Tech Support banner

Status
Not open for further replies.
1 - 6 of 6 Posts

·
Registered
Joined
·
26 Posts
Discussion Starter #1
Hi I need help getting rid of spyware that was downloaded onto my computer. I keep getting pop-ups. I tried to system restore, but it wont let me. Please Help, I dont know what to do!
 

·
Registered
Joined
·
26 Posts
Discussion Starter #2
HJT Log File

here is my HJT Log File:

Logfile of HijackThis v1.99.1
Scan saved at 3:10:55 PM, on 11/6/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\GEARSEC.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\nvctrl.exe
C:\WINDOWS\system32\mssearchnet.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\DIGStream\digstream.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\AIM\aim.exe
C:\WINDOWS\NCLAUNCH.EXe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\XPUser\Desktop\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.marvelcollection.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://proxy.lib.berkeley.edu:7777/proxy.pac
R3 - URLSearchHook: MARVEL01 Toolbar - {34F459B8-1D37-4FF2-9EFA-192D8E3ABA6F} - C:\Program Files\MARVEL01 Toolbar\MARVEL01.dll (file missing)
O1 - Hosts: 220.65.108.3 ecom.dfckc.com
O1 - Hosts: 220.65.108.4 www.site-secure.com
O1 - Hosts: 220.65.108.5 www.cue-commerce.net
O1 - Hosts: 220.65.108.6 secure.amcore.com
O1 - Hosts: 220.65.108.7 ultrabranch.alaskausa.org
O1 - Hosts: 220.65.108.8 alaskausamortgage.account-services.com
O1 - Hosts: 220.65.108.9 www.ezcardinfo.com
O1 - Hosts: 220.65.108.10 trustreporter.alaskausatrust.com
O1 - Hosts: 220.65.108.11 etimebanker.bankofthewest.com
O1 - Hosts: 220.65.108.12 www.capcitybank.com
O1 - Hosts: 220.65.108.13 www.thecsbonline.com
O1 - Hosts: 220.65.108.14 www2.site-secure.com
O1 - Hosts: 220.65.108.15 www.netteller.com
O1 - Hosts: 220.65.108.16 www.gotomycard.com
O1 - Hosts: 220.65.108.17 onlinebanking.lasallebank.com
O1 - Hosts: 220.65.108.18 connect.skyfi.com
O1 - Hosts: 220.65.108.19 southtrustonlinebanking.com
O1 - Hosts: 220.65.108.20 www4.usbank.com
O1 - Hosts: 220.65.108.21 pcbanking.umb.com
O1 - Hosts: 220.65.108.22 online.wellsfargo.com
O1 - Hosts: 220.65.108.23 upib.unionplanters.com
O1 - Hosts: 220.65.108.24 www.paypal.com
O1 - Hosts: 220.65.108.24 paypal.com
O1 - Hosts: 220.65.108.25 signin.ebay.com
O1 - Hosts: 220.65.108.26 accountlink.placersierrabank.com
O1 - Hosts: 220.65.108.26 americaneagle.vaultsentry.com
O1 - Hosts: 220.65.108.26 banking.firsttennessee.com
O1 - Hosts: 220.65.108.26 banking.vectrabank.com
O1 - Hosts: 220.65.108.26 benefits.mbandt.com
O1 - Hosts: 220.65.108.26 businessconnex.fnbsf.com
O1 - Hosts: 220.65.108.26 cib.ibanking-services.com
O1 - Hosts: 220.65.108.26 cuolraycu.com
O1 - Hosts: 220.65.108.26 cuonline.sfcuonline.org
O1 - Hosts: 220.65.108.26 dpcuhb.org
O1 - Hosts: 220.65.108.26 ebank.factorypoint.com
O1 - Hosts: 220.65.108.26 ebanking.firstbankmi.com
O1 - Hosts: 220.65.108.26 edcomcu.vaultsentry.com
O1 - Hosts: 220.65.108.26 eds.usersonlnet.com
O1 - Hosts: 220.65.108.26 enterprise.openbank.com
O1 - Hosts: 220.65.108.26 enterprise2.openbank.com
O1 - Hosts: 220.65.108.26 estatus.loanware.com
O1 - Hosts: 220.65.108.26 eteller.greatnwfcu.com
O1 - Hosts: 220.65.108.26 fcs1.fkfcu.org
O1 - Hosts: 220.65.108.26 fhbonline.fhb.com
O1 - Hosts: 220.65.108.26 gil.usersonlnet.com
O1 - Hosts: 220.65.108.26 global1.onlinebank.com
O1 - Hosts: 220.65.108.26 gnl.usersonlnet.com
O1 - Hosts: 220.65.108.26 hb.mctfcu.org
O1 - Hosts: 220.65.108.26 hb.numericacu.com
O1 - Hosts: 220.65.108.26 hew.usersonlnet.com
O1 - Hosts: 220.65.108.26 homebank.kcpecu.org
O1 - Hosts: 220.65.108.26 homebank.oucu.org
O1 - Hosts: 220.65.108.26 homebank.pacificcascade.org
O1 - Hosts: 220.65.108.26 homebanking.dotfcu.org
O1 - Hosts: 220.65.108.26 homebanking.guardiancu.org
O1 - Hosts: 220.65.108.26 homebanking.jdccu.org
O1 - Hosts: 220.65.108.26 homebanking.national1st.org
O1 - Hosts: 220.65.108.26 homebanking.nordcu.org
O1 - Hosts: 220.65.108.26 homebanking.soopercu.org
O1 - Hosts: 220.65.108.26 ibank.pcs-sd.net
O1 - Hosts: 220.65.108.26 ibank.the1st.com
O1 - Hosts: 220.65.108.26 ibs.secure-banking.com
O1 - Hosts: 220.65.108.26 internetbanking.hvfcu.org
O1 - Hosts: 220.65.108.26 k2.secure-banking.com
O1 - Hosts: 220.65.108.26 login.prudential.com
O1 - Hosts: 220.65.108.26 mec.usersonlnet.com
O1 - Hosts: 220.65.108.26 mefcudirect.marriott.com
O1 - Hosts: 220.65.108.26 meriwestonline.meriwest.com
O1 - Hosts: 220.65.108.26 mmm1928.dulles19-verio.com
O1 - Hosts: 220.65.108.26 myonlineservices.centralbank.net
O1 - Hosts: 220.65.108.26 myvista.vistafcu.org
O1 - Hosts: 220.65.108.26 netbank.ffsb.com
O1 - Hosts: 220.65.108.26 nvbconnect.com
O1 - Hosts: 220.65.108.26 online.concordiabank.com
O1 - Hosts: 220.65.108.26 onlinebanking.bankofoklahoma.com
O1 - Hosts: 220.65.108.26 onlinebanking.entfederal.com
O1 - Hosts: 220.65.108.26 onlinebanking.huntington.com
O1 - Hosts: 220.65.108.26 pcb.peoples.com
O1 - Hosts: 220.65.108.26 pcbanc.cccpnc.com
O1 - Hosts: 220.65.108.26 pcu.kirtlandfcu.org
O1 - Hosts: 220.65.108.26 pcu.ttcu.org
O1 - Hosts: 220.65.108.26 pcuonline.philipscu.org
O1 - Hosts: 220.65.108.26 reorder.libertysite.com
O1 - Hosts: 220.65.108.26 rolb.associatedbank.com
O1 - Hosts: 220.65.108.26 s105.lanxtra.com
O1 - Hosts: 220.65.108.26 s124.lanxtra.com
O1 - Hosts: 220.65.108.26 s166.lanxtra.com
O1 - Hosts: 220.65.108.26 s56.lanxtra.com
O1 - Hosts: 220.65.108.26 secure.chemicalbankmi.com
O1 - Hosts: 220.65.108.26 secure.firstbankrichmond.com
O1 - Hosts: 220.65.108.26 secure.fnblgmt.com
O1 - Hosts: 220.65.108.26 secure.fundsxpress.com
O1 - Hosts: 220.65.108.26 secure.midamericabank.com
O1 - Hosts: 220.65.108.26 secure.tctrustco.com
O1 - Hosts: 220.65.108.26 secure.vystarcu.org
O1 - Hosts: 220.65.108.26 secure1.cyberbranch.com
O1 - Hosts: 220.65.108.26 secure7.regency.openbank.com
O1 - Hosts: 220.65.108.26 secure-tambank.com
O1 - Hosts: 220.65.108.26 server112.cey-ebanking.com
O1 - Hosts: 220.65.108.26 server20.cey-ebanking.com
O1 - Hosts: 220.65.108.26 statements-online.com
O2 - BHO: HomepageBHO - {e9ccf15d-4c68-4b5a-9e9a-8e12e4bd39bd} - C:\WINDOWS\System32\hp7D2C.tmp
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: MARVEL01 Toolbar - {34F459B8-1D37-4FF2-9EFA-192D8E3ABA6F} - C:\Program Files\MARVEL01 Toolbar\MARVEL01.dll (file missing)
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [WildTangent CDA] "C:\Program Files\WildTangent\Apps\CDA\GameDrvr.exe" /startup "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0500.dll"
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [NCLaunch] C:\WINDOWS\NCLAUNCH.EXe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar3.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar3.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar3.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar3.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar3.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar3.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: MARVEL01 Toolbar - {34F459B8-1D37-4FF2-9EFA-192D8E3ABA6F} - C:\Program Files\MARVEL01 Toolbar\MARVEL01.dll (file missing)
O9 - Extra 'Tools' menuitem: MARVEL01 Toolbar - {34F459B8-1D37-4FF2-9EFA-192D8E3ABA6F} - C:\Program Files\MARVEL01 Toolbar\MARVEL01.dll (file missing)
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1408.g.akamai.net/7/1408/99...W/win/061-0848.20031022.TtzS4/iTunesSetup.exe
O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} - http://toolbar.google.com/data/en/big/1.1.62-big/GoogleNav.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1127898854696
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {7A32634B-029C-4836-A023-528983982A49} - http://fdl.msn.com/public/chat/msnchat42.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSEC.EXE
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
 

·
Registered
Joined
·
91 Posts
Download spybot search and destroy and Ad-Aware SE, update and run both, doesn't matter which one first. They should take care of most problems
 

·
Registered
Joined
·
26 Posts
Discussion Starter #5
i tried using an updated version of both spybot and ad-aware, but neither of them worked. also, i have this blinking icon on the bottom right hand side of my screen (where the clock and other icons are) Saying: "Security Alert: system encountered spyware that collects your personal information without your consent. This information includes passwords, credit card details and other private data. Click the icon to learn more ways to protect your file." I clicked it a couple of times (being the idiot that I am), but I realize now that it's some sort of spyware. Thanks a lot for your help. I aprreciate it.
 

·
TSF Security Team, Emeritus
Joined
·
6,962 Posts
Hi and Welcome to TSF

WARNING!!

DO NOT use this PC for any internet banking as it's been hijacked and they will steal your credit card numbers and any passwords you use to access sites.

Before attacking an adware/spyware problem with hijackthis make sure you have already run the following tools. Download and update the databases on each program before running.

Also make sure you are using the the latest version (1.99.1) of HijackThis and it's installed in it's own folder on the root drive. (C:\HJT)

Please go to at least two of these sites and run an online Virus Scan.
Be sure to have the AutoFix box(s) checked.

http://housecall.trendmicro.com/
http://www3.ca.com/virusinfo/virusscan.aspx
http://www.pandasoftware.com/activescan/com/activescan_principal.htm
http://www.bitdefender.com/scan/license.php
http://us.mcafee.com/root/mfs/default.asp
http://security.symantec.com/sscv6/default.asp?productid=symhome&langid=ie&venid=sym
http://www3.ca.com/virusinfo/virusscan.aspx

Download and install CleanUp! but do not run it yet.

*WARNING* Cleanup deletes EVERYTHING out of temp/temporary folders and does not make backups.

Download, install, and update Ewido Security Suite
  • Install ewido security suite
  • Launch ewido, there should be a big E icon on your desktop, double-click it.
  • The program will prompt you to update click the OK button
  • The program will now go to the main screen
You will need to update ewido to the latest definition files.
  • On the left hand side of the main screen click update
  • Click on Start
The update will start and a progress bar will show the updates being installed.
After the updates are installed, exit Ewido

Download Hoster http://www.greyknight17.com/spy/Hoster.exe

Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu). Set the program up as follows:
*Click "Options..."
*Move the arrow down to "Custom CleanUp!"
*Put a check next to the following:
  • Empty Recycle Bins
  • Delete Cookies
  • Delete Prefetch files
    [X]Scan local drives for temporary files (Please uncheck this option)
  • Cleanup! All Users
Click OK
Press the CleanUp! button to start the program. Reboot/logoff when prompted.

Go to My Computer->Tools->Folder Options->View tab and make sure that Show hidden files and folders is enabled. Also make sure that the System Files and Folders are showing/visible.
Please make sure system restore is enabled by right clicking on My Computer and go to Properties->System Restore and check the box for Turn OFF System Restore and make sure it’s NOT checked. We want system restore ON and monitoring your current hard drive. Once your clean we will turn this off and then back on to remove the infection from the restore folder and create a clean restore point.

Reboot into Safe Mode (hit F8 key until menu shows up). Make sure to close any open browsers. Open add/remove programs and remove the following IF listed.

MARVELToolbar
WildTangent
Viewpoint


Go into HijackThis->Config->Misc. Tools->Open process manager. Select the following and click Kill process for each one IF they are still listed (they shouldn't be but make sure)

C:\WINDOWS\System32\nvctrl.exe
C:\WINDOWS\system32\mssearchnet.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe


Check and fix the following in HijackThis if they still exist (make sure you do not miss an entry)

R3 - URLSearchHook: MARVEL01 Toolbar - {34F459B8-1D37-4FF2-9EFA-192D8E3ABA6F} - C:\Program Files\MARVEL01 Toolbar\MARVEL01.dll (file missing)
O1 - Hosts: 220.65.108.3 ecom.dfckc.com
O1 - Hosts: 220.65.108.4 www.site-secure.com
O1 - Hosts: 220.65.108.5 www.cue-commerce.net
O1 - Hosts: 220.65.108.6 secure.amcore.com
O1 - Hosts: 220.65.108.7 ultrabranch.alaskausa.org
O1 - Hosts: 220.65.108.8 alaskausamortgage.account-services.com
O1 - Hosts: 220.65.108.9 www.ezcardinfo.com
O1 - Hosts: 220.65.108.10 trustreporter.alaskausatrust.com
O1 - Hosts: 220.65.108.11 etimebanker.bankofthewest.com
O1 - Hosts: 220.65.108.12 www.capcitybank.com
O1 - Hosts: 220.65.108.13 www.thecsbonline.com
O1 - Hosts: 220.65.108.14 www2.site-secure.com
O1 - Hosts: 220.65.108.15 www.netteller.com
O1 - Hosts: 220.65.108.16 www.gotomycard.com
O1 - Hosts: 220.65.108.17 onlinebanking.lasallebank.com
O1 - Hosts: 220.65.108.18 connect.skyfi.com
O1 - Hosts: 220.65.108.19 southtrustonlinebanking.com
O1 - Hosts: 220.65.108.20 www4.usbank.com
O1 - Hosts: 220.65.108.21 pcbanking.umb.com
O1 - Hosts: 220.65.108.22 online.wellsfargo.com
O1 - Hosts: 220.65.108.23 upib.unionplanters.com
O1 - Hosts: 220.65.108.24 www.paypal.com
O1 - Hosts: 220.65.108.24 paypal.com
O1 - Hosts: 220.65.108.25 signin.ebay.com
O1 - Hosts: 220.65.108.26 accountlink.placersierrabank.com
O1 - Hosts: 220.65.108.26 americaneagle.vaultsentry.com
O1 - Hosts: 220.65.108.26 banking.firsttennessee.com
O1 - Hosts: 220.65.108.26 banking.vectrabank.com
O1 - Hosts: 220.65.108.26 benefits.mbandt.com
O1 - Hosts: 220.65.108.26 businessconnex.fnbsf.com
O1 - Hosts: 220.65.108.26 cib.ibanking-services.com
O1 - Hosts: 220.65.108.26 cuolraycu.com
O1 - Hosts: 220.65.108.26 cuonline.sfcuonline.org
O1 - Hosts: 220.65.108.26 dpcuhb.org
O1 - Hosts: 220.65.108.26 ebank.factorypoint.com
O1 - Hosts: 220.65.108.26 ebanking.firstbankmi.com
O1 - Hosts: 220.65.108.26 edcomcu.vaultsentry.com
O1 - Hosts: 220.65.108.26 eds.usersonlnet.com
O1 - Hosts: 220.65.108.26 enterprise.openbank.com
O1 - Hosts: 220.65.108.26 enterprise2.openbank.com
O1 - Hosts: 220.65.108.26 estatus.loanware.com
O1 - Hosts: 220.65.108.26 eteller.greatnwfcu.com
O1 - Hosts: 220.65.108.26 fcs1.fkfcu.org
O1 - Hosts: 220.65.108.26 fhbonline.fhb.com
O1 - Hosts: 220.65.108.26 gil.usersonlnet.com
O1 - Hosts: 220.65.108.26 global1.onlinebank.com
O1 - Hosts: 220.65.108.26 gnl.usersonlnet.com
O1 - Hosts: 220.65.108.26 hb.mctfcu.org
O1 - Hosts: 220.65.108.26 hb.numericacu.com
O1 - Hosts: 220.65.108.26 hew.usersonlnet.com
O1 - Hosts: 220.65.108.26 homebank.kcpecu.org
O1 - Hosts: 220.65.108.26 homebank.oucu.org
O1 - Hosts: 220.65.108.26 homebank.pacificcascade.org
O1 - Hosts: 220.65.108.26 homebanking.dotfcu.org
O1 - Hosts: 220.65.108.26 homebanking.guardiancu.org
O1 - Hosts: 220.65.108.26 homebanking.jdccu.org
O1 - Hosts: 220.65.108.26 homebanking.national1st.org
O1 - Hosts: 220.65.108.26 homebanking.nordcu.org
O1 - Hosts: 220.65.108.26 homebanking.soopercu.org
O1 - Hosts: 220.65.108.26 ibank.pcs-sd.net
O1 - Hosts: 220.65.108.26 ibank.the1st.com
O1 - Hosts: 220.65.108.26 ibs.secure-banking.com
O1 - Hosts: 220.65.108.26 internetbanking.hvfcu.org
O1 - Hosts: 220.65.108.26 k2.secure-banking.com
O1 - Hosts: 220.65.108.26 login.prudential.com
O1 - Hosts: 220.65.108.26 mec.usersonlnet.com
O1 - Hosts: 220.65.108.26 mefcudirect.marriott.com
O1 - Hosts: 220.65.108.26 meriwestonline.meriwest.com
O1 - Hosts: 220.65.108.26 mmm1928.dulles19-verio.com
O1 - Hosts: 220.65.108.26 myonlineservices.centralbank.net
O1 - Hosts: 220.65.108.26 myvista.vistafcu.org
O1 - Hosts: 220.65.108.26 netbank.ffsb.com
O1 - Hosts: 220.65.108.26 nvbconnect.com
O1 - Hosts: 220.65.108.26 online.concordiabank.com
O1 - Hosts: 220.65.108.26 onlinebanking.bankofoklahoma.com
O1 - Hosts: 220.65.108.26 onlinebanking.entfederal.com
O1 - Hosts: 220.65.108.26 onlinebanking.huntington.com
O1 - Hosts: 220.65.108.26 pcb.peoples.com
O1 - Hosts: 220.65.108.26 pcbanc.cccpnc.com
O1 - Hosts: 220.65.108.26 pcu.kirtlandfcu.org
O1 - Hosts: 220.65.108.26 pcu.ttcu.org
O1 - Hosts: 220.65.108.26 pcuonline.philipscu.org
O1 - Hosts: 220.65.108.26 reorder.libertysite.com
O1 - Hosts: 220.65.108.26 rolb.associatedbank.com
O1 - Hosts: 220.65.108.26 s105.lanxtra.com
O1 - Hosts: 220.65.108.26 s124.lanxtra.com
O1 - Hosts: 220.65.108.26 s166.lanxtra.com
O1 - Hosts: 220.65.108.26 s56.lanxtra.com
O1 - Hosts: 220.65.108.26 secure.chemicalbankmi.com
O1 - Hosts: 220.65.108.26 secure.firstbankrichmond.com
O1 - Hosts: 220.65.108.26 secure.fnblgmt.com
O1 - Hosts: 220.65.108.26 secure.fundsxpress.com
O1 - Hosts: 220.65.108.26 secure.midamericabank.com
O1 - Hosts: 220.65.108.26 secure.tctrustco.com
O1 - Hosts: 220.65.108.26 secure.vystarcu.org
O1 - Hosts: 220.65.108.26 secure1.cyberbranch.com
O1 - Hosts: 220.65.108.26 secure7.regency.openbank.com
O1 - Hosts: 220.65.108.26 secure-tambank.com
O1 - Hosts: 220.65.108.26 server112.cey-ebanking.com
O1 - Hosts: 220.65.108.26 server20.cey-ebanking.com
O1 - Hosts: 220.65.108.26 statements-online.com
O2 - BHO: HomepageBHO - {e9ccf15d-4c68-4b5a-9e9a-8e12e4bd39bd} - C:\WINDOWS\System32\hp7D2C.tmp
O3 - Toolbar: MARVEL01 Toolbar - {34F459B8-1D37-4FF2-9EFA-192D8E3ABA6F} - C:\Program Files\MARVEL01 Toolbar\MARVEL01.dll (file missing)
O4 - HKLM\..\Run: [WildTangent CDA] "C:\Program Files\WildTangent\Apps\CDA\GameDrvr.exe" /startup "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0500.dll"
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe


Delete the following Files/Folders in RED (delete folders if no filename is specified or if they are highlighted in RED) according to their directory (If you can't find them...do a search for them…make sure you have search hidden files, folders, sub directory’s ect enabled if it apply’s to your OS)

C:\Program Files\WildTangent\Apps\CDA\GameDrvr.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\System32\hp7D2C.tmp
C:\WINDOWS\System32\nvctrl.exe
C:\WINDOWS\system32\mssearchnet.exe
C:\Program Files\MARVEL01 Toolbar\MARVEL01.dll


Run the Hoster program and select "Restore Orginal Hosts File"

Run Ewido:
  • Click [Scanner]
  • Click [Complete System Scan] to begin scanning.
  • Click [OK] when prompted to clean files
  • With the first file it prompts to clean, select the option - "Perform action on all infections" - & choose clean and click [OK].
  • Once finished, click the [Save report] button
  • Save the report to your desktop
Close Ewido

Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu). Set the program up as follows:
*Click "Options..."
*Move the arrow down to "Custom CleanUp!"
*Put a check next to the following:
  • Empty Recycle Bins
  • Delete Cookies
  • Delete Prefetch files
    [X]Scan local drives for temporary files (Please uncheck this option)
  • Cleanup! All Users
Click OK
Press the CleanUp! button to start the program. Reboot/logoff when prompted.

Once back to normal mode



Perform an online scan with Internet Explorer with Panda ActiveScan
** click on "Free use ActiveScan" located on the top right hand corner
  1. Click Scan your PC & a 'pop up' window shall appear. *ensure that your pop up blocker doesn't block it
  2. Click Scan Now
  3. Enter your e-mail address & click Scan Now ...begins downloading 8 MB Panda's ActiveX controls
Begin the scan by selecting My Computer
  • If it finds any malware, it will offer you a report.
    [*] Click on see report. Then click Save report
Please post that log in your next reply along with the Ewido log and a new hijackthis log.
 
1 - 6 of 6 Posts
Status
Not open for further replies.
Top