HJT check up

maorifulla · 02-20-2006, 09:30 PM

just a HJT check up to see if everythings alright.

Logfile of HijackThis v1.99.1
Scan saved at 6:28:32 p.m., on 21/02/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trend Micro\Internet Security\pccguide.exe
C:\Program Files\Trend Micro\Internet Security\TMOAgent.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\ASUSTek\ASUSDVD\PDVDServ.exe
C:\Program Files\Common Files\Ulead Systems\DVD\USISrv.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\Internet Security\Tmntsrv.exe
C:\Program Files\Trend Micro\Internet Security\tmproxy.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Trend Micro\Internet Security\PccPfw.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\FREEDO~1\fdm.exe
C:\Program Files\HJT\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security\pccguide.exe"
O4 - HKLM\..\Run: [TM Outbreak Agent] "C:\Program Files\Trend Micro\Internet Security\TMOAgent.exe" /run
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\ASUSTek\ASUSDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [USIUDF_Eject_Monitor] C:\Program Files\Common Files\Ulead Systems\DVD\USISrv.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O8 - Extra context menu item: Download all by Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download by Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Download selected by Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download web site by Free Download Manager - file://C:\Program Files\Free Download Manager\dlpage.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) -
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} -
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA} -
O16 - DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} -
O16 - DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} -
O17 - HKLM\System\CCS\Services\Tcpip\..\{18AEB246-4E00-44B1-B8CE-45CF9A133FE9}: NameServer = 192.168.1.2
O17 - HKLM\System\CS1\Services\Tcpip\..\{18AEB246-4E00-44B1-B8CE-45CF9A133FE9}: NameServer = 192.168.1.2
O17 - HKLM\System\CS2\Services\Tcpip\..\{18AEB246-4E00-44B1-B8CE-45CF9A133FE9}: NameServer = 192.168.1.2
O17 - HKLM\System\CS3\Services\Tcpip\..\{18AEB246-4E00-44B1-B8CE-45CF9A133FE9}: NameServer = 192.168.1.2
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Trend Micro Personal Firewall (PccPfw) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Internet Security\PccPfw.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Internet Security\Tmntsrv.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Internet Security\tmproxy.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

tetonbob · 02-21-2006, 07:37 AM

Looks pretty good to me...just a few ActiveX controls that look corrupted or partially uninstalled:

Run a scan in HijackThis. Check each of the following if they still exist and hit 'Fix Checked' after you check the last one:

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) -
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} -
O16 - DPF: {CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA} -
O16 - DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} -
O16 - DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} -

Any issues, or just as you say, a checkup?

Have you run an online scan recently? It's good to get an occasional 'second opinion' for your AV/spyware protection.

If you have, and it was clean, we have no worries here. If you have not run one recently, run a new Panda online scan and post the results, if there are any.

maorifulla · 02-21-2006, 08:40 PM

hi, its just a checkup. i deleted the entry
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) -
but the other entries i cant delete. we tried before
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} -
O16 - DPF: {CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA} -
O16 - DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} -
O16 - DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} -
microbell wrote
"After some researching I'm going to leave those entrys be as they are blank...but are legit CLSID's.
They are for....
Kaspersky
Windows Update
Java plug in"
i will run an online scan soon.

maorifulla · 02-22-2006, 09:53 PM

panda report

Incident Status Location

Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Gaz\Cookies\gaz@ad.yieldmanager[2].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Gaz\Cookies\gaz@belnk[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Gaz\Cookies\gaz@dist.belnk[2].txt
Spyware:Cookie/go Not disinfected C:\Documents and Settings\Gaz\Cookies\gaz@go[1].txt
Spyware:Cookie/Seeq Not disinfected C:\Documents and Settings\Gaz\Cookies\gaz@seeq[1].txt
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Gaz\Cookies\gaz@statcounter[1].txt
Spyware:Cookie/WebPower Not disinfected C:\Documents and Settings\Gaz\Cookies\gaz@webpower[2].txt
Spyware:Cookie/Seeq Not disinfected C:\Documents and Settings\Gaz\Cookies\gaz@www48.seeq[1].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Gaz\Application Data\Mozilla\Profiles\default\xfdqweb8.slt\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Gaz\Application Data\Mozilla\Profiles\default\xfdqweb8.slt\cookies.txt[.casalemedia.com/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Gaz\Application Data\Mozilla\Profiles\default\xfdqweb8.slt\cookies.txt[]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Gaz\Cookies\gaz@ad.yieldmanager[2].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Gaz\Cookies\gaz@belnk[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Gaz\Cookies\gaz@dist.belnk[2].txt
Spyware:Cookie/go Not disinfected C:\Documents and Settings\Gaz\Cookies\gaz@go[1].txt
Spyware:Cookie/Seeq Not disinfected C:\Documents and Settings\Gaz\Cookies\gaz@seeq[1].txt
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Gaz\Cookies\gaz@statcounter[1].txt
Spyware:Cookie/WebPower Not disinfected C:\Documents and Settings\Gaz\Cookies\gaz@webpower[2].txt
Spyware:Cookie/Seeq Not disinfected C:\Documents and Settings\Gaz\Cookies\gaz@www48.seeq[1].txt
Hacktool:HackTool/EvID Not disinfected C:\Documents and Settings\Gaz\My Documents\exe's\EvID4226Patch.exe
Virus:W32/Alcan.A.worm Disinfected G:\My Downloads (LimeWire)\Panda Titanium Antivirus.zip[Setup.exe]

tetonbob · 02-23-2006, 06:40 AM

Clear your IE cookies. Start>Settings>Control Panel>Internet Options>General tab>under Temporary files, click on Delete Cookies

Well done. Your logs are clean. Any more issues? If not you should be good to go. We still have a few items to address.

Create a new System Restore point

click Start >> Run - type SYSDM.CPL & press Enter
select the System Restore Tab
tick on the checkbox - "Turn off System Restore on all drives"
click Apply
then untick the same checkbox & click OK

Enable Windows Auto Update

Go to Start>Run - type wuaucpl.cpl
tick on the checkbox - "Keep my computer up to date"
Under settings, choose "Automatically download the updates, and install them on the schedule that I specify".
Click on "OK".

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programs:

SpywareBlaster to help prevent spyware from installing in the first place.
SpywareGuard to catch and block spyware before it can execute.
SPYBOT - SEARCH & DESTROY
Download and install Spybot - Search & Destroy with its TeaTimer option. This will provide realtime spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with the program on a regular basis just as you would an antivirus software. A tutorial on installing & using this product can be found here
AD-AWARE
Download and install Ad-Aware. You should use this program to scan your computer on a regular basis just as you would an antivirus software in conjunction with Spybot. A tutorial on installing & using this product can be found here
IE-SPYAD
IE/Spyad places more than 4000 dubious websites and domains in the IE Restricted list. This severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites.
- Download IE-SpyAD - Extract the contents to a new folder
  From within the folder, double-click install.bat
  Select Option #2 - Install the new IE-SPYAD list.
  Then return to the main menu.
  Select option #4 - Add the old porn sites domain
MVPS HOST FILE
The MVPS Hosts file replaces your current HOSTS file with one that will restrict known ad sites form serving you unsolicited advertisements. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is the IP of your local computer.
- Download Host.zip - From within Host.zip, double click on MVPS.bat & allow it to run.

I'm sure you'll like to avoid any future infections. Please take a look at these well written articles

Please respond to this thread one more time so we can mark this thread as resolved.

02-20-2006, 09:30 PM	#1 (permalink)
maorifulla Registered User Join Date: Nov 2004 Posts: 199 OS: XP pro	HJT check up just a HJT check up to see if everythings alright. Logfile of HijackThis v1.99.1 Scan saved at 6:28:32 p.m., on 21/02/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Trend Micro\Internet Security\pccguide.exe C:\Program Files\Trend Micro\Internet Security\TMOAgent.exe C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe C:\Program Files\ASUSTek\ASUSDVD\PDVDServ.exe C:\Program Files\Common Files\Ulead Systems\DVD\USISrv.exe C:\Program Files\D-Tools\daemon.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Trend Micro\Internet Security\Tmntsrv.exe C:\Program Files\Trend Micro\Internet Security\tmproxy.exe C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe C:\WINDOWS\system32\MsPMSPSv.exe C:\Program Files\Trend Micro\Internet Security\PccPfw.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\PROGRA~1\FREEDO~1\fdm.exe C:\Program Files\HJT\HijackThis.exe O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing) O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security\pccguide.exe" O4 - HKLM\..\Run: [TM Outbreak Agent] "C:\Program Files\Trend Micro\Internet Security\TMOAgent.exe" /run O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\ASUSTek\ASUSDVD\PDVDServ.exe" O4 - HKLM\..\Run: [USIUDF_Eject_Monitor] C:\Program Files\Common Files\Ulead Systems\DVD\USISrv.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033 O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O8 - Extra context menu item: Download all by Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm O8 - Extra context menu item: Download by Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm O8 - Extra context menu item: Download selected by Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm O8 - Extra context menu item: Download web site by Free Download Manager - file://C:\Program Files\Free Download Manager\dlpage.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing) O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O16 - DPF: {CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA} - O16 - DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} - O16 - DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} - O17 - HKLM\System\CCS\Services\Tcpip\..\{18AEB246-4E00-44B1-B8CE-45CF9A133FE9}: NameServer = 192.168.1.2 O17 - HKLM\System\CS1\Services\Tcpip\..\{18AEB246-4E00-44B1-B8CE-45CF9A133FE9}: NameServer = 192.168.1.2 O17 - HKLM\System\CS2\Services\Tcpip\..\{18AEB246-4E00-44B1-B8CE-45CF9A133FE9}: NameServer = 192.168.1.2 O17 - HKLM\System\CS3\Services\Tcpip\..\{18AEB246-4E00-44B1-B8CE-45CF9A133FE9}: NameServer = 192.168.1.2 O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing) O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Trend Micro Personal Firewall (PccPfw) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Internet Security\PccPfw.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Internet Security\Tmntsrv.exe O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Internet Security\tmproxy.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

02-21-2006, 07:37 AM	#2 (permalink)
tetonbob Manager, Security Center, TSF Academy; Analyst, Security Team Join Date: Jan 2005 Location: Transylvania County, North Carolina, USA Posts: 32,560 OS: 2000 Pro; XP Pro; XP Home	Looks pretty good to me...just a few ActiveX controls that look corrupted or partially uninstalled: Run a scan in HijackThis. Check each of the following if they still exist and hit 'Fix Checked' after you check the last one: O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - O16 - DPF: {CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA} - O16 - DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} - O16 - DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} - Any issues, or just as you say, a checkup? Have you run an online scan recently? It's good to get an occasional 'second opinion' for your AV/spyware protection. If you have, and it was clean, we have no worries here. If you have not run one recently, run a new Panda online scan and post the results, if there are any. __________________ Practice Safe Surfing PC Safety and Security--What Do I Need? Because what you don't know, CAN hurt you. Proud Member of ASAP since 2005 Proud Member of UNITE since 2006 Please do not ask for help via Private Message.

02-23-2006, 06:40 AM	#5 (permalink)
tetonbob Manager, Security Center, TSF Academy; Analyst, Security Team Join Date: Jan 2005 Location: Transylvania County, North Carolina, USA Posts: 32,560 OS: 2000 Pro; XP Pro; XP Home	Clear your IE cookies. Start>Settings>Control Panel>Internet Options>General tab>under Temporary files, click on Delete Cookies Well done. Your logs are clean. Any more issues? If not you should be good to go. We still have a few items to address. Create a new System Restore point click Start >> Run - type SYSDM.CPL & press Enter select the System Restore Tab tick on the checkbox - "Turn off System Restore on all drives" click Apply then untick the same checkbox & click OK Enable Windows Auto Update Go to Start>Run - type wuaucpl.cpl tick on the checkbox - "Keep my computer up to date" Under settings, choose "Automatically download the updates, and install them on the schedule that I specify". Click on "OK". Now that you are clean, to help protect your computer in the future I recommend that you get the following free programs: SpywareBlaster to help prevent spyware from installing in the first place. SpywareGuard to catch and block spyware before it can execute. SPYBOT - SEARCH & DESTROY Download and install Spybot - Search & Destroy with its TeaTimer option. This will provide realtime spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with the program on a regular basis just as you would an antivirus software. A tutorial on installing & using this product can be found here AD-AWARE Download and install Ad-Aware. You should use this program to scan your computer on a regular basis just as you would an antivirus software in conjunction with Spybot. A tutorial on installing & using this product can be found here IE-SPYAD IE/Spyad places more than 4000 dubious websites and domains in the IE Restricted list. This severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites. Download IE-SpyAD - Extract the contents to a new folder From within the folder, double-click install.bat Select Option #2 - Install the new IE-SPYAD list. Then return to the main menu. Select option #4 - Add the old porn sites domain MVPS HOST FILE The MVPS Hosts file replaces your current HOSTS file with one that will restrict known ad sites form serving you unsolicited advertisements. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is the IP of your local computer. Download Host.zip - From within Host.zip, double click on MVPS.bat & allow it to run. I'm sure you'll like to avoid any future infections. Please take a look at these well written articles HOW DID I GET INFECTED IN THE FIRST PLACE? THE ANTI-SPYWARE TUTORIAL MAKING INTERNET EXPLORER SAFER Please respond to this thread one more time so we can mark this thread as resolved. __________________ Practice Safe Surfing PC Safety and Security--What Do I Need? Because what you don't know, CAN hurt you. Proud Member of ASAP since 2005 Proud Member of UNITE since 2006 Please do not ask for help via Private Message.

02-21-2006, 08:40 PM	#3 (permalink)
maorifulla Registered User Join Date: Nov 2004 Posts: 199 OS: XP pro	hi, its just a checkup. i deleted the entry O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - but the other entries i cant delete. we tried before O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - O16 - DPF: {CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA} - O16 - DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} - O16 - DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} - microbell wrote "After some researching I'm going to leave those entrys be as they are blank...but are legit CLSID's. They are for.... Kaspersky Windows Update Java plug in" i will run an online scan soon.

02-22-2006, 09:53 PM	#4 (permalink)
maorifulla Registered User Join Date: Nov 2004 Posts: 199 OS: XP pro	panda report Incident Status Location Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Gaz\Cookies\gaz@ad.yieldmanager[2].txt Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Gaz\Cookies\gaz@belnk[1].txt Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Gaz\Cookies\gaz@dist.belnk[2].txt Spyware:Cookie/go Not disinfected C:\Documents and Settings\Gaz\Cookies\gaz@go[1].txt Spyware:Cookie/Seeq Not disinfected C:\Documents and Settings\Gaz\Cookies\gaz@seeq[1].txt Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Gaz\Cookies\gaz@statcounter[1].txt Spyware:Cookie/WebPower Not disinfected C:\Documents and Settings\Gaz\Cookies\gaz@webpower[2].txt Spyware:Cookie/Seeq Not disinfected C:\Documents and Settings\Gaz\Cookies\gaz@www48.seeq[1].txt Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Gaz\Application Data\Mozilla\Profiles\default\xfdqweb8.slt\cookies.txt[.tribalfusion.com/] Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Gaz\Application Data\Mozilla\Profiles\default\xfdqweb8.slt\cookies.txt[.casalemedia.com/] Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Gaz\Application Data\Mozilla\Profiles\default\xfdqweb8.slt\cookies.txt[] Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Gaz\Cookies\gaz@ad.yieldmanager[2].txt Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Gaz\Cookies\gaz@belnk[1].txt Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Gaz\Cookies\gaz@dist.belnk[2].txt Spyware:Cookie/go Not disinfected C:\Documents and Settings\Gaz\Cookies\gaz@go[1].txt Spyware:Cookie/Seeq Not disinfected C:\Documents and Settings\Gaz\Cookies\gaz@seeq[1].txt Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Gaz\Cookies\gaz@statcounter[1].txt Spyware:Cookie/WebPower Not disinfected C:\Documents and Settings\Gaz\Cookies\gaz@webpower[2].txt Spyware:Cookie/Seeq Not disinfected C:\Documents and Settings\Gaz\Cookies\gaz@www48.seeq[1].txt Hacktool:HackTool/EvID Not disinfected C:\Documents and Settings\Gaz\My Documents\exe's\EvID4226Patch.exe Virus:W32/Alcan.A.worm Disinfected G:\My Downloads (LimeWire)\Panda Titanium Antivirus.zip[Setup.exe]