Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

hijackthis log file

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

hijackthis log file

Unread postby sumo » March 4th, 2006, 3:50 pm

Could please check my hijackthis log file

Cheers Sumo

Logfile of HijackThis v1.99.1
Scan saved at 19:47:57, on 04/03/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\UAService7.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\ntl\BROADB~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\PROGRA~1\MYWEBS~1\bar\3.bin\mwsoemon.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\ntl\broadband medic\bin\mpbtn.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Outlook Express\msimn.exe
C:\DOCUME~1\STUART~1\LOCALS~1\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe
C:\Program Files\Messenger\msmsgs.exe
C:\DOCUME~1\STUART~1\LOCALS~1\Temp\Temporary Directory 2 for hijackthis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/av ... x_homepage
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\3.bin\MWSSRCAS.DLL
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\3.bin\MWSSRCAS.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\3.bin\MWSBAR.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\ntl\BROADB~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [CPQHotkeys] hotkeysvc.exe
O4 - HKLM\..\Run: [CTHelper] cthelper.exe
O4 - HKLM\..\Run: [PcSync] PCsync.exe
O4 - HKLM\..\Run: [Windows System Configuration] C:\WINDOWS\WINFRW.EXE
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [Ã
sumo
Active Member
 
Posts: 9
Joined: March 4th, 2006, 3:37 pm
Location: Winnersh
Advertisement
Register to Remove

Unread postby agrarianmonk » March 4th, 2006, 4:45 pm

Hi sumo

Welcome to the Malware Removal forums. I will be more than happy to help you work on your problems.
Please give me some time to review your log as this can be a lengthy process. As soon as a MR Staff Expert reviews my fix, I will post it for you.
In the mean time, if any problems occur. Please let me know.
Please only use this topic to reply to. Do not start another thread.
The fixes we will use are specific to your problems and should only be used for this issue on this machine.
If you’re unsure of anything at all please stop and ask!

-Agrarianmonk
User avatar
agrarianmonk
MRU Teacher Emeritus
 
Posts: 5439
Joined: December 24th, 2005, 3:11 am

Unread postby agrarianmonk » March 4th, 2006, 6:06 pm

Dear Sumo, welcome to MWR.

You have been infected by W32/Rbot-XB, which allows attackers to access your computer from remote locations, stealing passwords, Internet banking and personal data.

Rbot info

I recommend that you disconnect this machine from the internet NOW!

1. Disconnect infected computer from the internet and from any networked computers until the computer can be cleaned.

2. Call all of your banks, credit card companies, financial institutions and inform them that you may be a victim of identity theft and to put a watch on your accounts or change all your account numbers.

3. From a clean computer, change *all* your online passwords -- for email, for banks, financial accounts, PayPal, eBay, online companies, any online forums or groups you belong to.

Do NOT change passwords or do any transactions while using the infected computer because the attacker will get the new passords and transaction information.

******************************

You may want to print out these instructions or copy them to notepad since you will not have internet access during some of our fixes

You are currently using HijackThis from a temporary directory; this can cause problems.
HijackThis creates backups, these are needed in case of any recovery issues.
Please create a directory on your C:\ drive called C:\HJT, download and unzip HijackThis into that directory. Run the program from that directory from now on.

STEPS For Creating Folder
1. Please go to My Computer, open your C:\ drive, Select: New >> Folder and name the folder HJT.

2. Download HijackThis to the new folder:

3. Double Click on 'HijackThis.zip' to extract and install HijackThis.exe to the new folder.

********************************

We need to disable your Microsoft AntiSpyware Real-time Protection as it may interfere with the fixes that we need to make.

Open Microsoft AntiSpyware.
Click on Tools, Settings.
In the left pane, click on Real-time Protection.
Under Startup Options uncheck Enable the Microsoft AntiSpyware Security Agents on startup (recommended).
Under Real-time spyware threat protection uncheck Enable real-time spyware threat protection (recommended).
After you uncheck these, click on the Save button and close Microsoft AntiSpyware.
Right click on the Microsoft AntiSpyware icon on the taskbar and select Shutdown Microsoft AntiSpyware.

After all of the fixes are complete it is very important that you enable Real-time Protection again.

********************************

Download CWShredder here to its own folder.

Update CWShredder

* Open CWShredder and click I AGREE
* Click Check For Update
* Close CWShredder


Please remove these entries from Add/Remove Programs in the Control Panel(if present):

My Web Search [You may also want to uninstall any of the following items associated with FunWebProducts.]
My Web Search (Smiley Central or FWP product as applicable)
My Way Speedbar (Smiley Central or other FWP as applicable)
My Way Speedbar (AOL and Yahoo Messengers) (beta users only)
My Way Speedbar (Outlook, Outlook Express, and IncrediMail)
Search Assistant - My Way

ISTsvc
Errorguard

Please note any other programs that you dont recognize in that list in your next response

Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below. [b]

R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\3.bin\MWSSRCAS.DLL

O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\3.bin\MWSSRCAS.DLL
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\3.bin\MWSBAR.DLL

O4 - HKLM\..\Run: [CPQHotkeys] hotkeysvc.exe
O4 - HKLM\..\Run: [CTHelper] cthelper.exe
O4 - HKLM\..\Run: [PcSync] PCsync.exe
O4 - HKLM\..\Run: [Windows System Configuration] C:\WINDOWS\WINFRW.EXE
O4 - HKLM\..\Run: [Ã
User avatar
agrarianmonk
MRU Teacher Emeritus
 
Posts: 5439
Joined: December 24th, 2005, 3:11 am

my hijackthis log file and my active scan

Unread postby sumo » March 5th, 2006, 9:12 pm

[quote="agrarianmonk"]Dear Sumo, welcome to MWR.

Now, please post a Fresh HJT Log and the results of your Panda Active Scan

Hi i think i have done everything as instructed correct

many thanks sumo

i do not recognise in add/remove programs
learn2player (uninstall only)
j2se runtime enviroment 5.0 update 6
shockwave
shopathome select cash back

i cannot remove istsvc it comes up the compressed (zipped) folder is invalid or corrupted

hijack this log

Logfile of HijackThis v1.99.1
Scan saved at 01:03:43, on 06/03/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\ntl\BROADB~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\ntl\broadband medic\bin\mpbtn.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/av ... x_homepage
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\ntl\BROADB~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: broadband medic.lnk = C:\Program Files\ntl\broadband medic\bin\matcli.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: ShopperReports - Compare product prices - {E77EDA01-3C56-4a96-8D08-02B42891C169} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/techsup ... SupCtl.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aolsvc.aol.co.uk/computerc ... diagcc.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/A ... tPkMSN.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan ... asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnme ... loader.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsup ... mAData.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe

activescan


Incident Status Location

Adware:adware/savenow Not disinfected C:\WINDOWS\SYSTEM32\ap2nqrd4.dat
Adware:adware/wupd Not disinfected C:\WINDOWS\SYSTEM32\ap9h4qmo.ini
Adware:adware/sahagent Not disinfected C:\WINDOWS\SYSTEM32\bqrufs5f.dat
Adware:adware/ncase Not disinfected C:\TEMP\salm.log
Adware:adware/sqwire Not disinfected Windows Registry
Potentially unwanted tool:application/mywebsearch Not disinfected HKEY_CLASSES_ROOT\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239}
Adware:adware/comet Not disinfected Windows Registry
Dialer:dialer.ok Not disinfected HKEY_CLASSES_ROOT\Interface\{66BD1BD0-3655-42E4-8CE9-16D3613B0B25}
Spyware:Cookie/64.62.232 Not disinfected C:\Documents and Settings\STUART VAESSEN\Cookies\stuart vaessen@64.62.232[2].txt
Spyware:Cookie/888 Not disinfected C:\Documents and Settings\STUART VAESSEN\Cookies\stuart vaessen@888[1].txt
Spyware:Cookie/888 Not disinfected C:\Documents and Settings\STUART VAESSEN\Cookies\stuart vaessen@888[3].txt
Spyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\STUART VAESSEN\Cookies\stuart vaessen@adopt.hbmediapro[1].txt
Spyware:Cookie/Ask Not disinfected C:\Documents and Settings\STUART VAESSEN\Cookies\stuart vaessen@ask[1].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\STUART VAESSEN\Cookies\stuart vaessen@atdmt[2].txt
Spyware:Cookie/Banner Not disinfected C:\Documents and Settings\STUART VAESSEN\Cookies\stuart vaessen@banner[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\STUART VAESSEN\Cookies\stuart vaessen@belnk[1].txt
Spyware:Cookie/Barelylegal Not disinfected C:\Documents and Settings\STUART VAESSEN\Cookies\stuart vaessen@c.fsx[2].txt
Spyware:Cookie/GoStats Not disinfected C:\Documents and Settings\STUART VAESSEN\Cookies\stuart vaessen@c3.gostats[2].txt
Spyware:Cookie/Cassava Not disinfected C:\Documents and Settings\STUART VAESSEN\Cookies\stuart vaessen@cassava[1].txt
Spyware:Cookie/Ccbill Not disinfected C:\Documents and Settings\STUART VAESSEN\Cookies\stuart vaessen@ccbill[2].txt
Spyware:Cookie/did-it Not disinfected C:\Documents and Settings\STUART VAESSEN\Cookies\stuart vaessen@did-it[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\STUART VAESSEN\Cookies\stuart vaessen@dist.belnk[2].txt
Spyware:Cookie/Errorguard Not disinfected C:\Documents and Settings\STUART VAESSEN\Cookies\stuart vaessen@errorguard[1].txt
Spyware:Cookie/Powerscan Not disinfected C:\Documents and Settings\STUART VAESSEN\Cookies\stuart vaessen@gammae[2].txt
Spyware:Cookie/GangbangSquad Not disinfected C:\Documents and Settings\STUART VAESSEN\Cookies\stuart vaessen@gangbangsquad[1].txt
Spyware:Cookie/go Not disinfected C:\Documents and Settings\STUART VAESSEN\Cookies\stuart vaessen@go[2].txt
Spyware:Cookie/MediaTickets Not disinfected C:\Documents and Settings\STUART VAESSEN\Cookies\stuart vaessen@kinghost[2].txt
Spyware:Cookie/Kount Not disinfected C:\Documents and Settings\STUART VAESSEN\Cookies\stuart vaessen@kount[1].txt
Spyware:Cookie/OfferOptimizer Not disinfected C:\Documents and Settings\STUART VAESSEN\Cookies\stuart vaessen@offeroptimizer[2].txt
Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\STUART VAESSEN\Cookies\stuart vaessen@searchportal.information[1].txt
Spyware:Cookie/SpywareStormer Not disinfected C:\Documents and Settings\STUART VAESSEN\Cookies\stuart vaessen@spywarestormer[1].txt
Spyware:Cookie/TeensForCash Not disinfected C:\Documents and Settings\STUART VAESSEN\Cookies\stuart vaessen@teensforcash[1].txt
Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\STUART VAESSEN\Cookies\stuart vaessen@toplist[2].txt
Spyware:Cookie/WebPower Not disinfected C:\Documents and Settings\STUART VAESSEN\Cookies\stuart vaessen@webpower[1].txt
Spyware:Cookie/Advnt Not disinfected C:\Documents and Settings\STUART VAESSEN\Cookies\stuart vaessen@www.advnt01[2].txt
Spyware:Cookie/MyWay Not disinfected C:\Documents and Settings\STUART VAESSEN\Cookies\stuart vaessen@www.xzoomy[2].txt
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\STUART VAESSEN\Cookies\stuart vaessen@xiti[1].txt
Spyware:Cookie/Xmts Not disinfected C:\Documents and Settings\STUART VAESSEN\Cookies\stuart vaessen@xmts[1].txt
Spyware:Cookie/2o7.net Not disinfected C:\Documents and Settings\STUART VAESSEN\Application Data\Mozilla\Firefox\Profiles\sztd2hs2.default\cookies.txt[.2o7.net/]
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\STUART VAESSEN\Application Data\Mozilla\Firefox\Profiles\sztd2hs2.default\cookies.txt[.hitbox.com/]
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\STUART VAESSEN\Application Data\Mozilla\Firefox\Profiles\sztd2hs2.default\cookies.txt[.statcounter.com/]
Spyware:Cookie/did-it Not disinfected C:\Documents and Settings\STUART VAESSEN\Application Data\Mozilla\Firefox\Profiles\sztd2hs2.default\cookies.txt[.did-it.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\STUART VAESSEN\Application Data\Mozilla\Firefox\Profiles\sztd2hs2.default\cookies.txt[.doubleclick.net/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\STUART VAESSEN\Application Data\Mozilla\Firefox\Profiles\sztd2hs2.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/Hitslink Not disinfected C:\Documents and Settings\STUART VAESSEN\Application Data\Mozilla\Firefox\Profiles\sztd2hs2.default\cookies.txt[counter.hitslink.com/]
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\STUART VAESSEN\Application Data\Mozilla\Firefox\Profiles\sztd2hs2.default\cookies.txt[statse.webtrendslive.com/dcsfq3fly11e5h2r7efi2vz7t_2v4u]
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\STUART VAESSEN\Application Data\Mozilla\Firefox\Profiles\sztd2hs2.default\cookies.txt[statse.webtrendslive.com/]
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\STUART VAESSEN\Application Data\Mozilla\Firefox\Profiles\sztd2hs2.default\cookies.txt[.mediaplex.com/]
Spyware:Cookie/Xmts Not disinfected C:\Documents and Settings\STUART VAESSEN\Application Data\Mozilla\Firefox\Profiles\sztd2hs2.default\cookies.txt[.xmts.net/]
Spyware:Cookie/bravenetA Not disinfected C:\Documents and Settings\STUART VAESSEN\Application Data\Mozilla\Firefox\Profiles\sztd2hs2.default\cookies.txt[.bravenet.com/]
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\STUART VAESSEN\Application Data\Mozilla\Firefox\Profiles\sztd2hs2.default\cookies.txt[.apmebf.com/]
Spyware:Cookie/WinFixer Not disinfected C:\Documents and Settings\STUART VAESSEN\Application Data\Mozilla\Firefox\Profiles\sztd2hs2.default\cookies.txt[.winfixer.com/]
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\STUART VAESSEN\Application Data\Mozilla\Firefox\Profiles\sztd2hs2.default\cookies.txt[.xiti.com/]
Spyware:Cookie/go Not disinfected C:\Documents and Settings\STUART VAESSEN\Application Data\Mozilla\Firefox\Profiles\sztd2hs2.default\cookies.txt[.go.com/]
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\STUART VAESSEN\Application Data\Mozilla\Firefox\Profiles\sztd2hs2.default\cookies.txt[.belnk.com/]
Spyware:Cookie/Seeq Not disinfected C:\Documents and Settings\STUART VAESSEN\Application Data\Mozilla\Firefox\Profiles\sztd2hs2.default\cookies.txt[www48.seeq.com/]
Spyware:Cookie/Ask Not disinfected C:\Documents and Settings\AMANDA VAESSEN\Cookies\amanda vaessen@ask[1].txt
Spyware:Cookie/GoStats Not disinfected C:\Documents and Settings\AMANDA VAESSEN\Cookies\amanda vaessen@gostats[2].txt
Spyware:Cookie/go Not disinfected C:\Documents and Settings\AMANDA VAESSEN\Cookies\amanda vaessen@go[1].txt
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\AMANDA VAESSEN\Cookies\amanda vaessen@xiti[1].txt
Spyware:Cookie/Xmts Not disinfected C:\Documents and Settings\AMANDA VAESSEN\Cookies\amanda vaessen@xmts[1].txt
Adware:Adware/FlashTrack Not disinfected C:\Documents and Settings\AMANDA VAESSEN\Local Settings\Temporary Internet Files\Content.IE5\61LQN25C\channels_02[1].gif
Spyware:Cookie/2o7.net Not disinfected C:\Documents and Settings\STUART VAESSEN\Application Data\Mozilla\Firefox\Profiles\sztd2hs2.default\cookies.txt[]
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\STUART VAESSEN\Application Data\Mozilla\Firefox\Profiles\sztd2hs2.default\cookies.txt[dcsfq3fly11e5h2r7efi2vz7t_2v4u]
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\STUART VAESSEN\Application Data\Mozilla\Firefox\Profiles\sztd2hs2.default\cookies.txt[]
Spyware:Cookie/64.62.232 Not disinfected C:\Documents and Settings\STUART VAESSEN\Cookies\stuart vaessen@64.62.232[2].txt
Spyware:Cookie/888 Not disinfected C:\Documents and Settings\STUART VAESSEN\Cookies\stuart vaessen@888[1].txt
Spyware:Cookie/888 Not disinfected C:\Documents and Settings\STUART VAESSEN\Cookies\stuart vaessen@888[3].txt
Spyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\STUART VAESSEN\Cookies\stuart vaessen@adopt.hbmediapro[1].txt
Spyware:Cookie/Ask Not disinfected C:\Documents and Settings\STUART VAESSEN\Cookies\stuart vaessen@ask[1].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\STUART VAESSEN\Cookies\stuart vaessen@atdmt[2].txt
Spyware:Cookie/Banner Not disinfected C:\Documents and Settings\STUART VAESSEN\Cookies\stuart vaessen@banner[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\STUART VAESSEN\Cookies\stuart vaessen@belnk[1].txt
Spyware:Cookie/Barelylegal Not disinfected C:\Documents and Settings\STUART VAESSEN\Cookies\stuart vaessen@c.fsx[2].txt
Spyware:Cookie/GoStats Not disinfected C:\Documents and Settings\STUART VAESSEN\Cookies\stuart vaessen@c3.gostats[2].txt
Spyware:Cookie/Cassava Not disinfected C:\Documents and Settings\STUART VAESSEN\Cookies\stuart vaessen@cassava[1].txt
Spyware:Cookie/Ccbill Not disinfected C:\Documents and Settings\STUART VAESSEN\Cookies\stuart vaessen@ccbill[2].txt
Spyware:Cookie/did-it Not disinfected C:\Documents and Settings\STUART VAESSEN\Cookies\stuart vaessen@did-it[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\STUART VAESSEN\Cookies\stuart vaessen@dist.belnk[2].txt
Spyware:Cookie/Errorguard Not disinfected C:\Documents and Settings\STUART VAESSEN\Cookies\stuart vaessen@errorguard[1].txt
Spyware:Cookie/Powerscan Not disinfected C:\Documents and Settings\STUART VAESSEN\Cookies\stuart vaessen@gammae[2].txt
Spyware:Cookie/GangbangSquad Not disinfected C:\Documents and Settings\STUART VAESSEN\Cookies\stuart vaessen@gangbangsquad[1].txt
Spyware:Cookie/go Not disinfected C:\Documents and Settings\STUART VAESSEN\Cookies\stuart vaessen@go[2].txt
Spyware:Cookie/MediaTickets Not disinfected C:\Documents and Settings\STUART VAESSEN\Cookies\stuart vaessen@kinghost[2].txt
Spyware:Cookie/Kount Not disinfected C:\Documents and Settings\STUART VAESSEN\Cookies\stuart vaessen@kount[1].txt
Spyware:Cookie/OfferOptimizer Not disinfected C:\Documents and Settings\STUART VAESSEN\Cookies\stuart vaessen@offeroptimizer[2].txt
Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\STUART VAESSEN\Cookies\stuart vaessen@searchportal.information[1].txt
Spyware:Cookie/SpywareStormer Not disinfected C:\Documents and Settings\STUART VAESSEN\Cookies\stuart vaessen@spywarestormer[1].txt
Spyware:Cookie/TeensForCash Not disinfected C:\Documents and Settings\STUART VAESSEN\Cookies\stuart vaessen@teensforcash[1].txt
Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\STUART VAESSEN\Cookies\stuart vaessen@toplist[2].txt
Spyware:Cookie/WebPower Not disinfected C:\Documents and Settings\STUART VAESSEN\Cookies\stuart vaessen@webpower[1].txt
Spyware:Cookie/Advnt Not disinfected C:\Documents and Settings\STUART VAESSEN\Cookies\stuart vaessen@www.advnt01[2].txt
Spyware:Cookie/MyWay Not disinfected C:\Documents and Settings\STUART VAESSEN\Cookies\stuart vaessen@www.xzoomy[2].txt
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\STUART VAESSEN\Cookies\stuart vaessen@xiti[1].txt
Spyware:Cookie/Xmts Not disinfected C:\Documents and Settings\STUART VAESSEN\Cookies\stuart vaessen@xmts[1].txt
Adware:Adware/FlashTrack Not disinfected C:\Documents and Settings\STUART VAESSEN\Local Settings\Temporary Internet Files\Content.IE5\0SBLVEXP\channels_02[1].gif
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\Mozilla Firefox\plugins\NPMyWebS.dll
sumo
Active Member
 
Posts: 9
Joined: March 4th, 2006, 3:37 pm
Location: Winnersh

Unread postby agrarianmonk » March 6th, 2006, 2:36 am

Dear Sumo

Thanks for your quick response. Your log is looking much better.

Please remove these entries from Add/Remove Programs in the Control Panel(if present):

learn2player (uninstall only) <--if you don't use this program, it is safe to remove
shopathome select cash back


******************************

Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

O9 - Extra button: ShopperReports - Compare product prices - {E77EDA01-3C56-4a96-8D08-02B42891C169} - C:\WINDOWS\System32\shdocvw.dll

Now close all windows other than HiJackThis, then click Fix Checked. Close HJT.

******************************

Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 only
    Double-click ATF-Cleaner.exe to run the program.
    Under Main choose: Select All
    Click the Empty Selected button.
If you use Firefox browser
    Click Firefox at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser
    Click Opera at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

*******************************

Please download ewido anti-malware it is a free version of the program.
  1. Install ewido anti-malware
  2. When installing, under "Additional Options" uncheck..
    • Install background guard
    • Install scan via context menu
  3. Launch ewido, there should be an icon on your desktop, double-click it.
  4. The program will now open to the main screen.
  5. When you run ewido for the first time, you may get a warning "Database could not be found!". Click OK. We will fix this in a moment.
  6. You will need to update ewido to the latest definition files.
    • On the left hand side of the main screen click update.
    • Then click on Start Update.
  7. The update will start and a progress bar will show the updates being installed.
    (the status bar at the bottom will display ("Update successful")
If you are having problems with the updater, you can use this link to manually update ewido.
ewido manual updates

Once the updates are installed do the following:
  • Click on scanner
  • Click on Complete System Scan and the scan will begin.
  • You will be prompted to clean the first infection.
  • Select "Perform action on all infections", then proceed.
  • Once the scan has completed, there will be a button located on the bottom of the screen named Save report
  • Click Save report.
  • Save the report .txt file to your desktop or a location where you can find it easily.

Close ewido anti-malware. Reboot your computer

*******************************


In your next post, please post a fresh HJT log and the results of your Ewido Anti-Malware Scan. It might be better for you to post the Ewido log in a separate post so that it won't get cut off. Also, please let me know how your computer is running.

-Agrarianmonk
User avatar
agrarianmonk
MRU Teacher Emeritus
 
Posts: 5439
Joined: December 24th, 2005, 3:11 am

just a quick thanks

Unread postby sumo » March 6th, 2006, 11:36 am

just a quick note to say at work and will try latest instructions later tonight when home
once again thanks for your help

cheers sumo
sumo
Active Member
 
Posts: 9
Joined: March 4th, 2006, 3:37 pm
Location: Winnersh

results of hijackthis scan

Unread postby sumo » March 6th, 2006, 1:41 pm

Results of latest scan


Logfile of HijackThis v1.99.1
Scan saved at 17:38:12, on 06/03/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\PROGRA~1\ntl\BROADB~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\ntl\broadband medic\bin\mpbtn.exe
C:\WINDOWS\system32\UAService7.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/av ... x_homepage
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\ntl\BROADB~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: broadband medic.lnk = C:\Program Files\ntl\broadband medic\bin\matcli.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: ShopperReports - Compare product prices - {E77EDA01-3C56-4a96-8D08-02B42891C169} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/techsup ... SupCtl.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aolsvc.aol.co.uk/computerc ... diagcc.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/A ... tPkMSN.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan ... asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnme ... loader.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsup ... mAData.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe




In your next post, please post a fresh HJT log and the results of your Ewido Anti-Malware Scan. It might be better for you to post the Ewido log in a separate post so that it won't get cut off. Also, please let me know how your computer is running.

-Agrarianmonk[/quote]
sumo
Active Member
 
Posts: 9
Joined: March 4th, 2006, 3:37 pm
Location: Winnersh

results of ewido scan

Unread postby sumo » March 6th, 2006, 1:43 pm

In your next post, please post a fresh HJT log and the results of your Ewido Anti-Malware Scan. It might be better for you to post the Ewido log in a separate post so that it won't get cut off. Also, please let me know how your computer is running.

-Agrarianmonk[/quote]

ewido scan results

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 17:33:21, 06/03/2006
+ Report-Checksum: A6249214

+ Scan result:

C:\Documents and Settings\STUART VAESSEN\Cookies\stuart vaessen@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP367\A0099492.ini -> Adware.Sahat : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP367\A0099493.ini -> Adware.Sahat : Cleaned with backup


::Report End
sumo
Active Member
 
Posts: 9
Joined: March 4th, 2006, 3:37 pm
Location: Winnersh

my computer

Unread postby sumo » March 6th, 2006, 1:47 pm

My pc seems to be running a lot quicker at first glance got to go out know though will have a better look later on. ? am i safe though

cheers sumo

In your next post, please post a fresh HJT log and the results of your Ewido Anti-Malware Scan. It might be better for you to post the Ewido log in a separate post so that it won't get cut off. Also, please let me know how your computer is running.

-Agrarianmonk[/quote]
sumo
Active Member
 
Posts: 9
Joined: March 4th, 2006, 3:37 pm
Location: Winnersh

Unread postby agrarianmonk » March 6th, 2006, 9:20 pm

Dear Sumo,

Almost Done. You may want to print out these instructions or copy them to notepad since you will not have internet access during some of our fixes.

  • Copy the contents of the Quote Box below to Notepad.
  • Name the file as fix.reg
  • Change the Save as Type to All Files
  • and Save it on the desktop
REGEDIT4

[-HKEY_CLASSES_ROOT\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239}]

[-HKEY_CLASSES_ROOT\Interface\{66BD1BD0-3655-42E4-8CE9-16D3613B0B25}]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{E77EDA01-3C56-4a96-8D08-02B42891C169}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\CmdMapping]
"{E77EDA01-3C56-4a96-8D08-02B42891C169}"=-



Make sure there are NO blank lines before REGEDIT4
Make sure there IS one blank line at the end of the file.

***************************

Reboot into safe mode.

Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.

Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

O9 - Extra button: ShopperReports - Compare product prices - {E77EDA01-3C56-4a96-8D08-02B42891C169} - C:\WINDOWS\System32\shdocvw.dll

Now close all windows other than HiJackThis, then click Fix Checked. Close HJT.


Next, we need to Reveal Hidden Files

1. Click Start.
2. Open My Computer.
3. Select Tools menu
4. Click Folder Options.
5. Select the View Tab.
6. Select Show hidden files and folders in the Hidden files and folders section.
7. Uncheck Hide protected operating system files (recommended) option.
8. Uncheck the Hide file extensions for known file types option.
9. Click Yes.
10. Click OK.


Please delete these files using Windows Explorer(if present):

C:\WINDOWS\SYSTEM32\ap2nqrd4.dat
C:\WINDOWS\SYSTEM32\ap9h4qmo.ini
C:\WINDOWS\SYSTEM32\bqrufs5f.dat
C:\TEMP\salm.log
C:\Program Files\Mozilla Firefox\plugins\NPMyWebS.dll


  • Now double-click on the fix.reg file, and when it prompts to merge say yes, and this will clear some registry entries left behind by the process.


After that, Reboot in normal mode.

Now, please post a Fresh HJT Log. Let me know if you notice any other problems with your computer.
User avatar
agrarianmonk
MRU Teacher Emeritus
 
Posts: 5439
Joined: December 24th, 2005, 3:11 am

hijackthis log file

Unread postby sumo » March 7th, 2006, 12:49 pm

could not find files below found the mozilla one thou.
when in safe mode keyboard became inactive but working now as you can see. computer seems to be ok.

cheers sumo

Please delete these files using Windows Explorer(if present):

C:\WINDOWS\SYSTEM32\ap2nqrd4.dat
C:\WINDOWS\SYSTEM32\ap9h4qmo.ini
C:\WINDOWS\SYSTEM32\bqrufs5f.dat
C:\TEMP\salm.log


Now, please post a [b]Fresh HJT Log
. Let me know if you notice any other problems with your computer.[/quote]

Logfile of HijackThis v1.99.1
Scan saved at 16:44:57, on 07/03/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\UAService7.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\ntl\BROADB~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\ntl\broadband medic\bin\mpbtn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/av ... x_homepage
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\ntl\BROADB~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: broadband medic.lnk = C:\Program Files\ntl\broadband medic\bin\matcli.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/techsup ... SupCtl.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aolsvc.aol.co.uk/computerc ... diagcc.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/A ... tPkMSN.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan ... asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnme ... loader.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsup ... mAData.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe
sumo
Active Member
 
Posts: 9
Joined: March 4th, 2006, 3:37 pm
Location: Winnersh

Unread postby agrarianmonk » March 7th, 2006, 9:45 pm

Congratulations, your log looks clean! Are you having any other troubles?

First, Lets reset system restore
Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs changing those files. This is the only way to clean these files: You will lose all previous restore points which are likely to be infected. Please note you need Administrator Access to do clean the restore points.

1. Turn off System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

2. Reboot.

3. Turn ON System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK.
NOTE: only do this ONCE,NOT on a regular basis


Let's enable your Microsoft AntiSpyware Real-time Protection.

Open Microsoft AntiSpyware.
Click on Tools, Settings.
In the left pane, click on Real-time Protection.
Under Startup Options check Enable the Microsoft AntiSpyware Security Agents on startup (recommended).
Under Real-time spyware threat protection check Enable real-time spyware threat protection (recommended).
After you check these, click on the Save button and close Microsoft AntiSpyware.


Let's also rehide hidden files:

To hide Hidden Files

1. Click Start.
2. Open My Computer.
3. SelectTools menu
4. Click Folder Options.
5. Select the View Tab.
6. Select Do not show hidden files and folders in the Hidden files and folders section.
7. Check Hide protected operating system files (recommended) option.
8. Check the Hide file extensions for known file types option.
9. Click Yes.
10. Click OK.

There are a few other very important things you should follow to avoid getting reinfected:

Update your Anti Virus Software - It is imperative that you update your Anti virus software at least once a week (Even more if you wish). If you do not update your anti virus software then it will not be able to catch any of the new variants that may come out.

Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is susceptible to being hacked and taken over. Simply using a Firewall in its default configuration can lower your risk greatly. For more info, check this webpage out.
See here to choose one


The following is a list of tools and utilities that I like to suggest to people. This list is full of great tools and utilities to help you understand how you got infected and how to keep from getting infected again.

  1. AdAware - Another very powerful tool which searches and kills nasties that infect your system. AdAware and Spybot Search & Destroy compliment each other very well.
  2. SpywareBlaster - Great prevention tool to keep nasties from installing on your system.
  3. SpywareGuard - Works as a Spyware "Shield" to protect your computer from getting malware in the first place.
  4. IE-SpyAd - puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.
  5. Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.
  6. Trillian or Miranda-IM - These are Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN)


To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Tony Klein
User avatar
agrarianmonk
MRU Teacher Emeritus
 
Posts: 5439
Joined: December 24th, 2005, 3:11 am

Unread postby ChrisRLG » March 8th, 2006, 9:21 am

We have noticed a few things with your access to our forum.

1.
Several people are having logs done from the same IP number - YOURS.

2.
They have all registered in the last few days, all with different machines.

Our rules state that a person is not allowed to have more than one username registered at our forum.

I have moved all your topics to this room :-
http://www.malwareremoval.com/forum/viewforum.php?f=78

It is hidden from normal public view, and I would like you to please explain what is going on here.

What it looks like is that you are one person, and are using our services to provide a service toother people, possibly for a fee.

Can you pease explain what is going on.

ChrisRLG
Malware Removal
ChrisRLG
Administrator Emeritus
 
Posts: 17759
Joined: December 16th, 2004, 10:04 am
Location: Southend, Essex, UK

anything else

Unread postby sumo » March 8th, 2006, 7:32 pm

i have done everything that was last listed is there anything else?

i now have installed
microsoft antispyware
norton internet security
ewido
fix.reg
cw shredder
atf-cleaner
spyware blaster
zoned out
spyware guard

do i need all of these? or is this ok

also i now have

quick time player
trillian
windows media player
mozilla firefox
outlook express
internet explorer
msn messenger
i-tunes

is this ok

also i have 2 icons (white boxes with blue banner across top

which are called hurl and hurl-1

i can't open them as it comes up msdos don't know what they are or how to look at them?

do you require another log file?

thanks for all your help
regards
sumo
sumo
Active Member
 
Posts: 9
Joined: March 4th, 2006, 3:37 pm
Location: Winnersh

Unread postby agrarianmonk » March 8th, 2006, 10:56 pm

Hi Sumo,

The programs you have installed look ok. Fix.reg isn't actually a program. It was just a registry fix that help remove some of the leftover malware registry items. You can remove that file from your desktop.

I don't exactly know what hurl or hurl-1 are, but I assume that they are shortcuts to the same file. If you would like me to take a look at it, please right click on the icon, select properties and copy and paste the contents of target into this post.

Are you having any other specific problems with your computer? Your last log looked clean, but if you are having any other difficulties, please post back here w/ a fresh HJT log and details about the problems you are having.
User avatar
agrarianmonk
MRU Teacher Emeritus
 
Posts: 5439
Joined: December 24th, 2005, 3:11 am
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 34 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware