problems...
- first time when i got the viruses.. i had this extra toolbar with the options like AdultGambling | Pharmacy | XXX personal photos .. etc etc forgot what the rest are, somehow i got rid of the toolbar by deleting some stuff in the HJT results.
- sometimes i get a window popup saying "Windows Security Center" WARNING: Windows Firewall detected suspicious network activity on your computer, Malicious software codes try to steal your privacy information, such as credit card numbers, electronic mail accounts, financial data or passwords. Do you want to learn how to protect your computer?" and its got the YES NO button but i always click NO because im scared its a virus thing trying to trick me so i downloaded "Zone Alarm" but the message still comes up sometime.
- i keep getting extra favourite files in my favourite folder section.. i deleted them heaps of times but it keeps coming back after a reboot.. so heres the list in my favourite folder...
AdultGambling
Free Online Dating
[bleep] Real Girls
Kill Annoying Popups
Online Sex Poker Rooms
Play Adult-Poker
Remove Toolbars
Spyware Uninstall
SPYWARE
XXX Personal Photos
this is the list of programs i used to get rid of my problem but none of them works...
ad-adware v1.06
avast
AVG 7.0
CWShredder
ewido
solo anti-virus
spysubtract (deleted it after AVG detected theres a virus in it)
spybot search&destroy
spyware blaster
stinger
i first update them then restart in safemode and i ..
Disk Cleanup
enable - Show hidden files and folders
disable - Hide extentions for known file types
disable - Hide protected operating system files
then yeah start scanning and after finishing scan i do online scans but the adware/spyware is still there.
heres my latest scanning logs...
Logfile of HijackThis v1.99.1
Scan saved at 3:23:12 AM, on 6/5/2005
Platform: Windows 2000 SP2 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\ZONELABS\vsmon.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\AGRSMMSG.exe
C:\Program Files\Winamp\winampa.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Documents and Settings\chi1\My Documents\phynx\phynx\mirc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\unzipped\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com.au/
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: Internet Explorer Hot Fix - {CDAB930D-AFB8-4FC9-901C-8773E9414E0A} - C:\WINNT\System32\zrpuh.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [win32pssd] win32sdds.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [teqq32] Preliminary.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\RunServices: [win32pssd] win32sdds.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefend...bitdefender.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcaf...416/mcfscan.cab
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINNT\system32\ZONELABS\vsmon.exe
Panda Online Scan...
Incident Status Location
Adware:Adware/SBSoft No disinfected C:\WINNT\System32\nmvqb.dll
Adware:Adware/CWS No disinfected C:\Documents and Settings\chi1\Favorites\AdultGambling.url
Adware:Adware/SBSoft No disinfected C:\WINNT\System32\nmvqb.dll
Adware:Adware/GloboSearch No disinfected Windows Registry
Adware:Adware/SBSoft No disinfected C:\WINNT\system32\nmvqb.dll
Adware:Adware/CWS No disinfected C:\Documents and Settings\All Users\Favorites\AdultGambling.url
Adware:Adware/CWS No disinfected C:\Documents and Settings\All Users\Favorites\Play Adult-Poker.url
Adware:Adware/CWS No disinfected C:\Documents and Settings\All Users\Favorites\Online Sex Poker Rooms.url
Adware:Adware/CWS No disinfected C:\Documents and Settings\All Users\Favorites\Kill Annoying Popups.url
Adware:Adware/CWS No disinfected C:\Documents and Settings\All Users\Favorites\Spyware Uninstall.url
Adware:Adware/CWS No disinfected C:\Documents and Settings\All Users\Favorites\Remove Toolbars.url
Adware:Adware/CWS No disinfected C:\Documents and Settings\All Users\Favorites\Free Online Dating.url
Adware:Adware/CWS No disinfected C:\Documents and Settings\All Users\Favorites\XXX personal photos.url
Adware:Adware/CWS No disinfected C:\Documents and Settings\All Users\Favorites\[bleep] Real Girls.url
Virus:Bck/IRCFlood.AA Disinfected C:\Documents and Settings\chi1\My Documents\scripts\nnscript.zip[nHTMLn.dll]
Adware:Adware/CWS No disinfected C:\Documents and Settings\chi1\Favorites\AdultGambling.url
Adware:Adware/CWS No disinfected C:\Documents and Settings\chi1\Favorites\Play Adult-Poker.url
Adware:Adware/CWS No disinfected C:\Documents and Settings\chi1\Favorites\Online Sex Poker Rooms.url
Adware:Adware/CWS No disinfected C:\Documents and Settings\chi1\Favorites\Kill Annoying Popups.url
Adware:Adware/CWS No disinfected C:\Documents and Settings\chi1\Favorites\Spyware Uninstall.url
Adware:Adware/CWS No disinfected C:\Documents and Settings\chi1\Favorites\Remove Toolbars.url
Adware:Adware/CWS No disinfected C:\Documents and Settings\chi1\Favorites\Free Online Dating.url
Adware:Adware/CWS No disinfected C:\Documents and Settings\chi1\Favorites\XXX personal photos.url
Adware:Adware/CWS No disinfected C:\Documents and Settings\chi1\Favorites\[bleep] Real Girls.url
Edited by laziboi, 05 June 2005 - 01:39 AM.