Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Hijack This Log

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Unread postby Perculator » June 11th, 2005, 12:57 pm

Ok, a lot of the infections shown were located in the restore folder, these are easily to remove, I need to kno if you made a clean restorepoint as I described or not.

Then I want you to download the panda antivirus trial from here

Turn off any other antivirusprogram
Then run the panda antivirus, it will now delete everything it finds.

Then restart your computer again

Make a clean restorepoint as I described.

After you restarted again

You run counterspy again.

Post the counterspy log together with a new hijack this log.

And again, don't be affraid we're getting closer and closer to nail the ********:-)
User avatar
Perculator
Regular Member
 
Posts: 470
Joined: March 30th, 2005, 4:55 pm
Location: netherlands
Advertisement
Register to Remove

Unread postby theglobal » June 11th, 2005, 5:28 pm

Ok, here we go...

Panda Scan Log:

Panda Platinum 2005 Internet Security incident report
Filter selected:Virus detected, Suspicious file, Dangerous file, Script execution, Phone connection, Connection attempt, Port scan attack, Denial of service attack, Spoofing, Attacking IP address blocked, Enabled, Disabled, Update, Scan started, Scan complete, Date: All
INCIDENT NOTIFIED BY DATE-TIME RESULT ADDITIONAL INFORMATION
-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Scan complete On-demand antivirus scan 06/11/05 13:46:21 Scan: My Computer
Hacking tool detected: Application/K... On-demand antivirus scan 06/11/05 13:41:24 Disinfected Path: C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP1\A0001003.exe
Hacking tool detected: Application/K... On-demand antivirus scan 06/11/05 13:41:23 Disinfected Path: C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP1\A0001002.exe
Adware detected: Adware/Startpage.CM On-demand antivirus scan 06/11/05 13:40:11 Disinfected Path: C:\Program Files\Sunbelt Software\CounterSpy Client\Quarantine\E2781BAF-56BE-4395-BCBF-FA4023\79371421-512F-4DCA-AB06-22250B
Connection attempt Firewall protection 06/11/05 13:24:28 Blocked Source IP address: 192.168.0.1
Connection attempt Firewall protection 06/11/05 13:24:03 Blocked Source IP address: 192.168.0.1
Connection attempt Firewall protection 06/11/05 13:24:03 Blocked Source IP address: 192.168.0.1
Connection attempt Firewall protection 06/11/05 13:22:56 Blocked Source IP address: 192.168.0.1
Connection attempt Firewall protection 06/11/05 13:22:56 Blocked Source IP address: 192.168.0.1
Connection attempt Firewall protection 06/11/05 13:22:45 Blocked Source IP address: 192.168.0.1
Connection attempt Firewall protection 06/11/05 13:22:33 Blocked Source IP address: 192.168.0.1
Connection attempt Firewall protection 06/11/05 13:22:27 Blocked Source IP address: 192.168.0.1
Connection attempt Firewall protection 06/11/05 13:22:21 Blocked Source IP address: 192.168.0.1
Hacking tool detected: Application/K... On-demand antivirus scan 06/11/05 13:15:02 Disinfected Path: C:\hp\bin\Terminator.exe
Hacking tool detected: Application/K... On-demand antivirus scan 06/11/05 13:14:58 Disinfected Path: C:\hp\bin\KillIt.exe
Spyware detected: Cookie/Yadro On-demand antivirus scan 06/11/05 13:12:37 Disinfected Path: C:\Documents and Settings\LocalService\Cookies\system@yadro[2].txt
Spyware detected: Cookie/BurstBeacon On-demand antivirus scan 06/11/05 13:12:37 Disinfected Path: C:\Documents and Settings\LocalService\Cookies\system@www.burstbeacon[2].txt
Spyware detected: Cookie/Twain-Tech On-demand antivirus scan 06/11/05 13:12:36 Disinfected Path: C:\Documents and Settings\LocalService\Cookies\system@servlet[2].txt
Spyware detected: Cookie/OfferOptimizer On-demand antivirus scan 06/11/05 13:12:36 Disinfected Path: C:\Documents and Settings\LocalService\Cookies\system@offeroptimizer[2].txt
Spyware detected: Cookie/Twain-Tech On-demand antivirus scan 06/11/05 13:12:36 Disinfected Path: C:\Documents and Settings\LocalService\Cookies\system@master.mx-targeting[1].txt
Spyware detected: Cookie/Kount On-demand antivirus scan 06/11/05 13:12:36 Disinfected Path: C:\Documents and Settings\LocalService\Cookies\system@kount[2].txt
Spyware detected: Cookie/Belnk On-demand antivirus scan 06/11/05 13:12:36 Disinfected Path: C:\Documents and Settings\LocalService\Cookies\system@dist.belnk[2].txt
Spyware detected: Cookie/Twain-Tech On-demand antivirus scan 06/11/05 13:12:36 Disinfected Path: C:\Documents and Settings\LocalService\Cookies\system@cliks[1].txt
Spyware detected: Cookie/Cassava On-demand antivirus scan 06/11/05 13:12:36 Disinfected Path: C:\Documents and Settings\LocalService\Cookies\system@cassava[1].txt
Spyware detected: Cookie/Enhance On-demand antivirus scan 06/11/05 13:12:36 Disinfected Path: C:\Documents and Settings\LocalService\Cookies\system@c.enhance[1].txt
Spyware detected: Cookie/Belnk On-demand antivirus scan 06/11/05 13:12:36 Disinfected Path: C:\Documents and Settings\LocalService\Cookies\system@belnk[1].txt
Spyware detected: Cookie/YieldManager On-demand antivirus scan 06/11/05 13:12:36 Disinfected Path: C:\Documents and Settings\LocalService\Cookies\system@ad.yieldmanager[1].txt
Spyware detected: Cookie/Abetterinternet On-demand antivirus scan 06/11/05 13:12:35 Disinfected Path: C:\Documents and Settings\LocalService\Cookies\system@abetterinternet[1].txt
Spyware detected: Cookie/888 On-demand antivirus scan 06/11/05 13:12:35 Disinfected Path: C:\Documents and Settings\LocalService\Cookies\system@888[3].txt
Spyware detected: Cookie/888 On-demand antivirus scan 06/11/05 13:12:35 Disinfected Path: C:\Documents and Settings\LocalService\Cookies\system@888[2].txt
Spyware detected: Cookie/Rn11 On-demand antivirus scan 06/11/05 13:11:26 Disinfected Path: C:\Documents and Settings\Owner\Cookies\owner@rn11[2].txt
Spyware detected: Cookie/Belnk On-demand antivirus scan 06/11/05 13:11:26 Disinfected Path: C:\Documents and Settings\Owner\Cookies\owner@dist.belnk[2].txt
Spyware detected: Cookie/DelfinMedia On-demand antivirus scan 06/11/05 13:11:26 Disinfected Path: C:\Documents and Settings\Owner\Cookies\owner@delfinproject[1].txt
Spyware detected: Cookie/Enhance On-demand antivirus scan 06/11/05 13:11:26 Disinfected Path: C:\Documents and Settings\Owner\Cookies\owner@c.enhance[1].txt
Spyware detected: Cookie/nCase On-demand antivirus scan 06/11/05 13:11:26 Disinfected Path: C:\Documents and Settings\Owner\Cookies\owner@banners.searchingbooth[1].txt
Spyware detected: Cookie/Azjmp On-demand antivirus scan 06/11/05 13:11:26 Disinfected Path: C:\Documents and Settings\Owner\Cookies\owner@azjmp[2].txt
Spyware detected: Cookie/YieldManager On-demand antivirus scan 06/11/05 13:11:26 Disinfected Path: C:\Documents and Settings\Owner\Cookies\owner@ad.yieldmanager[1].txt
Spyware detected: Cookie/64.62.232 On-demand antivirus scan 06/11/05 13:11:25 Disinfected Path: C:\Documents and Settings\Owner\Cookies\owner@64.62.232[2].txt
Connection attempt Firewall protection 06/11/05 12:57:27 Blocked Source IP address: 192.168.0.1
Connection attempt Firewall protection 06/11/05 12:55:54 Blocked Source IP address: 192.168.0.1
Connection attempt Firewall protection 06/11/05 12:55:54 Blocked Source IP address: 192.168.0.1
Connection attempt Firewall protection 06/11/05 12:55:48 Blocked Source IP address: 192.168.0.1
Connection attempt Firewall protection 06/11/05 12:55:47 Blocked Source IP address: 192.168.0.1
Adware detected: Adware/IGetNet On-demand antivirus scan 06/11/05 12:54:23 Disinfected Path: Windows registry
Adware detected: Adware/BookedSpace On-demand antivirus scan 06/11/05 12:54:16 Disinfected Path: Windows registry
Spyware detected: Spyware/ShopNav On-demand antivirus scan 06/11/05 12:54:09 Disinfected Path: Windows registry
Spyware detected: Spyware/Searchcentrix On-demand antivirus scan 06/11/05 12:54:02 Disinfected Path: Windows registry
Adware detected: Adware/FunWeb On-demand antivirus scan 06/11/05 12:53:51 Disinfected Path: Windows registry
Adware detected: Adware/StatBlaster On-demand antivirus scan 06/11/05 12:53:43 Disinfected Path: Windows registry
Dialer detected: Dialer.DK On-demand antivirus scan 06/11/05 12:53:36 Disinfected Path: Windows registry
Adware detected: Adware/Xupiter On-demand antivirus scan 06/11/05 12:53:31 Disinfected Path: Windows registry
Adware detected: Adware/CWS On-demand antivirus scan 06/11/05 12:53:23 Disinfected Path: Windows registry
Adware detected: Adware/SafeSearch On-demand antivirus scan 06/11/05 12:53:08 Disinfected Path: Windows registry
Adware detected: Adware/PowerScan On-demand antivirus scan 06/11/05 12:53:02 Disinfected Path: Windows registry
Adware detected: Adware/PortalScan On-demand antivirus scan 06/11/05 12:52:57 Disinfected Path: C:\WINDOWS\bundles
Spyware detected: Spyware/BetterInet On-demand antivirus scan 06/11/05 12:52:47 Disinfected Path: Windows registry
Adware detected: Adware/BrowserAid On-demand antivirus scan 06/11/05 12:52:39 Disinfected Path: Windows registry
Adware detected: Adware/KeenValue On-demand antivirus scan 06/11/05 12:52:31 Disinfected Path: Windows registry
Adware detected: Adware/TalkStocks On-demand antivirus scan 06/11/05 12:52:21 Disinfected Path: Windows registry
Dialer detected: Dialer.CN On-demand antivirus scan 06/11/05 12:52:16 Disinfected Path: Windows registry
Dialer detected: Dialer.CE On-demand antivirus scan 06/11/05 12:52:11 Disinfected Path: Windows registry
Adware detected: Adware/Lop On-demand antivirus scan 06/11/05 12:52:07 Disinfected Path: Windows registry
Spyware detected: Spyware/ClearSearch On-demand antivirus scan 06/11/05 12:51:59 Disinfected Path: Windows registry
Spyware detected: Spyware/DynaDesk On-demand antivirus scan 06/11/05 12:51:52 Disinfected Path: Windows registry
Spyware detected: Spyware/Dyfuca On-demand antivirus scan 06/11/05 12:51:47 Disinfected Path: Windows registry
Adware detected: Adware/DownloadWare On-demand antivirus scan 06/11/05 12:51:41 Disinfected Path: Windows registry
Adware detected: Adware/ScBar On-demand antivirus scan 06/11/05 12:51:35 Disinfected Path: Windows registry
Adware detected: Adware/MyWay On-demand antivirus scan 06/11/05 12:51:30 Disinfected Path: Windows registry
Adware detected: Adware/Gator On-demand antivirus scan 06/11/05 12:51:22 Disinfected Path: Windows registry
Adware detected: Adware/SaveNow On-demand antivirus scan 06/11/05 12:51:13 Disinfected Path: Windows registry
Dialer detected: Dialer.B On-demand antivirus scan 06/11/05 12:51:03 Disinfected Path: Windows registry
Scan started On-demand antivirus scan 06/11/05 12:50:46 Scan: My Computer
Connection attempt Firewall protection 06/11/05 12:50:03 Blocked Application: C:\WINDOWS\system32\svchost.exe
Connection attempt Firewall protection 06/11/05 12:49:58 Blocked Application: C:\WINDOWS\system32\svchost.exe
Update Update system 06/11/05 12:46:40 Correct New version: 90201
Update Update system 06/11/05 12:46:38 Correct New virus signatures: 2866
Connection attempt Firewall protection 06/11/05 12:45:37 Blocked Source IP address: 192.168.0.1
Connection attempt Firewall protection 06/11/05 12:45:30 Blocked Source IP address: 192.168.0.1
Connection attempt Firewall protection 06/11/05 12:45:24 Blocked Source IP address: 192.168.0.1
Connection attempt Firewall protection 06/11/05 12:45:18 Blocked Source IP address: 192.168.0.1
Connection attempt Firewall protection 06/11/05 12:45:11 Blocked Source IP address: 192.168.0.1
Connection attempt Firewall protection 06/11/05 12:45:05 Blocked Source IP address: 192.168.0.1
Connection attempt Firewall protection 06/11/05 12:44:56 Blocked Source IP address: 192.168.0.1
Connection attempt Firewall protection 06/11/05 12:44:50 Blocked Source IP address: 192.168.0.1
Connection attempt Firewall protection 06/11/05 12:44:43 Blocked Source IP address: 192.168.0.1
Connection attempt Firewall protection 06/11/05 12:44:36 Blocked Source IP address: 192.168.0.1
Connection attempt Firewall protection 06/11/05 12:44:29 Blocked Source IP address: 192.168.0.1
Connection attempt Firewall protection 06/11/05 12:44:21 Blocked Source IP address: 192.168.0.1
Connection attempt Firewall protection 06/11/05 12:44:15 Blocked Source IP address: 192.168.0.1
Update Update system 06/11/05 12:43:58 Incorrect Error: Error in the download process
Connection attempt Firewall protection 06/11/05 12:43:56 Blocked Source IP address: 192.168.0.1
Connection attempt Firewall protection 06/11/05 12:43:51 Blocked Source IP address: 192.168.0.1
Connection attempt Firewall protection 06/11/05 12:43:44 Blocked Source IP address: 192.168.0.1
Connection attempt Firewall protection 06/11/05 12:43:37 Blocked Source IP address: 192.168.0.1
---------------------------------

CounterSpy Scan:

Spyware Scan Details
Start Date: 6/11/2005 2:23:10 PM
End Date: 6/11/2005 2:26:00 PM
Total Time: 2 mins 50 secs

Detected spyware
No spyware were found during this scan.
Detected Spyware Cookies
RegNow

-------------------------------------------

HijackThis Log:

Logfile of HijackThis v1.99.1
Scan saved at 3:22:54 PM, on 6/11/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\PavProt.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\PackethSvc.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Executive Software\DiskeeperWorkstation\DKService.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\PaSSrv.exe
C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\Firewall\PavFires.exe
C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\PavFnSvr.exe
C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\Pavkre.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\pavsrv51.exe
C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\AVENGINE.EXE
C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\prevsrv.exe
C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\PsImSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\SRVLOAD.EXE
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
C:\WINDOWS\System32\hphmon03.exe
C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe
C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Sunbelt Software\CounterSpy Client\sunasDtServ.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Intuit\QuickBooks Basic\Components\QBAgent\qbdagent2002.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files\QUICKENW\QWDLLS.EXE
C:\Program Files\WinZip\WZQKPICK.EXE
C:\PROGRA~1\HEWLET~1\PHOTOS~1\HPSHAR~1\hpgs2wnf.exe
C:\WINDOWS\System32\HPHipm09.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\apvxdwin.exe
C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\WebProxy.exe
C:\Program Files\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_1.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_1.dll
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [HPHmon03] C:\WINDOWS\System32\hphmon03.exe
O4 - HKLM\..\Run: [CXMon] "C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [checktime] c:\program files\HPSelect\Frontend\ct.exe
O4 - HKLM\..\Run: [Iomega Startup Options] C:\Program Files\Iomega\Common\ImgStart.exe
O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [sunasDtServ] C:\Program Files\Sunbelt Software\CounterSpy Client\sunasDtServ.exe
O4 - HKLM\..\Run: [sunasServ] C:\Program Files\Sunbelt Software\CounterSpy Client\sunasServ.exe
O4 - HKLM\..\Run: [S3TRAY2] S3tray2.exe
O4 - HKLM\..\Run: [SCANINICIO] "C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\Inicio.exe"
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\APVXDWIN.EXE" /s
O4 - HKLM\..\RunServices: [PANDA ANTISPAM SERVER SERVICE] "C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\PasSrv.exe"
O4 - HKCU\..\Run: [Extreme Messenger for AIM] C:\Program Files\Extreme Messenger\ExtremeMessenger.exe nosplash
O4 - HKCU\..\Run: [MoneyAgent] "c:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Microsoft Works Update Detection] c:\Program Files\Microsoft Works\WkDetect.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Billminder.lnk = C:\Program Files\QUICKENW\BILLMIND.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: QuickBooks 2002 Delivery Agent.lnk = C:\Program Files\Intuit\QuickBooks Basic\Components\QBAgent\qbdagent2002.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: Quicken Startup.lnk = C:\Program Files\QUICKENW\QWDLLS.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - c:\Program Files\Microsoft Money\System\mnyviewer.dll (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0C568603-D79D-11D2-87A7-00C04FF158BB} (BrowseFolderPopup Class) - http://download.mcafee.com/molbin/Shared/MGBrwFld.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b28578.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid= ... lcid=0x409
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/Mi ... b28578.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/Shar ... vSniff.cab
O16 - DPF: {37DF41B2-61DB-4CAC-A755-CFB3C7EE7F40} (AOL Content Update) - http://esupport.aol.com/help/acp2/engin ... core_1.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200 ... taller.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/share ... insctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v ... 7392481625
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004 ... scan53.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/viru ... ebscan.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b28578.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZI ... b28578.cab
O16 - DPF: {C68F9105-04FD-4B48-B6CC-2A076F711C35} (HpodPCFileCtrl2 Class) - file://E:\MEMDISC\ALBUM_A\VIEW\PLUGIN\HPODPCFC.CAB
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.ne ... tector.cab
O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) - http://messenger.zone.msn.com/binary/WoF.cab28578.cab
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\DiskeeperWorkstation\DKService.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: IomegaAccess - Iomega Corporation - C:\WINDOWS\System32\IomegaAccess.exe
O23 - Service: Virtual NIC Service (PackethSvc) - America Online, Inc. - C:\WINDOWS\System32\PackethSvc.exe
O23 - Service: Panda Antispam Server Service (PASSRV) - Unknown owner - C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\PaSSrv.exe
O23 - Service: Panda Firewall Service (PAVFIRES) - Panda Software - C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\Firewall\PavFires.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software - C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\PavFnSvr.exe
O23 - Service: Panda Pavkre (Pavkre) - Panda Software - C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\Pavkre.exe
O23 - Service: Panda PavProt (PavProt) - Panda Software - C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\PavProt.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software - C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\pavsrv51.exe
O23 - Service: Pml Driver - HP - C:\WINDOWS\System32\HPHipm09.exe
O23 - Service: Panda Preventium+ Service (PREVSRV) - Panda Software - C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\prevsrv.exe
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software Internacional - C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\PsImSvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

----------------------------------

Let me know what's next :)
theglobal
Regular Member
 
Posts: 85
Joined: March 1st, 2005, 3:55 am

Unread postby Perculator » June 12th, 2005, 3:41 pm

Ok first the basic final post


Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:

  1. Use an AntiVirus Software - It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future.

    See this link for a listing of some online & their stand-alone antivirus programs:

    Virus, Spyware, and Malware Protection and Removal Resources

  2. Update your AntiVirus Software - It is imperitive that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.

  3. Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is succeptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.

    For a tutorial on Firewalls and a listing of some available ones see the link below:

    Understanding and Using Firewalls

  4. Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

  5. Install Spybot - Search and Destroy - Install and download Spybot - Search and Destroy with its TeaTimer option. This will provide realtime spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with program on a regular basis just as you would an antivirus software.

    A tutorial on installing & using this product can be found here:

    Using Spybot - Search & Destroy to remove Spyware, Malware, and Hijackers

  6. Install Ad-Aware - Install and download Ad-Aware. You should also scan your computer with program on a regular basis just as you would an antivirus software in conjunction with Spybot.

    A tutorial on installing & using this product can be found here:

    Using Ad-aware to remove Spyware, Malware, & Hijackers from Your Computer

  7. Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

    A tutorial on installing & using this product can be found here:

    Using SpywareBlaster to protect your computer from Spyware and Malware

  8. Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.


Follow this list and your potential for being infected again will reduce dramatically.

You also can read this article
http://www.wilderssecurity.com/showthread.php?t=27971



*********************************************************************
Ok now for your brother in law

He has to use a firewall I would recommend sygate personal free firewall
http://smb.sygate.com/download_buy.htm
(choose the sygate personal firewall(yellow )and not the pro (orange) cause you will only be able to use the pro for a certain time, and then have to buy it.)
***
He has to use an antivirus
If he wants a free firewall, he can use avast.
http://www.avast.com/eng/down_home.html
***
He has to use adaware SE personal
http://www.download.com/Ad-Aware-SE-Per ... l&tag=top5

***
Also Spybot S&D is a very good tool
http://www.majorgeeks.com/download2471.html

***
And of course spywareblaster
http://www.javacoolsoftware.com/spywareblaster.html

***
and a good browser like firefox
http://www.mozilla.org/
or he can use the mozilla suite
http://www.mozilla.org/products/mozilla1.x/

I don’t need to say it was a pleasure working with you and I hope I will see you more often here, but then as a student.

Glad I was able to help.

if you like to have a nice atavar or signature check the link under my signature

See you around
User avatar
Perculator
Regular Member
 
Posts: 470
Joined: March 30th, 2005, 4:55 pm
Location: netherlands

Unread postby theglobal » June 12th, 2005, 5:52 pm

There are not enough words to express my appreciation for all of the hard work and effort you and your Malware Removal associates put into helping me clean up a very nasty computer. I know I have new friends I can count on when I am in a MalWare bind!

Best wishes for continued success!

theglobal
theglobal
Regular Member
 
Posts: 85
Joined: March 1st, 2005, 3:55 am

Unread postby Perculator » June 13th, 2005, 1:18 am

We were happy to help
good luck!
User avatar
Perculator
Regular Member
 
Posts: 470
Joined: March 30th, 2005, 4:55 pm
Location: netherlands

Unread postby Nick-YF19 » June 16th, 2005, 1:15 am

Glad we could be of assistance.

This topic is now closed. If you wish it
reopened, please send us an email to 'admin at malwareremoval.com' with a link to your thread.


You can help support this site from this link :
Donations For Malware Removal

Do not bother contacting us if you are not the topic starter. A valid,
working link to the closed topic is required along with the user name used.
If the user name does not match the one in the thread linked, the email will be deleted.
User avatar
Nick-YF19
Admin/Teacher Emeritus
 
Posts: 4036
Joined: May 17th, 2005, 12:42 am
Location: California
Advertisement
Register to Remove

Previous

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 16 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware