Welcome to Tech Support Forum home to more then 136,000 problems solved. Issues have included: Spyware, Malware, Virus Issues, Windows, Microsoft, Linux, Networking, Security, Hardware, and Gaming Getting your problem solved is as easy as:
1. Registering for a free account
2. Asking your question
3. Receiving an answer

Registered members:
* Get free support
* Communicate privately with other members (PM).
* Removal of this message
* See fewer ads.
* And much more..

 


Want to know how to post a question? click here Having problems with spyware and pop-ups? First Steps
Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads
Reload this Page Need Help - Getting too many pop-ups and lock downs. HJT included
User Name
Password
Site Map Register Donate Rules Blogs Mark Forums Read


Resolved HJT Threads Resolved spyware and popup issues.

 
 
LinkBack Thread Tools
Old 08-19-2005, 11:56 AM   #1 (permalink)
Registered User
 
Join Date: Feb 2005
Posts: 24
OS: win xp home 2002 version Service pack 2


Need Help - Getting too many pop-ups and lock downs. HJT included
Hi there,

My PC is crawling and IE not responding well due to many malware attacks I believe. I have run CW-Shredded, CLean-Up, Spysweeper and AD Aware SE Pro but still can't can't rid of viruses.

Would you pls take a look at my log file , thank you in advance!!

Running Wim XP Home SP2. 17.Ghz and 512 mb of RAM

====================================================================
Log was analyzed using KRC HijackThis Analyzer - Updated on 8/4/05
Get updates at http://www.greyknight17.com/download.htm#programs

***Security Programs Detected***

C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Logfile of HijackThis v1.99.1
Scan saved at 2:53:31 PM, on 8/19/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
D:\Program files\Agent\PQV2iSvc.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
D:\PROGRA~1\ETRUST~1\VetTray.exe
C:\WINDOWS\CY_BG.EXE
D:\Program files\Anapod Explorer\anamgr.exe
D:\Program files\bin\iPodService.exe
C:\WINDOWS\Integrator.exe
C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE
C:\Documents and Settings\Federico Vega\Desktop\Hijack this\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = www.msn.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
O2 - BHO: MSEvents Object - {B8B55274-0F9A-41E5-9067-A3539BD9E860} - C:\WINDOWS\Windows Update Setup Files\utilcat.dll
O4 - HKLM\..\Run: [VetTray] d:\PROGRA~1\ETRUST~1\VetTray.exe
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Executive Software\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [CY_BG] C:\WINDOWS\CY_BG.EXE
O4 - Startup: Anapod Manager.lnk = D:\Program files\Anapod Explorer\anamgr.exe
O4 - Startup: AntiCrash.lnk = D:\Program files\AntiCrash.exe
O4 - Global Startup: EZ Firewall.lnk = D:\Program files\eTrust EZ Firewall\ca.exe
O12 - Plugin for .cif: C:\PROGRA~1\Internet Explorer\Plugins\npCVista.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O15 - Trusted Zone: *.coolwebsearch.com
O15 - Trusted Zone: *.musicmatch.com
O15 - Trusted Zone: *.musicmatch.com (HKLM)
O15 - Trusted IP range: 206.161.125.149 (HKLM)
O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone (HKLM)
O16 - DPF: {02BED220-FBC7-4392-93A2-3A50B056F78E} - http://down.plaxo.com/down/release/instub.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - http://www.pcpitstop.com/internet/pcpConnCheck.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/tech...a/LSSupCtl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1097612563828
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {6BB594E2-6E4D-4CC9-98B0-931C323F9165} (DepHlp Control) - http://mirror.worldwinner.com/games/shared/dephlp.cab
O16 - DPF: {6BEA1C48-1850-486C-8F58-C7354BA3165E} (Install Class) - http://updates.lifescapeinc.com/inst...l/pinstall.cab
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.ofoto.com/downloads/BUM/B...1/axofupld.cab
O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} (IBM Access Support) - https://www.pc.ibm.com/egather/IbmEgath.cab
O16 - DPF: {AD08A333-609E-11D3-950C-008098601567} - http://wordreference.com/Install/ItalianToEnglish.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/tech...a/SymAData.cab
O16 - DPF: {FA9740A2-5802-42E2-B509-81186EEB3C42} (WABControl Class) - https://www.linkedin.com/cab/wabctrl.cab
O20 - Winlogon Notify: utilcat - C:\WINDOWS\Windows Update Setup Files\utilcat.dll
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - D:\Program files\bin\iPodService.exe
O23 - Service: Norton Ghost - Symantec Corporation - D:\Program files\Agent\PQV2iSvc.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\WINDOWS\System32\VetMsgNT.exe


End of KRC HijackThis Analyzer Log.
====================================================================


thank you!
fdeaubonne is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Sponsored Links
Old 08-19-2005, 02:49 PM   #2 (permalink)
Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy
 
sUBs's Avatar
 
Join Date: May 2005
Posts: 23,238
OS: N/A


Start HiJackThis & go to Config>Misc.Tools> Delete a file on reboot...
  1. In the popup box that appears, type in C:\WINDOWS\CY_BG.EXE
  2. Click the Open button.
  3. Click NO when prompted to restart your computer.

Please download VundoFix.zip to your desktop.
  • Double-click VundoFix.zip and extract it to your C:\ directory.
  • Copy the instructions below and paste them into Notepad for reference.
    • All other windows need to be closed while doing this fix!
  • Navigate to the new folder C:\VundoFix
  • Double click on KillVundo.bat
    • When it starts running it will tell you that you need an active internet connection then ask you to press any key once you do.
  • Please press any key to continue.
  • Wait for HiJackThis to automatically open.
  • When HiJackThis opens, click Do a system scan only. Place a check next to the following items, if found:

    • R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
      O2 - BHO: MSEvents Object - {B8B55274-0F9A-41E5-9067-A3539BD9E860} - C:\WINDOWS\Windows Update Setup Files\utilcat.dll
      O4 - HKLM\..\Run: [CY_BG] C:\WINDOWS\CY_BG.EXE
      O15 - Trusted Zone: *.coolwebsearch.com
      O15 - Trusted Zone: *.musicmatch.com
      O15 - Trusted Zone: *.musicmatch.com (HKLM)
      O15 - Trusted IP range: 206.161.125.149 (HKLM)
      O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone (HKLM)
      O16 - DPF: {6BEA1C48-1850-486C-8F58-C7354BA3165E} (Install Class) - http://updates.lifescapeinc.com/ins...ll/pinstall.cab
      O16 - DPF: {FA9740A2-5802-42E2-B509-81186EEB3C42} (WABControl Class) - https://www.linkedin.com/cab/wabctrl.cab
      O20 - Winlogon Notify: utilcat - C:\WINDOWS\Windows Update Setup Files\utilcat.dll

  • Once they all have a check next to them, click the FIX CHECKED button, then close HiJackThis.
You will once again be prompted to press any key. Upon doing so this time you will receive a "Blue Screen Of Death". Don't worry, this is normal! Let the computer reboot. If it doesn't boot straight to windows, manually turn the computer off and then back on.

Once the computer is rebooted post a new HiJackThis log as well as the contents of vundofix.txt which can be found in this folder: C:\VundoFix
__________________
sUBs is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 08-19-2005, 04:30 PM   #3 (permalink)
Registered User
 
Join Date: Feb 2005
Posts: 24
OS: win xp home 2002 version Service pack 2


It looks like i am running better already, thanks! Here are my logs, pls let me know if everything looks normal.

Logfile of HijackThis v1.99.1
Scan saved at 7:25:09 PM, on 8/19/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
D:\Program files\Agent\PQV2iSvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Dantz\Retrospect\retrorun.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\System32\VetMsgNT.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
D:\PROGRA~1\ETRUST~1\VetTray.exe
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\CursorXP\CursorXP.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
D:\Program files\bin\iPodService.exe
D:\Program files\eTrust EZ Firewall\ca.exe
D:\Program files\Anapod Explorer\anamgr.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Integrator.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Federico Vega\Desktop\Hijack this\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = www.msn.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [VetTray] d:\PROGRA~1\ETRUST~1\VetTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Executive Software\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe
O4 - Startup: Anapod Manager.lnk = D:\Program files\Anapod Explorer\anamgr.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Startup: AntiCrash.lnk = D:\Program files\AntiCrash.exe
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: EZ Firewall.lnk = D:\Program files\eTrust EZ Firewall\ca.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .cif: C:\PROGRA~1\Internet Explorer\Plugins\npCVista.dll
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {02BED220-FBC7-4392-93A2-3A50B056F78E} - http://down.plaxo.com/down/release/instub.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - http://www.pcpitstop.com/internet/pcpConnCheck.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/tech...a/LSSupCtl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1097612563828
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {6BB594E2-6E4D-4CC9-98B0-931C323F9165} (DepHlp Control) - http://mirror.worldwinner.com/games/shared/dephlp.cab
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.ofoto.com/downloads/BUM/B...1/axofupld.cab
O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} (IBM Access Support) - https://www.pc.ibm.com/egather/IbmEgath.cab
O16 - DPF: {AD08A333-609E-11D3-950C-008098601567} - http://wordreference.com/Install/ItalianToEnglish.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/tech...a/SymAData.cab
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - D:\Program files\bin\iPodService.exe
O23 - Service: Norton Ghost - Symantec Corporation - D:\Program files\Agent\PQV2iSvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Retrospect Launcher (RetroLauncher) - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect\retrorun.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\WINDOWS\System32\VetMsgNT.exe

====================================================

Here is the Vundofix log:

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Suspending PID 708 'smss.exe'
Threads [712][716][720]

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 2776 'explorer.exe'
Killing PID 2140 'explorer.exe'

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Error, Cannot find a process with an image name of rundll32.exe

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 864 'winlogon.exe'
Sucessfully Deleted


Any tips to prevent this malware or tweaking on the Syware programs I have? thanks again master!
fdeaubonne is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 08-19-2005, 06:28 PM   #4 (permalink)
Registered User
 
Join Date: Feb 2005
Posts: 24
OS: win xp home 2002 version Service pack 2


I spoke too fast...although i haven't seen any weird sites poing up, I am not seeing the full content of web pages as in Yahoo start page and images..any advice?
fdeaubonne is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 08-19-2005, 09:13 PM   #5 (permalink)
Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy
 
sUBs's Avatar
 
Join Date: May 2005
Posts: 23,238
OS: N/A


Now that we got the main infection out of the way, let's flush out any hidden malware by using some scanners.

Perform an online scan with Internet Explorer with Panda ActiveScan
  1. Click [Scan your PC] & a 'pop up' window shall appear. *ensure that your pop up blocker doesn't block it
  2. Click [Scan Now]
  3. Enter your e-mail address & click [Scan Now] ...begins downloading 8 MB Panda's ActiveX controls
Begin the scan by selecting My Computer
  • If it finds any malware, it will offer you a report.
  • Click on see report. Then click Save report
Post the contents of the report in your next reply

*You needn't remain online while it's doing the scan but you have to re-connect after it has finished to see the report.
*Turn off the real time scanner of any existing antivirus program while performing the online scan



Download Trend Micro™ Anti-Spyware (by clicking the "Scan and Clean your PC" button).
  • Double-click the tmas-web-scan.exe icon
  • It will say "Loading TrendMicro definitions".
  • Click "Start Scan"
After it's done scanning, click "Scan Results"
  • Make sure all items found have a check next to them, then click "Clean Threats Now".
  • Click Exit.
Reboot your computer. I then need you to repeat the same procedure above again... using the TrendMicro tool. I need the log from the second scan/clean...NOT the first...as this will contain what’s left in the system.

In place of the TrendMicro icon will be a text file called "Antispyware.log", please double-click that log and copy the entire contents and paste them here.

In your next post, please include fresh logs from:
  • HiJackThis log
  • Online Scan
  • AntiSpyware.log
Please update us on how the computer behaves now
__________________
sUBs is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 08-20-2005, 10:23 AM   #6 (permalink)
Registered User
 
Join Date: Feb 2005
Posts: 24
OS: win xp home 2002 version Service pack 2


Wow you are right, a lot of junk remained there. I can't tell you how the computer behaves yet since i have just completed the scans. I could not not get you the Antispyware log from Trend Micro because it did not report anny infections on the second pass (Had 25 infections in the first one). In lieu i am giving you a fresh log with Spysweeper ran with updated definitions. Hope it will help.


1. Activescan log from Panda


Incident Status Location

Adware:adware/popmonster No disinfected C:\DOCUMENTS AND SETTINGS\FEDERICO VEGA\FAVORITES\SHOPPING\Ebay.url
Adware:adware/funweb No disinfected C:\WINDOWS\DOWNLOADED PROGRAM FILES\f3initialsetup1.0.0.8-2.inf
Spyware:spyware/betterinet No disinfected C:\WINDOWS\INF\banner.inf
Adware:adware/ipinsight No disinfected C:\WINDOWS\INF\farmmext.inf
Adware:adware/effectivebrandtoolbarNo disinfected C:\WINDOWS\games.exe
Adware:adware/gator No disinfected C:\WINDOWS\GatorHDPlugin.log
Adware:adware/ncase No disinfected C:\PROGRAM FILES\FlashTalk
Spyware:spyware/dyfuca No disinfected Windows Registry
Dialer:dialer.qi No disinfected HKEY_CLASSES_ROOT\TypeLib\{9A9C9133-E640-4CA7-81C1-123FAC78855F}
Adware:Adware/Adultlt No disinfected C:\WINDOWS\system32\zivixiq.dll
Spyware:Spyware/ClientMan No disinfected C:\WINDOWS\system32\msiaih.dll
Virus:Trj/Imk.A Disinfected C:\WINDOWS\system32\msnimk.gif
Spyware:Spyware/Omi No disinfected C:\WINDOWS\system32\msfdje.gif
Adware:Adware/Ucmore No disinfected C:\WINDOWS\games.exe[IUCMORE.DLL]
Possible Virus. No disinfected C:\WINDOWS\Downloaded Program Files\pinstall.dll
Adware:Adware/FunWeb No disinfected C:\WINDOWS\Downloaded Program Files\f3initialsetup1.0.0.8-2.inf
Dialer:Dialer.Gen No disinfected C:\WINDOWS\tlk0262[1].exe
Spyware:Spyware/Virtumonde No disinfected C:\WINDOWS\Windows Update Setup Files\utilcat.dll
Adware:Adware/EliteBar No disinfected C:\WINDOWS\blocklist.reg
Security Risk:Application/ProcessorNo disinfected C:\Documents and Settings\Federico Vega\Desktop\Hijack this\VundoFix\process.exe
Possible Virus. No disinfected C:\Documents and Settings\Federico Vega\Desktop\Hijack this\VundoFix\backups\backup-20050819-191706-208.dll
Hacktool:Hacktool/MailPassView.BNo disinfected C:\Documents and Settings\Federico Vega\Desktop\mailpv_setup.exe[mailpv.exe]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Federico Vega\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count4.jar-4a5f2737-58be9a5f.zip[BB.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Federico Vega\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count4.jar-4a5f2737-58be9a5f.zip[VerifierBug.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Federico Vega\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count4.jar-4a5f2737-58be9a5f.zip[Dummy.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Federico Vega\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count4.jar-4a5f2737-58be9a5f.zip[Beyond.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Federico Vega\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count4.jar-4a5f2737-58be9a5f.zip[BeyondInterface.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Federico Vega\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv342.jar-19b4c7b5-575e55e9.zip[Counter.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Federico Vega\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv342.jar-19b4c7b5-575e55e9.zip[Dummy.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Federico Vega\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv342.jar-19b4c7b5-575e55e9.zip[Matrix.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Federico Vega\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv342.jar-19b4c7b5-575e55e9.zip[Parser.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Federico Vega\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-a7cd932-15fed4c0.zip[GetAccess.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Federico Vega\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-a7cd932-15fed4c0.zip[InsecureClassLoader.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Federico Vega\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-a7cd932-15fed4c0.zip[Dummy.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Federico Vega\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-a7cd932-15fed4c0.zip[Installer.class]
Adware:Adware/FunWeb No disinfected C:\Program Files\MSN Messenger\riched20.dll
Possible Virus. No disinfected C:\Program Files\Betty's Beer Bar\bbb.exe
Hacktool:Hacktool/MailPassView.BNo disinfected C:\Program Files\Mail PassView\mailpv.exe
Virus:Trj/Downloader.CCX Disinfected C:\1.exe ===============================================
2. Spy sweeper lsession log ran 10mns ago (Cleaned infections)

********
12:51 PM: |··· Start of Session, Saturday, August 20, 2005 ···|
12:51 PM: Spy Sweeper started
12:51 PM: Sweep initiated using definitions version 519
12:51 PM: Starting Memory Sweep
12:54 PM: Memory Sweep Complete, Elapsed Time: 00:03:34
12:54 PM: Starting Registry Sweep
12:54 PM: Found Adware: internetoptimizer
12:54 PM: HKU\S-1-5-21-2690133624-1161744426-439199626-1005\software\microsoft\windows\currentversion\policies\ameopt\ (ID = 654042)
12:55 PM: Registry Sweep Complete, Elapsed Time:00:00:18
12:55 PM: Starting Cookie Sweep
12:55 PM: Found Spy Cookie: adlegend cookie
12:55 PM: federico vega@adlegend[1].txt (ID = 2074)
12:55 PM: Found Spy Cookie: adprofile cookie
12:55 PM: federico vega@adprofile[1].txt (ID = 2084)
12:55 PM: Found Spy Cookie: com.com cookie
12:55 PM: federico vega@ffxcam.fairfax.com[1].txt (ID = 2446)
12:55 PM: federico vega@ffxcam.smh.com[1].txt (ID = 2446)
12:55 PM: Cookie Sweep Complete, Elapsed Time: 00:00:00
12:55 PM: Starting File Sweep
12:55 PM: Found Adware: gain-supported software
12:55 PM: gatorhdplugin.log (ID = 119819)
12:55 PM: Warning: Failed to open file "c:\windows\system32\config\system.log". The process cannot access the file because it is being used by another process
12:55 PM: Warning: Failed to open file "c:\windows\system32\config\software.log". The process cannot access the file because it is being used by another process
12:55 PM: Warning: Failed to open file "c:\windows\system32\config\default.log". The process cannot access the file because it is being used by another process
12:55 PM: Warning: Failed to open file "c:\windows\system32\config\sam.log". The process cannot access the file because it is being used by another process
12:55 PM: Warning: Failed to open file "c:\windows\system32\config\security.log". The process cannot access the file because it is being used by another process
12:55 PM: Warning: Failed to open file "c:\windows\system32\config\default". The process cannot access the file because it is being used by another process
12:55 PM: Warning: Failed to open file "c:\windows\system32\config\security". The process cannot access the file because it is being used by another process
12:55 PM: Warning: Failed to open file "c:\windows\system32\config\software". The process cannot access the file because it is being used by another process
12:55 PM: Warning: Failed to open file "c:\windows\system32\config\system". The process cannot access the file because it is being used by another process
12:55 PM: Warning: Failed to open file "c:\windows\system32\config\sam". The process cannot access the file because it is being used by another process
12:56 PM: Warning: Failed to open file "c:\windows\temp\perflib_perfdata_6ac.dat". The process cannot access the file because it is being used by another process
12:57 PM: Found Adware: effective-i toolbar
12:57 PM: games.exe (ID = 112529)
12:58 PM: Warning: Failed to open file "c:\windows\softwaredistribution\eventcache\{f19a8472-2db0-4c17-ae6a-ce7e907d02f6}.bin". The process cannot access the file because it is being used by another process
12:58 PM: Warning: Failed to open file "c:\documents and settings\networkservice\ntuser.dat.log". The process cannot access the file because it is being used by another process
12:58 PM: Warning: Failed to open file "c:\documents and settings\networkservice\ntuser.dat". The process cannot access the file because it is being used by another process
12:58 PM: Warning: Failed to open file "c:\documents and settings\networkservice\local settings\application data\microsoft\windows\usrclass.dat.log". The process cannot access the file because it is being used by another process
12:58 PM: Warning: Failed to open file "c:\documents and settings\networkservice\local settings\application data\microsoft\windows\usrclass.dat". The process cannot access the file because it is being used by another process
12:58 PM: Warning: Failed to open file "c:\documents and settings\localservice\ntuser.dat.log". The process cannot access the file because it is being used by another process
12:58 PM: Warning: Failed to open file "c:\documents and settings\localservice\ntuser.dat". The process cannot access the file because it is being used by another process
12:58 PM: Warning: Failed to open file "c:\documents and settings\localservice\local settings\application data\microsoft\windows\usrclass.dat.log". The process cannot access the file because it is being used by another process
12:58 PM: Warning: Failed to open file "c:\documents and settings\localservice\local settings\application data\microsoft\windows\usrclass.dat". The process cannot access the file because it is being used by another process
12:58 PM: Warning: Failed to open file "c:\documents and settings\federico vega\ntuser.dat.log". The process cannot access the file because it is being used by another process
12:58 PM: Warning: Failed to open file "c:\documents and settings\federico vega\ntuser.dat". The process cannot access the file because it is being used by another process
12:58 PM: Warning: Failed to open file "c:\documents and settings\federico vega\local settings\application data\microsoft\windows\usrclass.dat.log". The process cannot access the file because it is being used by another process
12:58 PM: Warning: Failed to open file "c:\documents and settings\federico vega\local settings\application data\microsoft\windows\usrclass.dat". The process cannot access the file because it is being used by another process
1:04 PM: Warning: Failed to access drive F:
1:04 PM: Warning: Failed to access drive F:
1:04 PM: Warning: Failed to access drive H:
1:04 PM: Warning: Failed to access drive H:
1:04 PM: File Sweep Complete, Elapsed Time: 00:09:13
1:04 PM: Full Sweep has completed. Elapsed time 00:13:08
1:04 PM: Traces Found: 7
1:09 PM: Removal process initiated
1:09 PM: Quarantining All Traces: internetoptimizer
1:09 PM: Quarantining All Traces: adlegend cookie
1:09 PM: Quarantining All Traces: adprofile cookie
1:09 PM: Quarantining All Traces: com.com cookie
1:09 PM: Quarantining All Traces: gain-supported software
1:09 PM: Quarantining All Traces: effective-i toolbar
1:09 PM: Removal process completed. Elapsed time 00:00:10
********
1:46 PM: |··· Start of Session, Friday, August 19, 2005 ···|
1:46 PM: Spy Sweeper started
1:46 PM: Sweep initiated using definitions version 492
1:46 PM: Starting Memory Sweep
1:49 PM: Memory Sweep Complete, Elapsed Time: 00:03:48
1:49 PM: Starting Registry Sweep
1:49 PM: Found Adware: cws bestsearch.cc hijacker
1:49 PM: HKU\S-1-5-21-2690133624-1161744426-439199626-1005\software\microsoft\windows\currentversion\internet settings\zonemap\domains\dapsol.com\ (1 subtraces) (ID = 662702)
1:50 PM: Registry Sweep Complete, Elapsed Time:00:00:17
1:50 PM: Starting Cookie Sweep
1:50 PM: Found Cookie: moviemonster cookie
1:50 PM: federico vega@moviemonster[2].txt (ID = 26684)
1:50 PM: Found Cookie: ic-live cookie
1:50 PM: federico vega@ic-live[1].txt (ID = 26505)
1:50 PM: Found Cookie: 64.62.232 cookie
1:50 PM: federico vega@64.62.232[1].txt (ID = 25676)
1:50 PM: Found Cookie: tripod cookie
1:50 PM: federico vega@tripod[1].txt (ID = 27263)
1:50 PM: Found Cookie: about cookie
1:50 PM: federico vega@about[2].txt (ID = 25726)
1:50 PM: Found Cookie: go.com cookie
1:50 PM: federico vega@abcnews.go[1].txt (ID = 26413)
1:50 PM: federico vega@rsi.abcnews.go[1].txt (ID = 26413)
1:50 PM: federico vega@sports.espn.go[2].txt (ID = 26413)
1:50 PM: federico vega@go[2].txt (ID = 26412)
1:50 PM: federico vega@boardgames.about[2].txt (ID = 25727)
1:50 PM: federico vega@64.62.232[3].txt (ID = 25676)
1:50 PM: federico vega@64.62.232[2].txt (ID = 25676)
1:50 PM: federico vega@rsi.espn.go[1].txt (ID = 26413)
1:50 PM: federico vega@soccernet.espn.go[2].txt (ID = 26413)
1:50 PM: federico vega@espn.go[2].txt (ID = 26413)
1:50 PM: Found Cookie: belnk cookie
1:50 PM: federico vega@dist.belnk[1].txt (ID = 25976)
1:50 PM: federico vega@belnk[2].txt (ID = 25975)
1:50 PM: federico vega@ath.belnk[1].txt (ID = 25976)
1:50 PM: Found Cookie: yieldmanager cookie
1:50 PM: federico vega@ad.yieldmanager[1].txt (ID = 27415)
1:50 PM: Found Cookie: did-it cookie
1:50 PM: federico vega@did-it[2].txt (ID = 26204)
1:50 PM: Cookie Sweep Complete, Elapsed Time: 00:00:01
1:50 PM: Starting File Sweep
1:50 PM: Warning: Failed to open file "c:\windows\system32\config\system.log". The process cannot access the file because it is being used by another process
1:50 PM: Warning: Failed to open file "c:\windows\system32\config\software.log". The process cannot access the file because it is being used by another process
1:50 PM: Warning: Failed to open file "c:\windows\system32\config\default.log". The process cannot access the file because it is being used by another process
1:50 PM: Warning: Failed to open file "c:\windows\system32\config\sam.log". The process cannot access the file because it is being used by another process
1:50 PM: Warning: Failed to open file "c:\windows\system32\config\security.log". The process cannot access the file because it is being used by another process
1:50 PM: Warning: Failed to open file "c:\windows\system32\config\default". The process cannot access the file because it is being used by another process
1:50 PM: Warning: Failed to open file "c:\windows\system32\config\security". The process cannot access the file because it is being used by another process
1:50 PM: Warning: Failed to open file "c:\windows\system32\config\software". The process cannot access the file because it is being used by another process
1:50 PM: Warning: Failed to open file "c:\windows\system32\config\system". The process cannot access the file because it is being used by another process
1:50 PM: Warning: Failed to open file "c:\windows\system32\config\sam". The process cannot access the file because it is being used by another process
1:51 PM: Warning: Failed to open file "c:\windows\temp\perflib_perfdata_6b4.dat". The process cannot access the file because it is being used by another process
1:53 PM: Warning: Failed to open file "c:\windows\softwaredistribution\eventcache\{2f1d6611-1bc7-4c5d-88a1-a141bf4224e3}.bin". The process cannot access the file because it is being used by another process
1:54 PM: Warning: Failed to open file "c:\documents and settings\networkservice\ntuser.dat.log". The process cannot access the file because it is being used by another process
1:54 PM: Warning: Failed to open file "c:\documents and settings\networkservice\ntuser.dat". The process cannot access the file because it is being used by another process
1:54 PM: Warning: Failed to open file "c:\documents and settings\networkservice\local settings\application data\microsoft\windows\usrclass.dat.log". The process cannot access the file because it is being used by another process
1:54 PM: Warning: Failed to open file "c:\documents and settings\networkservice\local settings\application data\microsoft\windows\usrclass.dat". The process cannot access the file because it is being used by another process
1:54 PM: Warning: Failed to open file "c:\documents and settings\localservice\ntuser.dat.log". The process cannot access the file because it is being used by another process
1:54 PM: Warning: Failed to open file "c:\documents and settings\localservice\ntuser.dat". The process cannot access the file because it is being used by another process
1:54 PM: Warning: Failed to open file "c:\documents and settings\localservice\local settings\application data\microsoft\windows\usrclass.dat.log". The process cannot access the file because it is being used by another process
1:54 PM: Warning: Failed to open file "c:\documents and settings\localservice\local settings\application data\microsoft\windows\usrclass.dat". The process cannot access the file because it is being used by another process
1:54 PM: Warning: Failed to open file "c:\documents and settings\federico vega\ntuser.dat.log". The process cannot access the file because it is being used by another process
1:54 PM: Warning: Failed to open file "c:\documents and settings\federico vega\ntuser.dat". The process cannot access the file because it is being used by another process
1:54 PM: Warning: Failed to open file "c:\documents and settings\federico vega\local settings\temp\zlt0164c.tmp". The process cannot access the file because it is being used by another process
1:54 PM: Warning: Failed to open file "c:\documents and settings\federico vega\local settings\temp\jet42b6.tmp". The process cannot access the file because it is being used by another process
1:54 PM: Warning: Failed to open file "c:\documents and settings\federico vega\local settings\temp\acre.tmp". The process cannot access the file because it is being used by another process
1:54 PM: Warning: Failed to open file "c:\documents and settings\federico vega\local settings\application data\microsoft\windows\usrclass.dat.log". The process cannot access the file because it is being used by another process
1:54 PM: Warning: Failed to open file "c:\documents and settings\federico vega\local settings\application data\microsoft\windows\usrclass.dat". The process cannot access the file because it is being used by another process
2:07 PM: Warning: Failed to access drive F:
2:07 PM: Warning: Failed to access drive F:
2:07 PM: File Sweep Complete, Elapsed Time: 00:16:45
2:07 PM: Full Sweep has completed. Elapsed time 00:20:53
2:07 PM: Traces Found: 22
2:08 PM: Removal process initiated
2:08 PM: Quarantining All Traces: cws bestsearch.cc hijacker
2:08 PM: Quarantining All Traces: moviemonster cookie
2:08 PM: Quarantining All Traces: ic-live cookie
2:09 PM: Quarantining All Traces: 64.62.232 cookie
2:09 PM: Quarantining All Traces: tripod cookie
2:09 PM: Quarantining All Traces: about cookie
2:09 PM: Quarantining All Traces: go.com cookie
2:09 PM: Quarantining All Traces: belnk cookie
2:09 PM: Quarantining All Traces: yieldmanager cookie
2:09 PM: Quarantining All Traces: did-it cookie
2:09 PM: Removal process completed. Elapsed time 00:00:21
2:18 PM: Processing Startup Alerts
2:18 PM: Removed Startup entry: WinampAgent
2:18 PM: Processing Startup Alerts
2:18 PM: Removed Startup entry: CleanUp!
12:50 PM: Updating spyware definitions
12:50 PM: Your spyware definitions have been updated.
12:51 PM: |··· End of Session, Saturday, August 20, 2005 ···|
********
1:43 PM: |··· Start of Session, Friday, August 19, 2005 ···|
1:43 PM: Spy Sweeper started
1:44 PM: There is a problem reaching the server. The cause may be in your connection, or on the server. Please try again later.
1:44 PM: Updating spyware definitions
1:44 PM: There is a problem reaching the server. The cause may be in your connection, or on the server. Please try again later.
1:45 PM: Updating spyware definitions
1:45 PM: There is a problem reaching the server. The cause may be in your connection, or on the server. Please try again later.
1:45 PM: Updating spyware definitions
1:45 PM: There is a problem reaching the server. The cause may be in your connection, or on the server. Please try again later.
1:45 PM: Updating spyware definitions
1:45 PM: There is a problem reaching the server. The cause may be in your connection, or on the server. Please try again later.
1:45 PM: Updating spyware definitions
1:45 PM: There is a problem reaching the server. The cause may be in your connection, or on the server. Please try again later.
1:46 PM: |··· End of Session, Friday, August 19, 2005 ···|

===============================================

3. Hijack this log new 5mns ago

Logfile of HijackThis v1.99.1
Scan saved at 1:21:43 PM, on 8/20/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
D:\Program files\Agent\PQV2iSvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Dantz\Retrospect\retrorun.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\System32\VetMsgNT.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
D:\PROGRA~1\ETRUST~1\VetTray.exe
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\CursorXP\CursorXP.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
D:\Program files\bin\iPodService.exe
D:\Program files\Anapod Explorer\anamgr.exe
C:\WINDOWS\Integrator.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Documents and Settings\Federico Vega\Desktop\Hijack this\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = www.msn.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [VetTray] d:\PROGRA~1\ETRUST~1\VetTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Executive Software\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe
O4 - Startup: Anapod Manager.lnk = D:\Program files\Anapod Explorer\anamgr.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Startup: AntiCrash.lnk = D:\Program files\AntiCrash.exe
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: EZ Firewall.lnk = D:\Program files\eTrust EZ Firewall\ca.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .cif: C:\PROGRA~1\Internet Explorer\Plugins\npCVista.dll
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {02BED220-FBC7-4392-93A2-3A50B056F78E} - http://down.plaxo.com/down/release/instub.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - http://www.pcpitstop.com/internet/pcpConnCheck.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/tech...a/LSSupCtl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1097612563828
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {6BB594E2-6E4D-4CC9-98B0-931C323F9165} (DepHlp Control) - http://mirror.worldwinner.com/games/shared/dephlp.cab
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.ofoto.com/downloads/BUM/B...1/axofupld.cab
O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} (IBM Access Support) - https://www.pc.ibm.com/egather/IbmEgath.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {AD08A333-609E-11D3-950C-008098601567} - http://wordreference.com/Install/ItalianToEnglish.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/tech...a/SymAData.cab
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - D:\Program files\bin\iPodService.exe
O23 - Service: Norton Ghost - Symantec Corporation - D:\Program files\Agent\PQV2iSvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Retrospect Launcher (RetroLauncher) - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect\retrorun.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\WINDOWS\System32\VetMsgNT.exe
fdeaubonne is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 08-20-2005, 10:49 AM   #7 (permalink)
Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy
 
sUBs's Avatar
 
Join Date: May 2005
Posts: 23,238
OS: N/A


Please download KillBox v2.0.0.175.zip



Have HijackThis fix this entry:

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =



Launch KillBox.exe & select the following options:
  • delete on Reboot
  • end Explorer shell while killing file
  • unregister dlll before deleting * if it's not grayed out
Select all the filenames below & then click on Notepad's 'Edit' menu & select Copy
  • C:\DOCUMENTS AND SETTINGS\FEDERICO VEGA\FAVORITES\SHOPPING\Ebay.url
    C:\WINDOWS\DOWNLOADED PROGRAM FILES\f3initialsetup1.0.0.8-2.inf
    C:\WINDOWS\INF\banner.inf
    C:\WINDOWS\INF\farmmext.inf
    C:\WINDOWS\games.exe
    C:\WINDOWS\GatorHDPlugin.log
    C:\PROGRAM FILES\FlashTalk
    C:\WINDOWS\system32\zivixiq.dll
    C:\WINDOWS\system32\msiaih.dll
    C:\WINDOWS\system32\msfdje.gif
    C:\WINDOWS\games.exe
    C:\WINDOWS\Downloaded Program Files\pinstall.dll
    C:\WINDOWS\Downloaded Program Files\f3initialsetup1.0.0.8-2.inf
    C:\WINDOWS\tlk0262[1].exe
    C:\WINDOWS\Windows Update Setup Files\utilcat.dll
    C:\WINDOWS\blocklist.reg
    C:\Documents and Settings\Federico Vega\Desktop\Hijack this\VundoFix\backups\backup-20050819-191706-208.dll
    C:\Documents and Settings\Federico Vega\Desktop\mailpv_setup.exe
    C:\Program Files\MSN Messenger\riched20.dll
    C:\Program Files\Mail PassView\mailpv.exe
* Go to the File menu, and choose Paste from Clipboard
* Click the RED X button.
* Click Yes at the Delete on Reboot prompt.
* Click Yes at the 'Pending Operations prompt'.

Quote:
If you received a message such as: "PendingFileRenameOperations registry data has been removed by external process", you have to restart Windows manually .
If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run TheKillbox, download and run missingfilesetup.exe. Then try Killbox again.

Upon reboot, run Cleanup! using the following configuration:

1. Click Options...
2. Set the slider to Standard CleanUp!
3. Uncheck the following:
  • Delete Newsgroup cache
  • Delete Newsgroup Subscriptions
  • Scan local drives for temporary files
4. Click OK
5. Press the CleanUp! button to start the program. Reboot/logoff when prompted.


Post a fresh HJT log after this.
__________________
sUBs is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 08-20-2005, 12:08 PM   #8 (permalink)
Registered User
 
Join Date: Feb 2005
Posts: 24
OS: win xp home 2002 version Service pack 2


Here you go:


Logfile of HijackThis v1.99.1
Scan saved at 3:04:55 PM, on 8/20/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
D:\Program files\Agent\PQV2iSvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Dantz\Retrospect\retrorun.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\System32\VetMsgNT.exe
C:\WINDOWS\Explorer.EXE
D:\PROGRA~1\ETRUST~1\VetTray.exe
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\CursorXP\CursorXP.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
D:\Program files\eTrust EZ Firewall\ca.exe
D:\Program files\Anapod Explorer\anamgr.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
D:\Program files\bin\iPodService.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Integrator.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Federico Vega\Desktop\Hijack this\HJT\HijackThis.exe
C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE
C:\Program Files\Internet Explorer\iexplore.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [VetTray] d:\PROGRA~1\ETRUST~1\VetTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Executive Software\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe
O4 - Startup: Anapod Manager.lnk = D:\Program files\Anapod Explorer\anamgr.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Startup: AntiCrash.lnk = D:\Program files\AntiCrash.exe
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: EZ Firewall.lnk = D:\Program files\eTrust EZ Firewall\ca.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .cif: C:\PROGRA~1\Internet Explorer\Plugins\npCVista.dll
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {02BED220-FBC7-4392-93A2-3A50B056F78E} - http://down.plaxo.com/down/release/instub.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - http://www.pcpitstop.com/internet/pcpConnCheck.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/tech...a/LSSupCtl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1097612563828
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {6BB594E2-6E4D-4CC9-98B0-931C323F9165} (DepHlp Control) - http://mirror.worldwinner.com/games/shared/dephlp.cab
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.ofoto.com/downloads/BUM/B...1/axofupld.cab
O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} (IBM Access Support) - https://www.pc.ibm.com/egather/IbmEgath.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {AD08A333-609E-11D3-950C-008098601567} - http://wordreference.com/Install/ItalianToEnglish.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/tech...a/SymAData.cab
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - D:\Program files\bin\iPodService.exe
O23 - Service: Norton Ghost - Symantec Corporation - D:\Program files\Agent\PQV2iSvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Retrospect Launcher (RetroLauncher) - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect\retrorun.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\WINDOWS\System32\VetMsgNT.exe
fdeaubonne is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 08-20-2005, 12:24 PM   #9 (permalink)
Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy
 
sUBs's Avatar
 
Join Date: May 2005
Posts: 23,238
OS: N/A


.. jump for joy like this little fella here -> Your system is clean

Now that your system is clean, please follow these simple steps in order to keep your computer clean and secure:
  1. Clear & reset System Restore's cache
    • click Start >> Run - type SYSDM.CPL & press Enter
    • Select the System Restore Tab
    • Tick on the checkbox - Turn off System Restore on all drives
    • Click Apply
    • Then untick the same checkbox & click OK

  2. Disable the viewing of Hidden files
    From Windows Explorer, go to Tools>Folder Options> View tab.
    • Enable - Show hidden files and folder
    • Disable - Hide file extensions for known types
    • Disable - Hide protected operating system files
    Click Yes to confirm & then click OK

  3. Make your Internet Explorer more secure - This can be done by following these simple instructions:
    1. From within Internet Explorer click on the Tools menu and then click on Options.
    2. Click once on the Security tab
    3. Click once on the Internet icon so it becomes highlighted.
    4. Click once on the Custom Level button.
      1. Change the Download signed ActiveX controls to Prompt
      2. Change the Download unsigned ActiveX controls to Disable
      3. Change the Initialize and script ActiveX controls not marked as safe to Disable
      4. Change the Installation of desktop items to Prompt
      5. Change the Launching programs and files in an IFRAME to Prompt
      6. Change the Navigate sub-frames across different domains to Prompt
      7. When all these settings have been made, click on the OK button.
      8. If it prompts you as to whether or not you want to save the settings, press the Yes button.
    5. Next press the Apply button and then the OK to exit the Internet Properties page.

  4. Use an AntiVirus Software - It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future.

    See this link for a listing of some online & their stand-alone antivirus programs:
    Virus, Spyware, and Malware Protection and Removal Resources

  5. Update your AntiVirus Software - It is imperative that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.

  6. Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is succeptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.

    For a tutorial on Firewalls and a listing of some available ones see the link below:
    Understanding and Using Firewalls

  7. Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

  8. Install Spybot - Search and Destroy - Install and download Spybot - Search and Destroy with its TeaTimer option. This will provide realtime spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with program on a regular basis just as you would an antivirus software.

    A tutorial on installing & using this product can be found here:
    Using Spybot - Search & Destroy to remove Spyware , Malware, and Hijackers

  9. Install Ad-Aware - Install and download Ad-Aware. ou should also scan your computer with program on a regular basis just as you would an antivirus software in conjunction with Spybot.

    A tutorial on installing & using this product can be found here:
    Using Ad-aware to remove Spyware, Malware, & Hijackers from Your Computer

  10. Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

    A tutorial on installing & using this product can be found here:
    Using SpywareBlaster to protect your computer from Spyware and Malware

  11. Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Follow this list and your potential for being infected again will reduce dramatically.

Here are some additional utilities that will further enhance your safety
  • IE/Spyad - IE/Spyad places over 4000 websites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites.

  • MVPS Hosts file - The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your coputer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer

  • Trillian or Miranda-IM - These are Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN)

  • Weather Watcher - Free taskbar weather program that is free, malware free, and resource light.

  • Firefox - Use this alternate browser. Whilst Internet Explorer is not a bad browser, almost every exploit crafted is targeted to take advantage of an IE weakness.

  • Sun's Java - It's much more secure than Microsoft's Java Virtual Machine.

  • Google Toolbar - Get the free google toolbar to help stop pop up windows.

  • CleanUP! - Cleans temporary files from IE and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out those nasties that like to reside in the temp folders.

  • Winpatrol - Download and install the free version of Winpatrol.
    A tutorial for this product is located here:
    Using Winpatrol to protect your computer from malicious software
To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Tony Klein

After doing all these, your system will be optimised against future threats.

It's okay to delete the Hijack This folder in a couple weeks if everything is working okay.
Have a safe & happy computing day.

Please respond to this thread one more time so we can mark this thread as resolved.
__________________
sUBs is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 08-20-2005, 12:53 PM   #10 (permalink)
Registered User
 
Join Date: Feb 2005
Posts: 24
OS: win xp home 2002 version Service pack 2


Thank you boss you are the best, looks like i am running faster already and thanks for the additional tips!! I am jumping of JOY indeed!!!
fdeaubonne is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
 

« Previous Thread | Next Thread »

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off



All times are GMT -7. The time now is 11:25 PM.

Contact Us - Tech Support Forum - Archive - Privacy Statement - Top


Copyright 2001 - 2009, Tech Support Forum
Home Tips Plus | Outdoor Basecamp | Automotive Support Forum

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84