Content Top
DAL Computer Help » Internet Security Help » Spyware, Adware, Viruses and HijackThis Logs » something not right. Help needed (RESOLVED)

Recommended Fix

Click here to fix Windows Errors and Optimize Windows Performance

Need Computer Help?
Register Now for FREE

something not right. Help needed (RESOLVED)

Reply
Page 1 of 2 1 2
Thread Tools
Spyware, Adware, Viruses and HijackThis Logs
  #1 (permalink)  
Old 10-01-2006, 11:23 PM
Junior Member
New Recruit
  
Join Date: Nov 2005
Posts: 40
marty3 Is a beginner here at D-A-L
something not right. Help needed (RESOLVED)
hello everyone,
im having really annoying problems with internet taking so long to load pages, i really dont now what to do, also have a font problem. i done a hijack log if some1 could see if everyting looks normal id be gratefull.

thanx

Logfile of HijackThis v1.99.0
Scan saved at 22:17:52, on 10/01/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\progra~1\mcafee\MCAFEE~2\masalert.exe
C:\PROGRA~1\mcafee.com\vso\mcvsescn.exe
C:\GTray\gtray.exe
C:\Program Files\Belkin\Bluetooth Software\BTTray.exe
C:\PROGRA~1\McAfee.com\PERSON~1\Mp***ent.exe
C:\PROGRA~1\Belkin\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
c:\APPS\HIDSERVICE\HIDSERVICE.exe
c:\progra~1\mcafee\mcafee antispyware\massrv.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\WINDOWS\system32\nvsvc32.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = 0.0.0.0:80
O1 - Hosts: Additionally, comments (such as these) may be inserted on individual
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [_AntiSpyware] c:\progra~1\mcafee\MCAFEE~2\masalert.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [GTray] "C:\GTray\gtray.exe"
O4 - HKCU\..\Run: [DynAdvance Notifier] C:\DynAdvance\DynAdvance Notifier\MailNotifier.Exe
O4 - HKCU\..\Run: [GTray] "C:\GTray\gtray.exe"
O4 - Startup: BTTray.lnk = C:\Program Files\Belkin\Bluetooth Software\BTTray.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/sh...1/mcinsctl.cab
O16 - DPF: {5F0C30E4-1E72-4DCC-85E5-57810F1CA97B} (McUpdatePortalFactory Class) - http://www.amiuptodate.com/vsc/bin/1...datePortal.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/sh...21/mcgdmgr.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by101fd.bay101.hotmail.msn.co...x/HMAtchmt.ocx
O23 - Service: Bluetooth Service - WIDCOMM, Inc. - C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: Generic Service for HID Keyboard Input Collections - Unknown - c:\APPS\HIDSERVICE\HIDSERVICE.exe
O23 - Service: McAfee AntiSpyware Service - McAfee, Inc. - c:\progra~1\mcafee\mcafee antispyware\massrv.exe
O23 - Service: McAfee WSC Integration - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield - Unknown - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #2 (permalink)  
Old 11-01-2006, 04:49 AM
VopThis's Avatar
Senior Member (Canada)
  
Join Date: Nov 2005
Posts: 3,439
VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!
Re: something not right. Help needed
Disable mcafee antispyware (if you can) until the fix procedures have been completed.


Get hoster here:
http://www.funkytoad.com/download/hoster.zip

Unzip it to a convenient place and open the program.
Choose "Restore Original Hosts" and press "OK".
Close the program.



Please download, install, update and scan your system with the free (trial) version of Ewido trojan scanner:
  1. When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
  2. When you run ewido for the first time, you will get a warning "Database could not be found!". Click OK. We will fix this in a moment.
  3. From the main ewido screen, click on update in the left menu, then click the Start update button.
  4. After the update finishes (the status bar at the bottom will display "Update successful"), click on the Scanner button in the left menu, then click on the Start button. This scan can take quite a while to run, so time to go get a drink and a snack....
  5. If ewido finds anything, it will pop up a notification. You can select "clean" and check the boxes "Perform action with all infections" and "Create encrypted backup" before clicking on OK.
  6. When the scan finishes, click on "Save Report". This will create a text file. Please then paste the contents of the text file to this thread.




POST A REVISED HIJACKTHIS LOG for review:
Reboot and post a new HijackThis log with any feedback as appropriate - how things are now behaving: any new or remaining apparent issues.
__________________
Vincent P

MALWARE: READ FIRST Procedures:
|_ SpyBot V1.5 _|_ HijackThis LOG __V2.0.2 _|

__
ASAP: promoting a high standard and quality of security support no matter where you seek help.

Quote:
SAFER SURFING TOOLS (IE/FF **FREE** browser addons):
Linkscanner + WOT (Web of Trust) + SiteAdvisor (suggest at least two but not necessarily all)
Quote:
Tell me and I forget; show me and I remember; involve me and I understand.
There are no foolish questions, the only thing foolish is not asking if you're unsure of something.
Never ASSUME any detail because it can make an ASS out of U and ME... (ASS/U/ME ).
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #3 (permalink)  
Old 11-01-2006, 05:35 AM
Junior Member
New Recruit
  
Join Date: Nov 2005
Posts: 40
marty3 Is a beginner here at D-A-L
Re: something not right. Help needed
ok i disabled mcafee antispyware, then the hoster thing, then the edwido and here is edwido scan


ewido anti-malware - Scan report


+ Created on: 04:23:56, 11/01/2006
+ Report-Checksum: 328091C7

+ Scan result:

:mozilla.7:D:\Documents and Settings\Mart\Application Data\Orca Browser\Profiles\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.8:D:\Documents and Settings\Mart\Application Data\Orca Browser\Profiles\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.9:D:\Documents and Settings\Mart\Application Data\Orca Browser\Profiles\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.10:D:\Documents and Settings\Mart\Application Data\Orca Browser\Profiles\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.15:D:\Documents and Settings\Mart\Application Data\Orca Browser\Profiles\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.20:D:\Documents and Settings\Mart\Application Data\Orca Browser\Profiles\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.21:D:\Documents and Settings\Mart\Application Data\Orca Browser\Profiles\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.22:D:\Documents and Settings\Mart\Application Data\Orca Browser\Profiles\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.23:D:\Documents and Settings\Mart\Application Data\Orca Browser\Profiles\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.24:D:\Documents and Settings\Mart\Application Data\Orca Browser\Profiles\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.25:D:\Documents and Settings\Mart\Application Data\Orca Browser\Profiles\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.31:D:\Documents and Settings\Mart\Application Data\Orca Browser\Profiles\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.35:D:\Documents and Settings\Mart\Application Data\Orca Browser\Profiles\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.38:D:\Documents and Settings\Mart\Application Data\Orca Browser\Profiles\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.40:D:\Documents and Settings\Mart\Application Data\Orca Browser\Profiles\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.45:D:\Documents and Settings\Mart\Application Data\Orca Browser\Profiles\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.49:D:\Documents and Settings\Mart\Application Data\Orca Browser\Profiles\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.62:D:\Documents and Settings\Mart\Application Data\Orca Browser\Profiles\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.63:D:\Documents and Settings\Mart\Application Data\Orca Browser\Profiles\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.64:D:\Documents and Settings\Mart\Application Data\Orca Browser\Profiles\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.86:D:\Documents and Settings\Mart\Application Data\Orca Browser\Profiles\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup
:mozilla.87:D:\Documents and Settings\Mart\Application Data\Orca Browser\Profiles\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup
:mozilla.96:D:\Documents and Settings\Mart\Application Data\Orca Browser\Profiles\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.98:D:\Documents and Settings\Mart\Application Data\Orca Browser\Profiles\cookies.txt -> Spyware.Cookie.Paypopup : Cleaned with backup
:mozilla.99:D:\Documents and Settings\Mart\Application Data\Orca Browser\Profiles\cookies.txt -> Spyware.Cookie.Paypopup : Cleaned with backup
:mozilla.100:D:\Documents and Settings\Mart\Application Data\Orca Browser\Profiles\cookies.txt -> Spyware.Cookie.Paypopup : Cleaned with backup
:mozilla.101:D:\Documents and Settings\Mart\Application Data\Orca Browser\Profiles\cookies.txt -> Spyware.Cookie.Paypopup : Cleaned with backup
:mozilla.102:D:\Documents and Settings\Mart\Application Data\Orca Browser\Profiles\cookies.txt -> Spyware.Cookie.Paypopup : Cleaned with backup
:mozilla.103:D:\Documents and Settings\Mart\Application Data\Orca Browser\Profiles\cookies.txt -> Spyware.Cookie.Paypopup : Cleaned with backup
:mozilla.104:D:\Documents and Settings\Mart\Application Data\Orca Browser\Profiles\cookies.txt -> Spyware.Cookie.Paypopup : Cleaned with backup
:mozilla.105:D:\Documents and Settings\Mart\Application Data\Orca Browser\Profiles\cookies.txt -> Spyware.Cookie.Paypopup : Cleaned with backup
:mozilla.106:D:\Documents and Settings\Mart\Application Data\Orca Browser\Profiles\cookies.txt -> Spyware.Cookie.Paypopup : Cleaned with backup
:mozilla.107:D:\Documents and Settings\Mart\Application Data\Orca Browser\Profiles\cookies.txt -> Spyware.Cookie.Paypopup : Cleaned with backup
:mozilla.108:D:\Documents and Settings\Mart\Application Data\Orca Browser\Profiles\cookies.txt -> Spyware.Cookie.Paypopup : Cleaned with backup
:mozilla.109:D:\Documents and Settings\Mart\Application Data\Orca Browser\Profiles\cookies.txt -> Spyware.Cookie.Paypopup : Cleaned with backup
:mozilla.110:D:\Documents and Settings\Mart\Application Data\Orca Browser\Profiles\cookies.txt -> Spyware.Cookie.Paypopup : Cleaned with backup
:mozilla.111:D:\Documents and Settings\Mart\Application Data\Orca Browser\Profiles\cookies.txt -> Spyware.Cookie.Paypopup : Cleaned with backup
:mozilla.112:D:\Documents and Settings\Mart\Application Data\Orca Browser\Profiles\cookies.txt -> Spyware.Cookie.Paypopup : Cleaned with backup
:mozilla.113:D:\Documents and Settings\Mart\Application Data\Orca Browser\Profiles\cookies.txt -> Spyware.Cookie.Paypopup : Cleaned with backup
:mozilla.114:D:\Documents and Settings\Mart\Application Data\Orca Browser\Profiles\cookies.txt -> Spyware.Cookie.Paypopup : Cleaned with backup
:mozilla.115:D:\Documents and Settings\Mart\Application Data\Orca Browser\Profiles\cookies.txt -> Spyware.Cookie.Paypopup : Cleaned with backup
:mozilla.116:D:\Documents and Settings\Mart\Application Data\Orca Browser\Profiles\cookies.txt -> Spyware.Cookie.Paypopup : Cleaned with backup
:mozilla.117:D:\Documents and Settings\Mart\Application Data\Orca Browser\Profiles\cookies.txt -> Spyware.Cookie.Paypopup : Cleaned with backup
:mozilla.118:D:\Documents and Settings\Mart\Application Data\Orca Browser\Profiles\cookies.txt -> Spyware.Cookie.Paypopup : Cleaned with backup
:mozilla.119:D:\Documents and Settings\Mart\Application Data\Orca Browser\Profiles\cookies.txt -> Spyware.Cookie.Paypopup : Cleaned with backup
:mozilla.120:D:\Documents and Settings\Mart\Application Data\Orca Browser\Profiles\cookies.txt -> Spyware.Cookie.Paypopup : Cleaned with backup
:mozilla.121:D:\Documents and Settings\Mart\Application Data\Orca Browser\Profiles\cookies.txt -> Spyware.Cookie.Paypopup : Cleaned with backup
:mozilla.122:D:\Documents and Settings\Mart\Application Data\Orca Browser\Profiles\cookies.txt -> Spyware.Cookie.Paypopup : Cleaned with backup
:mozilla.123:D:\Documents and Settings\Mart\Application Data\Orca Browser\Profiles\cookies.txt -> Spyware.Cookie.****-access : Cleaned with backup
:mozilla.126:D:\Documents and Settings\Mart\Application Data\Orca Browser\Profiles\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.127:D:\Documents and Settings\Mart\Application Data\Orca Browser\Profiles\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.128:D:\Documents and Settings\Mart\Application Data\Orca Browser\Profiles\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.129:D:\Documents and Settings\Mart\Application Data\Orca Browser\Profiles\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.130:D:\Documents and Settings\Mart\Application Data\Orca Browser\Profiles\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.141:D:\Documents and Settings\Mart\Application Data\Orca Browser\Profiles\cookies.txt -> Spyware.Cookie.Hotlog : Cleaned with backup
:mozilla.142:D:\Documents and Settings\Mart\Application Data\Orca Browser\Profiles\cookies.txt -> Spyware.Cookie.Spylog : Cleaned with backup
:mozilla.151:D:\Documents and Settings\Mart\Application Data\Orca Browser\Profiles\cookies.txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
:mozilla.158:D:\Documents and Settings\Mart\Application Data\Orca Browser\Profiles\cookies.txt -> Spyware.Cookie.Trafic : Cleaned with backup
:mozilla.189:D:\Documents and Settings\Mart\Application Data\Orca Browser\Profiles\cookies.txt -> Spyware.Cookie.247realmedia : Cleaned with backup
:mozilla.190:D:\Documents and Settings\Mart\Application Data\Orca Browser\Profiles\cookies.txt -> Spyware.Cookie.247realmedia : Cleaned with backup
:mozilla.193:D:\Documents and Settings\Mart\Application Data\Orca Browser\Profiles\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
D:\Documents and Settings\Mart\Cookies\mart@e-2dj6wflikncpsep.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
D:\Documents and Settings\Mart\Cookies\mart@spylog[1].txt -> Spyware.Cookie.Spylog : Cleaned with backup
D:\Documents and Settings\Mart\Local Settings\Temporary Internet Files\Content.IE5\CVK9E9IH\mm[1].js -> Spyware.Chitika : Cleaned with backup


::Report End

will post again HJT log next
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #4 (permalink)  
Old 11-01-2006, 05:38 AM
Junior Member
New Recruit
  
Join Date: Nov 2005
Posts: 40
marty3 Is a beginner here at D-A-L
Re: something not right. Help needed
here is hijack this log, i think it might be ok now, all tho ive not tried to send attachment with email yet, that was also a problem i was having along with sending pictures / mp3 music or anything via webmail or msn messenger, but i will try that now and post back. HJT Log ------>>

Logfile of HijackThis v1.99.0
Scan saved at 04:36:13, on 11/01/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\progra~1\mcafee\MCAFEE~2\masalert.exe
C:\GTray\gtray.exe
C:\Program Files\Belkin\Bluetooth Software\BTTray.exe
C:\PROGRA~1\McAfee.com\PERSON~1\Mp***ent.exe
C:\PROGRA~1\Belkin\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\ewido anti-malware\ewidoctrl.exe
c:\APPS\HIDSERVICE\HIDSERVICE.exe
c:\progra~1\mcafee\mcafee antispyware\massrv.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\WINDOWS\system32\nvsvc32.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\Avant Browser\avant.exe
C:\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = 0.0.0.0:80
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [_AntiSpyware] c:\progra~1\mcafee\MCAFEE~2\masalert.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [GTray] "C:\GTray\gtray.exe"
O4 - HKCU\..\Run: [DynAdvance Notifier] C:\DynAdvance\DynAdvance Notifier\MailNotifier.Exe
O4 - HKCU\..\Run: [GTray] "C:\GTray\gtray.exe"
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - Startup: BTTray.lnk = C:\Program Files\Belkin\Bluetooth Software\BTTray.exe
O8 - Extra context menu item: Add to AD Black List - C:\Avant Browser\AddToADBlackList.htm
O8 - Extra context menu item: Block All Images from the Same Server - C:\Avant Browser\AddAllToADBlackList.htm
O8 - Extra context menu item: Highlight - C:\Avant Browser\Highlight.htm
O8 - Extra context menu item: Open All Links in This Page... - C:\Avant Browser\OpenAllLinks.htm
O8 - Extra context menu item: Open In New Avant Browser - C:\Avant Browser\OpenInNewBrowser.htm
O8 - Extra context menu item: Search - C:\Avant Browser\Search.htm
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/sh...1/mcinsctl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
O16 - DPF: {5F0C30E4-1E72-4DCC-85E5-57810F1CA97B} (McUpdatePortalFactory Class) - http://www.amiuptodate.com/vsc/bin/1...datePortal.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/sh...21/mcgdmgr.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by101fd.bay101.hotmail.msn.co...x/HMAtchmt.ocx
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Bluetooth Service - WIDCOMM, Inc. - C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: ewido security suite control - ewido networks - C:\ewido anti-malware\ewidoctrl.exe
O23 - Service: Generic Service for HID Keyboard Input Collections - Unknown - c:\APPS\HIDSERVICE\HIDSERVICE.exe
O23 - Service: McAfee AntiSpyware Service - McAfee, Inc. - c:\progra~1\mcafee\mcafee antispyware\massrv.exe
O23 - Service: McAfee WSC Integration - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield - Unknown - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #5 (permalink)  
Old 11-01-2006, 10:51 AM
Junior Member
New Recruit
  
Join Date: Nov 2005
Posts: 40
marty3 Is a beginner here at D-A-L
Re: something not right. Help needed
no i still cant use internet properly cant send email attachments and general web browsing takes so long to load, and some times dont load at all, i do a online speed test and its all ok im using 2meg connection and some times it will take upto 5 minutes to load a page, its so very annoying,i can download files at good speeds, allways between 220kbps - 250kbps. i have tried every single available web browser known to man and there all the same. what is causing this problem.. i really am banging my head against the wall with this
Last edited by marty3; 11-01-2006 at 10:53 AM.
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #6 (permalink)  
Old 11-01-2006, 06:52 PM
VopThis's Avatar
Senior Member (Canada)
  
Join Date: Nov 2005
Posts: 3,439
VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!
Re: something not right. Help needed
Try fixing the following line items in HJT:

SELECT HijackThis FIX ITEMS: Scan with HijackThis and place a check next to these items:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = 0.0.0.0:80

Make sure that all browser windows and internet links are closed, even this one!
CLICK ’FIX CHECKED’ with HijackThis.



Reboot and test out your browser email again.
__________________
Vincent P

MALWARE: READ FIRST Procedures:
|_ SpyBot V1.5 _|_ HijackThis LOG __V2.0.2 _|

__
ASAP: promoting a high standard and quality of security support no matter where you seek help.

Quote:
SAFER SURFING TOOLS (IE/FF **FREE** browser addons):
Linkscanner + WOT (Web of Trust) + SiteAdvisor (suggest at least two but not necessarily all)
Quote:
Tell me and I forget; show me and I remember; involve me and I understand.
There are no foolish questions, the only thing foolish is not asking if you're unsure of something.
Never ASSUME any detail because it can make an ASS out of U and ME... (ASS/U/ME ).
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #7 (permalink)  
Old 14-01-2006, 04:04 AM
Junior Member
New Recruit
  
Join Date: Nov 2005
Posts: 40
marty3 Is a beginner here at D-A-L
Re: something not right. Help needed
hello, i formatted my windows c: partition and updated with a fresh installation of win xp, and the problem i was having with email / internet browsing is now gone thank god. lol. was so so very annoying. but ive done another log, and im unsure on what ech.exe is? it shows up on task man also as a running process? any ideals? here is log, and thanx for taking the time to help me, i really appreiciate it, your really good people on a great site ----->>

Logfile of HijackThis v1.99.0
Scan saved at 02:59:55, on 14/01/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\WINDOWS\RTHDCPL.EXE
D:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
C:\Apps\Powercinema\PCMService.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
c:\APPS\HIDSERVICE\HIDSERVICE.exe
D:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\PROGRA~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
c:\program files\mcafee.com\agent\mcdetect.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Norman\Norman Ad-Aware SE Plus\Ad-Watch.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
D:\Program Files\Belkin\Bluetooth Software\BTTray.exe
C:\PROGRA~1\McAfee.com\PERSON~1\Mp***ent.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\wwSecure.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
D:\PROGRA~1\Belkin\BLUETO~1\BTSTAC~1.EXE
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
D:\Program Files\Avant Browser\avant.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Messenger\msmsgs.exe
D:\Program Files\Hijack This\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - d:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [EmailChecker] C:\APPS\EmailChecker\ech.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] d:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [McRegWiz] c:\PROGRA~1\mcafee.com\agent\mcregwiz.exe /autorun
O4 - HKCU\..\Run: [AWMON] "C:\Program Files\Norman\Norman Ad-Aware SE Plus\Ad-Watch.exe"
O4 - HKCU\..\RunOnce: [Index Washer] d:\Program Files\Webroot\Washer\WashIdx.exe "Martyn"
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: Add to AD Black List - D:\Program Files\Avant Browser\AddToADBlackList.htm
O8 - Extra context menu item: Block All Images from the Same Server - D:\Program Files\Avant Browser\AddAllToADBlackList.htm
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: Highlight - D:\Program Files\Avant Browser\Highlight.htm
O8 - Extra context menu item: Open All Links in This Page... - D:\Program Files\Avant Browser\OpenAllLinks.htm
O8 - Extra context menu item: Open In New Avant Browser - D:\Program Files\Avant Browser\OpenInNewBrowser.htm
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Search - D:\Program Files\Avant Browser\Search.htm
O8 - Extra context menu item: Send To &Bluetooth - D:\Program Files\Belkin\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - D:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - D:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,20/mcgdmgr.cab
O23 - Service: Bluetooth Service - WIDCOMM, Inc. - D:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
O23 - Service: CyberLink Background Capture Service (CBCS) - Unknown - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) - Unknown - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: Generic Service for HID Keyboard Input Collections - Unknown - c:\APPS\HIDSERVICE\HIDSERVICE.exe
O23 - Service: McAfee WSC Integration - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield - Unknown - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Ulead Burning Helper - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Washer AutoComplete - Webroot Software, Inc. - C:\WINDOWS\system32\wwSecure.exe
Last edited by marty3; 14-01-2006 at 04:06 AM.
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #8 (permalink)  
Old 14-01-2006, 06:31 AM
VopThis's Avatar
Senior Member (Canada)
  
Join Date: Nov 2005
Posts: 3,439
VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!
Re: something not right. Help needed
The following application can be a problem depending on the version. I would suggest uninstalling it (Add/Remove in Control Panel):

MESSENGERPLUS3


With programs such as Ad-watch be careful not to to run multiple real-time monitor tools as they can interfere with each other or slow down your PC horribly. And be sure to run only one real-time antivirus tool at a time.




To help avoid serious infection again, please look carefully at this post for some excellent preventative measures. Prevention must be made the first line of defense to improve upon.



ONLY ONCE your are as clean as possible from any needed cleanup steps - As a final cleanup step, it is often advisable to Reset and Re-enable your System Restore to remove any bad files that may have been backed up by Windows . The files in System Restore are protected to prevent any programs changing them. And, this is the only complete way to clean these files: (You will lose all previous restore points which could likely be infected, anyway.)

PLEASE NOTE: you will need to log into your computer with an account that has full administrator access. You will know if the account has administrator access because you will be able to see the System Restore tab. If the tab is missing, you are logged in under a limited account.


(Windows XP)
Quote:
c:\System Volume Information\_restore….
To Turn OFF System Restore.
  1. Click the Start button.
  2. Right-click My Computer, and then click Properties.
  3. On the System Restore tab, check Turn off System Restore or Turn off System Restore on all drives.
  4. Click Apply.

To Turn ON System Restore.
  1. Follow the steps in the previous section, but in step 3, uncheck Turn off System Restore or Turn off System Restore on all drives. Then click OK.
  2. Create new System Restore points.


(Windows ME)
Quote:
c:\_RESTORE\TEMP\….
See the following link for instructions:
http://service1.symantec.com/SUPPORT...rc=sec_doc_nam




To reduce the re-infection potential for malware and protect your PC against spyware, here are a few helpful suggestions:
  1. Keep Windows and Internet Explorer current with the latest critical security updates from Microsoft . This will patch many of the security holes through which attackers can gain access to your computer . You CANNOT complete this update using an alternate browser – you must use Internet Explorer.
    http://v5.windowsupdate.microsoft.com/v5co...t.aspx?ln=en-us
    http://www.microsoft.com/windows/ie/default.asp

  2. Run your antivirus software regularly, and to keep its definitions up-to-date. If you are thinking about switching (using a real-time AV tool only one at a time), there are some good free Antivirus programs that are decent, including AVG and Avast!.
    AVG: http://free.grisoft.com/doc/1
    Avast: http://www.avast.com/eng/avast_4_home.html

  3. In addition to using Ad-aware, consider using another free malware scanning/removal program :
    Adaware SE: http://www.download.com/Ad-Aware-SE-Person...ubj=dl&tag=top5
    Spybot S&D: http://www.download.com/Spybot-Search-Dest...tml?tag=lst-0-1
    MS Antispyware beta: http://www.microsoft.com/athome/security/s...re/default.mspx

  4. Consider using a free firewall if you are not already using one (use only one firewall at a time – normally you will need to disable the MS firewall). Some good free ones (for incoming and added outgoing traffic protection) are:
    Kerio Personal Firewall: http://www.sunbelt-software.com/Kerio.cfm
    *** After 30 days, Kerio shuts down selected features, but will continue to run in 'free' mode.
    Zone Alarm: http://www.zonelabs.com/store/content/company/products/znalm/comparison.jsp?lid=ho_za

    It is not a bad idea to also consider using a Router/Hardware firewall device where you have a High-Speed Internet access connection. A software firewall may occasionally need to be disabled or it gets/remains disabled by someone or something. Such an added layer of security consistency has a lot of merit to it.

  5. Consider using an alternate free browser for general web surfing but you must use IE for windows updates.
    Mozilla Firefox: http://www.mozilla.org/products/firefox/

  6. Consider increasing your browser security by using these programs:
    SpywareGuard will help protect your homepage from being hijacked: http://www.javacoolsoftware.com/spywareguard.html
    SpywareBlaster will increase browser protection by blocking access to thousands of known malware sites by adding them to IE's restricted sites zone. It essentially blocks known- bad ActiveX program items from being installed or running on your computer. Download it here: http://www.javacoolsoftware.com/spywareblaster.html
  7. A HOSTS file can block Internet access to thousands of known-bad sites by not allowing you any easy browser access to such sites knowingly or unknowingly. Use HJT to determine if a current HOSTS file exists and any contents therein:
    • Run the HiJackThis tool and select ‘Open the Misc Tools section’.
    • Next select ‘Open host file manager’ button.
    • Use the ‘Open in Notepad’ button in XP/W2K or use WORDPAD if necessary [type wordpad.exe in the RUN box (Start>Run)] and load the FILE PATH identified in HJT.
    • Go to http://www.mvps.org/winhelp2002/hosts.txt . # Read the initial instructions #. Copy and paste (append or replace) the RELEVANT host address entry contents of that file into Notepad or Wordpad and save the updated file contents.

      Quote:
      #start of lines added by WinHelp2002
      # [Misc A - Z]
      127.0.0.1 phpadsnew.abac.com
      127.0.0.1 a.abnad.net
      127.0.0.1 e.abnad.net
      127.0.0.1 www.accoona.com #[Adware-Accoona][Adware.Atoolb][Panda.Accoona]
      .
      .
      .
      #end of lines added by WinHelp2002




*Remember just like your primary anti-virus software, it is important to:
  • Keep all of these programs up-to-date, and
  • Use them on a regular basis.
__________________
Vincent P

MALWARE: READ FIRST Procedures:
|_ SpyBot V1.5 _|_ HijackThis LOG __V2.0.2 _|

__
ASAP: promoting a high standard and quality of security support no matter where you seek help.

Quote:
SAFER SURFING TOOLS (IE/FF **FREE** browser addons):
Linkscanner + WOT (Web of Trust) + SiteAdvisor (suggest at least two but not necessarily all)
Quote:
Tell me and I forget; show me and I remember; involve me and I understand.
There are no foolish questions, the only thing foolish is not asking if you're unsure of something.
Never ASSUME any detail because it can make an ASS out of U and ME... (ASS/U/ME ).
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #9 (permalink)  
Old 18-01-2006, 12:15 PM
Junior Member
New Recruit
  
Join Date: Nov 2005
Posts: 40
marty3 Is a beginner here at D-A-L
Re: something not right. Help needed
hello, thanx for your great help, im just need to clarify something --->
Code:
#start of lines added by WinHelp2002#start of lines added by WinHelp2002
# [Misc A - Z]
127.0.0.1 phpadsnew.abac.com
127.0.0.1 a.abnad.net
127.0.0.1 e.abnad.net
127.0.0.1 www.accoona.com #[Adware-Accoona][Adware.Atoolb][Panda.Accoona]
.
.
.
#end of lines added by WinHelp2002
do i add this into the host file instead of the txt from http://www.mvps.org/winhelp2002/hosts.txt ? or do i put this in there aswell? im very confused on this? thanx for help. pc is running better now just need to know about this host thing, exactly what i put in there.
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #10 (permalink)  
Old 18-01-2006, 04:10 PM
VopThis's Avatar
Senior Member (Canada)
  
Join Date: Nov 2005
Posts: 3,439
VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!
Re: something not right. Help needed
Quote:
do i add this into the host file instead of the txt from http://www.mvps.org/winhelp2002/hosts.txt ?
That is a portion from the hosts.txt file - only copy the RELEVANT portion from that file.
__________________
Vincent P

MALWARE: READ FIRST Procedures:
|_ SpyBot V1.5 _|_ HijackThis LOG __V2.0.2 _|

__
ASAP: promoting a high standard and quality of security support no matter where you seek help.

Quote:
SAFER SURFING TOOLS (IE/FF **FREE** browser addons):
Linkscanner + WOT (Web of Trust) + SiteAdvisor (suggest at least two but not necessarily all)
Quote:
Tell me and I forget; show me and I remember; involve me and I understand.
There are no foolish questions, the only thing foolish is not asking if you're unsure of something.
Never ASSUME any detail because it can make an ASS out of U and ME... (ASS/U/ME ).
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
Reply
Page 1 of 2 1 2

« Previous Thread | Next Thread »

Thread Tools

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
GB Dialer logs attached help needed please (RESOLVED) Springer2002 Spyware, Adware, Viruses and HijackThis Logs 5 16-05-2006 02:07 PM
Help needed for HijackThis!! Have a few nasties(RESOLVED) walkinrain Spyware, Adware, Viruses and HijackThis Logs 13 04-01-2006 10:10 PM
Hijack this log - help needed (RESOLVED) dollibird Spyware, Adware, Viruses and HijackThis Logs 15 07-11-2005 09:24 PM
Help Needed with ads234 (Resolved) sw17 Spyware, Adware, Viruses and HijackThis Logs 9 10-08-2004 07:28 PM
Hijack this log - help needed please (Resolved) liamlynch Spyware, Adware, Viruses and HijackThis Logs 9 30-07-2004 10:41 PM


All times are GMT +1. The time now is 03:26 AM.
Member Login
Remember me ?
Forgot password?
Ads

Want to Advertise? Click Here
Help Categories
Desktop / Server Apps
Drivers
Firewalls and Networks
Games
General Internet Issues
Hardware
Linux
MAC OS
Modding / Overclocking
Search Engines
Spyware and Security
Web Development
Windows 2000
Windows 7
Windows 98
Windows ME
Windows Vista
Windows XP

Computer Repair Companies
Bottom Corner Bottom Nav