11d4-a1fb-0090960218cb}" = "My Bluetooth Places" -> {HKLM...CLSID} = "My Bluetooth Places" \InProcServer32\(Default) = "C:\WINDOWS\system32\btneighborhood.dll" ["WIDCOMM, Inc."] "{416651E4-9C3C-11D9-8BDE-F66BAD1E3F3A}" = "PhoneBrowser" -> {HKLM...CLSID} = "Nokia Phone Browser" \InProcServer32\(Default) = "C:\Program Files\Nokia\Nokia PC Suite 6\PhoneBrowser.dll" ["Nokia"] "{C0C4375A-5B72-4efe-929D-3B848C3A1E91}" = "Message View" -> {HKLM...CLSID} = "Message View" \InProcServer32\(Default) = "C:\Program Files\Nokia\Nokia PC Suite 6\MessageView.dll" ["Nokia"] "{B327765E-D724-4347-8B16-78AE18552FC3}" = "NeroDigitalIconHandler" -> {HKLM...CLSID} = "NeroDigitalIconHandler Class" \InProcServer32\(Default) = "C:\Program Files\Common Files\Ahead\lib\NeroDigitalExt.dll" ["Nero AG"] "{7F1CF152-04F8-453A-B34C-E609530A9DC8}" = "NeroDigitalPropSheetHandler" -> {HKLM...CLSID} = "NeroDigitalPropSheetHandler Class" \InProcServer32\(Default) = "C:\Program Files\Common Files\Ahead\lib\NeroDigitalExt.dll" ["Nero AG"] "{0561EC90-CE54-4f0c-9C55-E226110A740C}" = "Haali Column Provider" -> {HKLM...CLSID} = "Haali Column Provider" \InProcServer32\(Default) = "C:\Program Files\Haali\MatroskaSplitter\mmfinfo.dll" [null data] "{13311DA7-1D24-40e5-AE07-7E3750F5DE3C}" = "Right Click Image Converter Extension" -> {HKLM...CLSID} = "Right Click Image Converter Extension" \InProcServer32\(Default) = "C:\Program Files\Kristanix\Right Click Image Converter\extRCIC.dll" [null data] "{2B3453E4-49DF-11D3-8229-0080BE509050}" = "GMail Drive" -> {HKLM...CLSID} = "GMail Drive" \InProcServer32\(Default) = "C:\WINDOWS\system32\ShellExt\GMailFS.dll" ["Bjarke Viksoe"] "{2B3453E4-49DF-11D3-8229-0080BE509052}" = "GMailFS Property Sheet" -> {HKLM...CLSID} = "GMailFS Property Sheet" \InProcServer32\(Default) = "C:\WINDOWS\system32\ShellExt\GMailFS.dll" ["Bjarke Viksoe"] "{2B3453E4-49DF-11D3-8229-0080BE509054}" = "GMailFS Drop Handler" -> {HKLM...CLSID} = "GMailFS Drop Handler" \InProcServer32\(Default) = "C:\WINDOWS\system32\ShellExt\GMailFS.dll" ["Bjarke Viksoe"] "{2B3453E4-49DF-11D3-8229-0080BE509056}" = "GMailFS Context Menu" -> {HKLM...CLSID} = "GMailFS Context Menu" \InProcServer32\(Default) = "C:\WINDOWS\system32\ShellExt\GMailFS.dll" ["Bjarke Viksoe"] "{85E0B171-04FA-11D1-B7DA-00A0C90348D6}" = "Web Anti-Virus" -> {HKLM...CLSID} = "Web Anti-Virus" \InProcServer32\(Default) = "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll" ["Kaspersky Lab"] "{47190BD5-7500-485A-95F1-7BC95AA51A6F}" = "AZR Context Menu Shell Extension" -> {HKLM...CLSID} = "AZRCtxMenu Class" \InProcServer32\(Default) = "C:\Program Files\AZR\AZRSHL.dll" [empty string] "{CA5FEE26-14C1-4B5A-86E9-233FC0EE2682}" = "IZArc DragDrop Menu" -> {HKLM...CLSID} = "IZArc DragDrop Menu" \InProcServer32\(Default) = "C:\PROGRA~1\IZArc\IZArcCM.dll" [null data] "{8D9D4D0D-FDDD-44CB-AAB2-6161FA0757C5}" = "IZArc Shell Context Menu" -> {HKLM...CLSID} = "IZArc Shell Context Menu" \InProcServer32\(Default) = "C:\PROGRA~1\IZArc\IZArcCM.dll" [null data] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\ <<!>> "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}" = "AVG Anti-Spyware 7.5" -> {HKLM...CLSID} = "CShellExecuteHookImpl Object" \InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" ["Anti-Malware Development a.s."] HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ "WPDShServiceObj" = "{AAA288BA-9A4C-45B0-95D7-94D524869DB5}" -> {HKLM...CLSID} = "WPDShServiceObj Class" \InProcServer32\(Default) = "C:\WINDOWS\system32\WPDShServiceObj.dll" [MS] HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows\ <<!>> "AppInit_DLLs" = "C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll" ["Kaspersky Lab"] HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ <<!>> igfxcui\DLLName = "igfxsrvc.dll" ["Intel Corporation"] <<!>> klogon\DLLName = "C:\WINDOWS\system32\klogon.dll" ["Kaspersky Lab"] <<!>> WRNotifier\DLLName = "WRLogonNTF.dll" [file not found] HKLM\Software\Classes\PROTOCOLS\Filter\ <<!>> text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS] HKLM\Software\Classes\Folder\shellex\ColumnHandlers\ {0561EC90-CE54-4f0c-9C55-E226110A740C}\(Default) = "Haali Column Provider" -> {HKLM...CLSID} = "Haali Column Provider" \InProcServer32\(Default) = "C:\Program Files\Haali\MatroskaSplitter\mmfinfo.dll" [null data] {7D4D6379-F301-4311-BEBA-E26EB0561882}\(Default) = "NeroDigitalExt.NeroDigitalColumnHandler" -> {HKLM...CLSID} = "NeroDigitalColumnHandler Class" \InProcServer32\(Default) = "C:\Program Files\Common Files\Ahead\lib\NeroDigitalExt.dll" ["Nero AG"] HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ AVG Anti-Spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}" -> {HKLM...CLSID} = "CContextScan Object" \InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll" ["Anti-Malware Development a.s."] IZArcCM\(Default) = "{8D9D4D0D-FDDD-44CB-AAB2-6161FA0757C5}" -> {HKLM...CLSID} = "IZArc Shell Context Menu" \InProcServer32\(Default) = "C:\PROGRA~1\IZArc\IZArcCM.dll" [null data] Kaspersky Anti-Virus\(Default) = "{dd230880-495a-11d1-b064-008048ec2fc5}" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\shellex.dll" ["Kaspersky Lab"] Right Click Image Converter\(Default) = "{13311DA7-1D24-40e5-AE07-7E3750F5DE3C}" -> {HKLM...CLSID} = "Right Click Image Converter Extension" \InProcServer32\(Default) = "C:\Program Files\Kristanix\Right Click Image Converter\extRCIC.dll" [null data] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}" -> {HKLM...CLSID} = "WinZip" \InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."] HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ AVG Anti-Spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}" -> {HKLM...CLSID} = "CContextScan Object" \InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll" ["Anti-Malware Development a.s."] IZArcCM\(Default) = "{8D9D4D0D-FDDD-44CB-AAB2-6161FA0757C5}" -> {HKLM...CLSID} = "IZArc Shell Context Menu" \InProcServer32\(Default) = "C:\PROGRA~1\IZArc\IZArcCM.dll" [null data] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}" -> {HKLM...CLSID} = "WinZip" \InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ Kaspersky Anti-Virus\(Default) = "{dd230880-495a-11d1-b064-008048ec2fc5}" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\shellex.dll" ["Kaspersky Lab"] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}" -> {HKLM...CLSID} = "WinZip" \InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."] Group Policies {GPedit.msc branch and setting}: ----------------------------------------------- Note: detected settings may not have any effect. HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\ "NoRecentDocsHistory" = (REG_DWORD) hex:0x00000001 {unrecognized setting} "NoDesktop" = (REG_DWORD) hex:0x00000000 {unrecognized setting} "NoActiveDesktop" = (REG_DWORD) hex:0x00000001 {User Configuration|Administrative Templates|Desktop|Desktop / Active Desktop| Disable Active Desktop} "NoViewContextMenu" = (REG_DWORD) hex:0x00000000 {unrecognized setting} "NoSaveSettings" = (REG_DWORD) hex:0x00000000 {User Configuration|Administrative Templates|Desktop| Don't save settings at exit} "NoSMMyDocs" = (REG_DWORD) hex:0x00000001 {User Configuration|Administrative Templates|Start Menu and Taskbar| Remove Documents menu from Start Menu} "NoRecentDocsMenu" = (REG_DWORD) hex:0x00000001 {unrecognized setting} "NoSMMyPictures" = (REG_DWORD) hex:0x00000001 {User Configuration|Administrative Templates|Start Menu and Taskbar| Remove My Pictures icon from Start Menu} "NoFind" = (REG_DWORD) hex:0x00000000 {unrecognized setting} "NoChangeStartMenu" = (REG_DWORD) hex:0x00000000 {unrecognized setting} "ClearRecentDocsOnExit" = (REG_DWORD) hex:0x00000000 {unrecognized setting} "NoStartMenuMFUprogramsList" = (REG_DWORD) hex:0x00000001 {unrecognized setting} "NoToolbarCustomize" = (REG_DWORD) hex:0x00000000 {User Configuration|Administrative Templates|Windows Components|Internet Explorer|Toolbars| Disable customizing browser toolbar buttons} "NoFileMenu" = (REG_DWORD) hex:0x00000000 {unrecognized setting} "NoLowDiskSpaceChecks" = (REG_DWORD) hex:0x00000001 {unrecognized setting} "NoSMHelp" = (REG_BINARY) hex:01 00 00 00 {User Configuration|Administrative Templates|Start Menu and Taskbar| Remove Help menu from Start Menu} "Mn@iboddPubswLfov" = (REG_DWORD) hex:0x00000000 {unrecognized setting} "Mn@mlrf" = (REG_DWORD) hex:0x00000000 {unrecognized setting} "MnOndNeg" = (REG_DWORD) hex:0x00000000 {unrecognized setting} "MnQtm" = (REG_DWORD) hex:0x00000000 {unrecognized setting} HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\ "NoInternetOpenWith" = (REG_DWORD) hex:0x00000001 {unrecognized setting} "DisableRegistryTools" = (REG_DWORD) hex:0x00000000 {User Configuration|Administrative Templates|System| Prevent access to registry editing tools} "Ghp`amfUbrhLds" = (REG_DWORD) hex:0x00000000 {unrecognized setting} HKCU\Software\Policies\Microsoft\Windows\System\ "DisableCMD" = (REG_DWORD) hex:0x00000000 {User Configuration|Administrative Templates|System| Disable the command prompt} HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\ "shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Shutdown: Allow system to be shut down without having to log on} "undockwithoutlogon" = (REG_DWORD) hex:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Devices: Allow undock without having to log on} Active Desktop and Wallpaper: ----------------------------- Active Desktop may be disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Displayed if Active Desktop enabled and wallpaper not set by Group Policy: HKCU\Software\Microsoft\Internet Explorer\Desktop\General\ "Wallpaper" = "C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Wallpaper1.bmp" Displayed if Active Desktop disabled and wallpaper not set by Group Policy: HKCU\Control Panel\Desktop\ "Wallpaper" = "C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp" Startup items in "Administrator" & "All Users" startup folders: --------------------------------------------------------------- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup "BTTray" -> shortcut to: "C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe" ["WIDCOMM, Inc."] Enabled Scheduled Tasks: ------------------------ "AppleSoftwareUpdate" -> launches: "C:\Program Files\Apple Software Update\SoftwareUpdate.exe -Task" ["Apple Computer, Inc."] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] 000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS] 000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] 000000000004\LibraryPath = "%SystemRoot%\System32\nwprovau.dll" [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 18 %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05 Toolbars, Explorer Bars, Extensions: ------------------------------------ Toolbars HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\ "{2318C2B1-4965-11D4-9B18-009027A5CD4F}" -> {HKLM...CLSID} = "&Google" \InProcServer32\(Default) = "c:\program files\google\googletoolbar3.dll" ["Google Inc."] HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\ "{2318C2B1-4965-11D4-9B18-009027A5CD4F}" -> {HKLM...CLSID} = "&Google" \InProcServer32\(Default) = "c:\program files\google\googletoolbar3.dll" ["Google Inc."] HKLM\Software\Microsoft\Internet Explorer\Toolbar\ "{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = (no title provided) -> {HKLM...CLSID} = "&Google" \InProcServer32\(Default) = "c:\program files\google\googletoolbar3.dll" ["Google Inc."] Explorer Bars HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\ HKLM\Software\Classes\CLSID\{85E0B171-04FA-11D1-B7DA-00A0C90348D6}\(Default) = "Web Anti-Virus" Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar] InProcServer32\(Default) = "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll" ["Kaspersky Lab"] HKLM\Software\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = "&Research" Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar] InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL" [MS] Extensions (Tools menu items, main toolbar menu buttons) HKLM\Software\Microsoft\Internet Explorer\Extensions\ {08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ "MenuText" = "Sun Java Console" "CLSIDExtension" = "{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBC}" -> {HKLM...CLSID} = "Java Plug-in 1.5.0_04" \InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll" ["Sun Microsystems, Inc."] {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E}\ "ButtonText" = "Web Anti-Virus" {92780B25-18CC-41C8-B9BE-3C9C571A8263}\ "ButtonText" = "Research" {CCA281CA-C863-46EF-9331-5C8D4460577F}\ "ButtonText" = "@btrez.dll,-4015" "MenuText" = "@btrez.dll,-4017" "Script" = "C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm" [null data] {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96}\ "ButtonText" = "Yahoo! Messenger" "MenuText" = "Yahoo! Messenger" "Exec" = "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" ["Yahoo! Inc."] {FB5F1910-F110-11D2-BB9E-00C04F795683}\ "ButtonText" = "Messenger" "MenuText" = "Windows Messenger" "Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ AVG Anti-Spyware Guard, AVG Anti-Spyware Guard, "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe" ["Anti-Malware Development a.s."] Bluetooth Service, btwdins, "C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe" ["WIDCOMM, Inc."] FTP Publishing, MSFtpsvc, "C:\WINDOWS\system32\inetsrv\inetinfo.exe" [MS] Kaspersky Internet Security 6.0, AVP, ""C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" -r" ["Kaspersky Lab"] Print Monitors: --------------- HKLM\System\CurrentControlSet\Control\Print\Monitors\ Bluetooth Printer Port\Driver = "bthcrp.dll" ["WIDCOMM, Inc."] Microsoft Document Imaging Writer Monitor\Driver = "mdimon.dll" [MS] ---------- <<!>>: Suspicious data at a malware launch point. + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + The search for DESKTOP.INI DLL launch points on all local fixed drives took 85 seconds. ---------- (total run time: 136 seconds) The link provide by you for GMER didnt work so I downloaded the file from this place: Code:
http://www.majorgeeks.com/GMER_d5198.html GMER 1.0.12.12011 - http://www.gmer.net Rootkit scan 2006-12-15 12:28:47 Windows 5.1.2600 Service Pack 2 ---- System - GMER 1.0.12 ---- SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwClose SSDT \??\C:\WINDOWS\system32\windrvNT.sys ZwCreateFile SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwCreateKey SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwCreateProcess SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwCreateProcessEx SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwCreateSection SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwCreateSymbolicLinkObject SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwCreateThread SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwDeleteKey SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwDeleteValueKey SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwDuplicateObject SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwEnumerateKey SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwEnumerateValueKey SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwFlushKey SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwInitializeRegistry SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwLoadKey SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwLoadKey2 SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwNotifyChangeKey SSDT \??\C:\WINDOWS\system32\windrvNT.sys ZwOpenFile SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwOpenKey SSDT \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys ZwOpenProcess SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwOpenSection SSDT \??\C:\WINDOWS\system32\windrvNT.sys ZwQueryDirectoryFile SSDT \??\C:\WINDOWS\system32\windrvNT.sys ZwQueryInformationProcess SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwQueryKey SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwQueryMultipleValueKey SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwQuerySystemInformation SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwQueryValueKey SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwReplaceKey SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwRestoreKey SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwResumeThread SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwSaveKey SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwSetContextThread SSDT \??\C:\WINDOWS\system32\windrvNT.sys ZwSetInformationFile SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwSetInformationKey SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwSetInformationProcess SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwSetValueKey SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwSuspendThread SSDT \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys ZwTerminateProcess SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwUnloadKey SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwWriteVirtualMemory SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[284] SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[285] SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[286] SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[287] SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[288] SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[289] SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[290] SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[291] SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[292] SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[293] SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[294] SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[295] SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[296] Code \??\C:\WINDOWS\system32\drivers\klif.sys FsRtlCheckLockForReadAccess Code \??\C:\WINDOWS\system32\drivers\klif.sys IoIsOperationSynchronous ---- Kernel code sections - GMER 1.0.12 ---- .text ntkrnlpa.exe!FsRtlCheckLockForReadAccess 804E9E14 5 Bytes JMP AAB2E6C0 \??\C:\WINDOWS\system32\drivers\klif.sys .text ntkrnlpa.exe!IoIsOperationSynchronous 804EE54E 5 Bytes JMP AAB2EB50 \??\C:\WINDOWS\system32\drivers\klif.sys .text ntkrnlpa.exe!KiDispatchInterrupt + BA 80540ABA 7 Bytes JMP AAB30E10 \??\C:\WINDOWS\system32\drivers\klif.sys ---- Threads - GMER 1.0.12 ---- Thread 4:156 82696950 Thread 4:160 82676C60 Thread 4:164 82676C60 ---- Files - GMER 1.0.12 ---- File C:\sccfg.sys ADS C:\System Volume Information\_restore{74256105-3019-40EB-B61A-8AB333000E7E}\fifo.log:KAVICHS ADS C:\System Volume Information\_restore{74256105-3019-40EB-B61A-8AB333000E7E}\RP118\A0213694.exe:KAVICHS ADS C:\System Volume Information\_restore{74256105-3019-40EB-B61A-8AB333000E7E}\_driver.cfg:KAVICHS ADS C:\System Volume Information\_restore{74256105-3019-40EB-B61A-8AB333000E7E}\_filelst.cfg:KAVICHS ---- EOF - GMER 1.0.12 ---- 3. BitDefender Report: Code:
The file was saved as HTML and I could not paste it properly. Here I have copy pasted the different sections 1 by 1. This is the complete report without any ommissions. Scan report generated at: Fri, Dec 15, 2006 - 14:15:07 Scan path: A:\;C:\;D:\;E:\;F:\;G:\;H:\;I:\;J:\;K:\;L:\; Statistics: Time 01:38:10 Files 516085 Folders 6433 Boot Sectors 5 Archives 6755 Packed Files 49847 Results Identified Viruses 3 Infected Files 4 Suspect Files 0 Warnings 0 Disinfected 0 Deleted Files 4 Engines Info Virus Definitions 339113 Engine build AVCORE v1.0 (build 2368) (i386) (Nov 16 2006 11:31:19) Scan plugins 14 Archive plugins 38 Unpack plugins 6 E-mail plugins 6 System plugins 1 Scan Settings First Action Disinfect Second Action Delete Heuristics Yes Enable Warnings Yes Scanned Extensions *; Exclude Extensions Scan Emails Yes Scan Archives Yes Scan Packed Yes Scan Files Yes Scan Boot Yes Here are scanned files with their status respectively: E:\TMPGEnc-2.524.63.181-Free\Template\Extra\Vidas\SiS Files\FreakSysIcons.sis=>FREAKMENU.APP Infected with: Worm.Epoc.Skulls E:\TMPGEnc-2.524.63.181-Free\Template\Extra\Vidas\SiS Files\FreakSysIcons.sis=>FREAKMENU.APP Disinfection failed E:\TMPGEnc-2.524.63.181-Free\Template\Extra\Vidas\SiS Files\FreakSysIcons.sis=>FREAKMENU.APP Deleted E:\TMPGEnc-2.524.63.181-Free\Template\Extra\Vidas\SiS Files\FreakSysIcons.sis Update failed E:\SiS Files\FreakSysIcons.sis=>FREAKMENU.APP Infected with: Worm.Epoc.Skulls E:\SiS Files\FreakSysIcons.sis=>FREAKMENU.APP Disinfection failed E:\SiS Files\FreakSysIcons.sis=>FREAKMENU.APP Deleted E:\SiS Files\FreakSysIcons.sis Update failed E:\Format Essentials\Format Essentials DvD New July-27-2006\DvD - VcD Tools\DVD rip and burn\DVDrnb40.exe=>(Instyler o)=>(Instyler Module 2)=>(CAB Sfx o)=>v2.0.2.cab=>NHelper.dll Detected with: Application.Browser.Hijacker.NavExcel.SearchToolbar E:\Format Essentials\Format Essentials DvD New July-27-2006\DvD - VcD Tools\DVD rip and burn\DVDrnb40.exe=>(Instyler o)=>(Instyler Module 2)=>(CAB Sfx o)=>v2.0.2.cab=>NHelper.dll Disinfection failed E:\Format Essentials\Format Essentials DvD New July-27-2006\DvD - VcD Tools\DVD rip and burn\DVDrnb40.exe=>(Instyler o)=>(Instyler Module 2)=>(CAB Sfx o)=>v2.0.2.cab=>NHelper.dll Deleted E:\Format Essentials\Format Essentials DvD New July-27-2006\DvD - VcD Tools\DVD rip and burn\DVDrnb40.exe=>(Instyler o)=>(Instyler Module 2)=>(CAB Sfx o)=>v2.0.2.cab Update failed E:\Format Essentials\Format Essentials DvD New July-27-2006\DvD - VcD Tools\tmpg dvd author1,6,34,89\Pegasys[1].TMPGEnc.DVD.Author.v1.6.34.89-DVT.ZIP=>cracker.exe Infected with: Trojan.Isbar.342 E:\Format Essentials\Format Essentials DvD New July-27-2006\DvD - VcD Tools\tmpg dvd author1,6,34,89\Pegasys[1].TMPGEnc.DVD.Author.v1.6.34.89-DVT.ZIP=>cracker.exe Disinfection failed E:\Format Essentials\Format Essentials DvD New July-27-2006\DvD - VcD Tools\tmpg dvd author1,6,34,89\Pegasys[1].TMPGEnc.DVD.Author.v1.6.34.89-DVT.ZIP=>cracker.exe Deleted E:\Format Essentials\Format Essentials DvD New July-27-2006\DvD - VcD Tools\tmpg dvd author1,6,34,89\Pegasys[1].TMPGEnc.DVD.Author.v1.6.34.89-DVT.ZIP Updated ---------------------------------------------------------------------- New HiJackThis log taken after BitDefender had finished: Logfile of HijackThis v1.99.1 Scan saved at 2:25:40 PM, on 12/15/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Unable to get Internet Explorer version! Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\WINDOWS\system32\inetsrv\inetinfo.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\dllhost.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\WINDOWS\system32\NOTEPAD.EXE C:\WINDOWS\system32\NOTEPAD.EXE C:\HJT\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Raminder's Net O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: IeHelper Class - {A491D208-B353-490F-B81A-A8A3DC97042D} - C:\WINDOWS\system32\smiehlp.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file) O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll O4 - HKLM\..\Run: [kis] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - Global Startup: BTTray.lnk = ? O8 - Extra context menu item: &WordWeb... - res://C:\WINDOWS\wweb32.dll/lookup.html O8 - Extra context menu item: Add to Kaspersky Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\\ie_banner_deny.htm O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{6E3A219D-9D32-45A2-8BDD-C2C5E848F12E}: NameServer = 218.248.255.193 218.248.255.145 O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing) O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Kaspersky Internet Security 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" -r (file missing) O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe ------------------------------------------------------------- :) Waiting for your reply. Thanks |
|
|
|
|
12-15-2006, 09:03 PM
|
#10 (permalink) |
|
Mentor, Analyst - Security Team
Join Date: May 2006
Location: Oregon
Posts: 2,503
OS: MacOS X, Debian, OpenBSD, Windows
|
After doing some research, I think this one is solved by simply patching your machine. It is very important that you get all of the critical updates for your Operating System and Internet Explorer. Keeping your OS and browser up to date will help make you less susceptible to attacks by Trojans and viruses. Please go to Microsoft and download all the critical updates to help prevent possible re-infection.
Do that for me and see if the problem goes away. Also, is your firewall turned on?
__________________
The chance to begin again in a golden land of opportunity and adventure. Need HijackThis help? Please read MicroBell's Five Step Process before posting.
Please donate and help keep this site free to all. UNITE/ASAP: Proud member since 2006 |
|
|
|
|
12-16-2006, 03:50 AM
|
#11 (permalink) | |
|
Registered User
Join Date: Jul 2006
Location: India
Posts: 91
OS: XP Pro - SP2
|
Quote:
I am using Kaspersky Internet Security as my primary defence but after this error, Kaspersky has also started to behave abnormally. e.g. now i cannot update its signatures. Could you please also suggest a good Anti Virus other than Kaspersky which I should use or to put it in other words please suggest me the best possible defence combination i.e. Anti Virus + Any anti spyware and plus any additional security tool/s which I should use. Thanks :) |
|
|
|
|
|
12-16-2006, 01:26 PM
|
#12 (permalink) |
|
Mentor, Analyst - Security Team
Join Date: May 2006
Location: Oregon
Posts: 2,503
OS: MacOS X, Debian, OpenBSD, Windows
|
What are the contents of C:\WINDOWS\system32\drivers\etc\ hosts?
The following is a list of free software we recommend: Antivirus AV software should be updated at least once a week for optimum protection. Here are some free AV programs available for personal use. NOTE: Do not install more than one AV program because they will conflict with each other. Only pick one.
Firewalls A good firewall is the first-line of defense for your computer and will monitor incoming and outgoing traffic. NOTE: Microsoft's Firewall does not monitor outgoing traffic. If you are unfamiliar with how a firewall works, you can read "Understanding and Using Firewalls". Here are some free firewalls available for personal use:
__________________
The chance to begin again in a golden land of opportunity and adventure. Need HijackThis help? Please read MicroBell's Five Step Process before posting.
Please donate and help keep this site free to all. UNITE/ASAP: Proud member since 2006 |
|
|
|
|
12-17-2006, 12:47 AM
|
#13 (permalink) | |
|
Registered User
Join Date: Jul 2006
Location: India
Posts: 91
OS: XP Pro - SP2
|
Quote:
Thanks for all the recommendations on AVs and Firewalls :) |
|
|
|
|
|
12-17-2006, 12:25 PM
|
#14 (permalink) |
|
Mentor, Analyst - Security Team
Join Date: May 2006
Location: Oregon
Posts: 2,503
OS: MacOS X, Debian, OpenBSD, Windows
|
Were you able to patch? Did replacing your AV and firewall help?
__________________
The chance to begin again in a golden land of opportunity and adventure. Need HijackThis help? Please read MicroBell's Five Step Process before posting.
Please donate and help keep this site free to all. UNITE/ASAP: Proud member since 2006 |
|
|
|
|
12-17-2006, 10:19 PM
|
#15 (permalink) | |
|
Registered User
Join Date: Jul 2006
Location: India
Posts: 91
OS: XP Pro - SP2
|
Quote:
|
|
|
|
|
|
12-18-2006, 07:15 PM
|
#16 (permalink) |
|
Mentor, Analyst - Security Team
Join Date: May 2006
Location: Oregon
Posts: 2,503
OS: MacOS X, Debian, OpenBSD, Windows
|
Good. I don't think it will as long as you have the firewall up and working. Well done, your logs are clean! Any more issues? If not, you should be good to go but we still have a few items we'd like to address.
Reset hidden/system files and folders
Reset System Restore
Re-enable Protection Turn back on any malware prevention tools we might have had you switch off. Microsoft Updates It is very important that you get all of the critical updates for your Operating System and Internet Explorer. Keeping your OS and browser up to date will help make you less susceptible to attacks by malware. Using Internet Explorer, please go to Microsoft's Windows Update and download all of the critical updates to help prevent possible re-infection. Please ensure that you have already patched your system against these recent critical exploits: Enable Windows Auto Update:
Update Java You need to update your Java as it is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.
Tool Deletions Feel free to remove these tools and their folders:
Malware Prevention This is a good time to set up protection against further attacks. You might want to read Tony Klein's "How Did I Get Infected In The First Place?". At the minimum, you need an antivirus that is continually updated, a good firewall, a spyware blocker such as Spyware Blaster, and a real time spyware program such as Spyware Guard to prevent spyware intrusions. I also recommend IE-Spyad, which places over 4,000 websites and domains in the IE Restricted list, thus helping prevent attempts to re-infect your system. All of these have no-strings-attached free versions available. However, be very wary with any security software that is advertised in popups or in other ways. They are not only usually of no use but often have malware in them. Two more articles you may want to read at your leisure are "KRC Anti-Spyware Tutorial" and "Making Internet Explorer Safer". The following is a list of free software we recommend: Antivirus AV software should be updated at least once a week for optimum protection. Here are some free AV programs available for personal use. NOTE: Do not install more than one AV program because they will conflict with each other. Only pick one.
Firewalls A good firewall is the first-line of defense for your computer and will monitor incoming and outgoing traffic. NOTE: Microsoft's Firewall does not monitor outgoing traffic. If you are unfamiliar with how a firewall works, you can read "Understanding and Using Firewalls". Here are some free firewalls available for personal use:
These programs actively watch your computer for possible malware-related changes and help prevent them. You can run more than one of these at a time.Passive Malware Prevention Tools These programs configure your computer to prevent known malware-related changes. You can have more than one of these at a time and they take up minimal resources.
Using an alternative browser can help prevent malware from being installed without your knowledge, but may not work on all websites.Alternative Miscellaneous Here are some alternatives that are worth looking into if you use their features:
Please respond to this thread one more time so we can mark this thread as resolved.
__________________
The chance to begin again in a golden land of opportunity and adventure. Need HijackThis help? Please read MicroBell's Five Step Process before posting.
Please donate and help keep this site free to all. UNITE/ASAP: Proud member since 2006 |
|
|
|
|
12-19-2006, 05:12 AM
|
#17 (permalink) |
|
Registered User
Join Date: Jul 2006
Location: India
Posts: 91
OS: XP Pro - SP2
|
Thanks once again for all the suggestions. I'll make all the updates and will also install Anti Spyware and othe rimportant security softwares. The error has not resurfaced again :)
Thanks |
|
|
|
| Thread Tools | |
|
|
