Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

IE Pop UP Windows [RESOLVED]

Started by Elrawiel , Mar 21 2006 11:54 AM

  • This topic is locked This topic is locked

#1
Elrawiel
Posted 21 March 2006 - 11:54 AM

Elrawiel

    Member

  • Member
  • PipPip
  • 14 posts
Tried installing Office on my parents' computer only to have several IE windows suddenly open. Currently running AVG Free edition to locate problems. Posting the log here to get some help, even getting pop-ups as I write this >.<

Logfile of HijackThis v1.99.1
Scan saved at 17:51:45, on 21/03/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\YQ\command.exe
C:\Program Files\Network Monitor\netmon.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Winamp\winampa.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Windows\services32.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgwb.dat
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\Documents and Settings\a\Local Settings\Temp\Temporary Directory 1 for hijackthis[1].zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.fin...siteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.fin...siteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.fin...siteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.fin...siteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [NewFrn] C:\WINDOWS\newfrn.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\RunServices: [csr] csrrs.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [services32] C:\Program Files\Common Files\Windows\mc-110-12-0000140.exe
O4 - HKCU\..\Run: [CU1] C:\Program Files\Common Files\VCClient\VCClient.exe
O4 - HKCU\..\Run: [CU2] C:\Program Files\Common Files\VCClient\VCMain.exe
O4 - HKCU\..\Run: [iwko] C:\PROGRA~1\COMMON~1\iwko\iwkom.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: Themes - C:\WINDOWS\system32\lvnq0955e.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\YQ\command.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe


And here's the scan after my usual Virus/Spyware/Malware/Adware checks..

Logfile of HijackThis v1.99.1
Scan saved at 18:38:05, on 21/03/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\YQ\command.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Winamp\winampa.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Documents and Settings\a\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [CU1] C:\Program Files\Common Files\VCClient\VCClient.exe
O4 - HKCU\..\Run: [CU2] C:\Program Files\Common Files\VCClient\VCMain.exe
O4 - HKCU\..\Run: [iwko] C:\PROGRA~1\COMMON~1\iwko\iwkom.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: ShellScrap - C:\WINDOWS\system32\fplm0331e.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\YQ\command.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Edited by Elrawiel, 21 March 2006 - 12:39 PM.

  • 0

Advertisements

#2
loophole
Posted 21 March 2006 - 01:53 PM

loophole

    Malware Expert

  • Retired Staff
  • 9,798 posts
Hi Elrawiel :tazz:

Please download Look2Me-Destroyer.exe to your desktop.
  • Close all windows before continuing.
  • Double-click Look2Me-Destroyer.exe to run it.
  • Put a check next to Run this program as a task.
  • You will receive a message saying Look2Me-Destroyer will close and re-open in approximately 1 minute. Click OK
  • When Look2Me-Destroyer re-opens, click the Scan for L2M button, your desktop icons will disappear, this is normal.
  • Once it's done scanning, click the Remove L2M button.
  • You will receive a Done Scanning message, click OK.
  • When completed, you will receive this message: Done removing infected files! Look2Me-Destroyer will now shutdown your computer, click OK.
  • Your computer will then shutdown.
  • Turn your computer back on.
  • Please post the contents of Look2Me-Destroyer.txt (it can be found wherever you saved Look2Me-Destroyer.exe) and a new HiJackThis log.
If Look2Me-Destroyer does not reopen automatically, reboot and try again.
  • 0

#3
Elrawiel
Posted 22 March 2006 - 05:45 AM

Elrawiel

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
L2M file


Look2Me-Destroyer V1.0.11

Scanning for infected files.....
Scan started at 22/03/2006 11:37:12

Infected! C:\WINDOWS\system32\g022lafo1d2c.dll
Infected! C:\System Volume Information\_restore{D2DDE1D8-8179-436B-BAE9-B22DCA7A7484}\RP8\A0002567.dll
Infected! C:\System Volume Information\_restore{D2DDE1D8-8179-436B-BAE9-B22DCA7A7484}\RP8\A0002597.dll
Infected! C:\System Volume Information\_restore{D2DDE1D8-8179-436B-BAE9-B22DCA7A7484}\RP8\A0002600.dll
Infected! C:\System Volume Information\_restore{D2DDE1D8-8179-436B-BAE9-B22DCA7A7484}\RP9\A0003200.dll
Infected! C:\System Volume Information\_restore{D2DDE1D8-8179-436B-BAE9-B22DCA7A7484}\RP9\A0003206.dll
Infected! C:\System Volume Information\_restore{D2DDE1D8-8179-436B-BAE9-B22DCA7A7484}\RP9\A0003216.dll
Infected! C:\System Volume Information\_restore{D2DDE1D8-8179-436B-BAE9-B22DCA7A7484}\RP9\A0003223.dll
Infected! C:\System Volume Information\_restore{D2DDE1D8-8179-436B-BAE9-B22DCA7A7484}\RP9\A0003225.dll
Infected! C:\System Volume Information\_restore{D2DDE1D8-8179-436B-BAE9-B22DCA7A7484}\RP9\A0003232.dll
Infected! C:\System Volume Information\_restore{D2DDE1D8-8179-436B-BAE9-B22DCA7A7484}\RP9\A0003241.dll
Infected! C:\System Volume Information\_restore{D2DDE1D8-8179-436B-BAE9-B22DCA7A7484}\RP9\A0003329.dll
Infected! C:\System Volume Information\_restore{D2DDE1D8-8179-436B-BAE9-B22DCA7A7484}\RP9\A0003334.dll
Infected! C:\System Volume Information\_restore{D2DDE1D8-8179-436B-BAE9-B22DCA7A7484}\RP9\A0003378.dll
Infected! C:\System Volume Information\_restore{D2DDE1D8-8179-436B-BAE9-B22DCA7A7484}\RP9\A0003382.dll
Infected! C:\System Volume Information\_restore{D2DDE1D8-8179-436B-BAE9-B22DCA7A7484}\RP9\A0003455.dll
Infected! C:\System Volume Information\_restore{D2DDE1D8-8179-436B-BAE9-B22DCA7A7484}\RP9\A0003459.dll
Infected! C:\System Volume Information\_restore{D2DDE1D8-8179-436B-BAE9-B22DCA7A7484}\RP9\A0003462.dll
Infected! C:\System Volume Information\_restore{D2DDE1D8-8179-436B-BAE9-B22DCA7A7484}\RP9\A0003466.dll
Infected! C:\System Volume Information\_restore{D2DDE1D8-8179-436B-BAE9-B22DCA7A7484}\RP9\A0003471.dll
Infected! C:\System Volume Information\_restore{D2DDE1D8-8179-436B-BAE9-B22DCA7A7484}\RP9\A0003475.dll
Infected! C:\WINDOWS\system32\g022lafo1d2c.dll
Infected! C:\WINDOWS\system32\k462lejo1hoc.dll
Infected! C:\WINDOWS\system32\m4460ehseh460.dll
Infected! C:\WINDOWS\system32\MPWMDM.dll
Infected! C:\WINDOWS\system32\sztupapi.dll

Attempting to delete infected files...

Attempting to delete: C:\WINDOWS\system32\g022lafo1d2c.dll
C:\WINDOWS\system32\g022lafo1d2c.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{D2DDE1D8-8179-436B-BAE9-B22DCA7A7484}\RP8\A0002567.dll
C:\System Volume Information\_restore{D2DDE1D8-8179-436B-BAE9-B22DCA7A7484}\RP8\A0002567.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{D2DDE1D8-8179-436B-BAE9-B22DCA7A7484}\RP8\A0002597.dll
C:\System Volume Information\_restore{D2DDE1D8-8179-436B-BAE9-B22DCA7A7484}\RP8\A0002597.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{D2DDE1D8-8179-436B-BAE9-B22DCA7A7484}\RP8\A0002600.dll
C:\System Volume Information\_restore{D2DDE1D8-8179-436B-BAE9-B22DCA7A7484}\RP8\A0002600.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{D2DDE1D8-8179-436B-BAE9-B22DCA7A7484}\RP9\A0003200.dll
C:\System Volume Information\_restore{D2DDE1D8-8179-436B-BAE9-B22DCA7A7484}\RP9\A0003200.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{D2DDE1D8-8179-436B-BAE9-B22DCA7A7484}\RP9\A0003206.dll
C:\System Volume Information\_restore{D2DDE1D8-8179-436B-BAE9-B22DCA7A7484}\RP9\A0003206.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{D2DDE1D8-8179-436B-BAE9-B22DCA7A7484}\RP9\A0003216.dll
C:\System Volume Information\_restore{D2DDE1D8-8179-436B-BAE9-B22DCA7A7484}\RP9\A0003216.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{D2DDE1D8-8179-436B-BAE9-B22DCA7A7484}\RP9\A0003223.dll
C:\System Volume Information\_restore{D2DDE1D8-8179-436B-BAE9-B22DCA7A7484}\RP9\A0003223.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{D2DDE1D8-8179-436B-BAE9-B22DCA7A7484}\RP9\A0003225.dll
C:\System Volume Information\_restore{D2DDE1D8-8179-436B-BAE9-B22DCA7A7484}\RP9\A0003225.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{D2DDE1D8-8179-436B-BAE9-B22DCA7A7484}\RP9\A0003232.dll
C:\System Volume Information\_restore{D2DDE1D8-8179-436B-BAE9-B22DCA7A7484}\RP9\A0003232.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{D2DDE1D8-8179-436B-BAE9-B22DCA7A7484}\RP9\A0003241.dll
C:\System Volume Information\_restore{D2DDE1D8-8179-436B-BAE9-B22DCA7A7484}\RP9\A0003241.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{D2DDE1D8-8179-436B-BAE9-B22DCA7A7484}\RP9\A0003329.dll
C:\System Volume Information\_restore{D2DDE1D8-8179-436B-BAE9-B22DCA7A7484}\RP9\A0003329.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{D2DDE1D8-8179-436B-BAE9-B22DCA7A7484}\RP9\A0003334.dll
C:\System Volume Information\_restore{D2DDE1D8-8179-436B-BAE9-B22DCA7A7484}\RP9\A0003334.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{D2DDE1D8-8179-436B-BAE9-B22DCA7A7484}\RP9\A0003378.dll
C:\System Volume Information\_restore{D2DDE1D8-8179-436B-BAE9-B22DCA7A7484}\RP9\A0003378.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{D2DDE1D8-8179-436B-BAE9-B22DCA7A7484}\RP9\A0003382.dll
C:\System Volume Information\_restore{D2DDE1D8-8179-436B-BAE9-B22DCA7A7484}\RP9\A0003382.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{D2DDE1D8-8179-436B-BAE9-B22DCA7A7484}\RP9\A0003455.dll
C:\System Volume Information\_restore{D2DDE1D8-8179-436B-BAE9-B22DCA7A7484}\RP9\A0003455.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{D2DDE1D8-8179-436B-BAE9-B22DCA7A7484}\RP9\A0003459.dll
C:\System Volume Information\_restore{D2DDE1D8-8179-436B-BAE9-B22DCA7A7484}\RP9\A0003459.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{D2DDE1D8-8179-436B-BAE9-B22DCA7A7484}\RP9\A0003462.dll
C:\System Volume Information\_restore{D2DDE1D8-8179-436B-BAE9-B22DCA7A7484}\RP9\A0003462.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{D2DDE1D8-8179-436B-BAE9-B22DCA7A7484}\RP9\A0003466.dll
C:\System Volume Information\_restore{D2DDE1D8-8179-436B-BAE9-B22DCA7A7484}\RP9\A0003466.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{D2DDE1D8-8179-436B-BAE9-B22DCA7A7484}\RP9\A0003471.dll
C:\System Volume Information\_restore{D2DDE1D8-8179-436B-BAE9-B22DCA7A7484}\RP9\A0003471.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{D2DDE1D8-8179-436B-BAE9-B22DCA7A7484}\RP9\A0003475.dll
C:\System Volume Information\_restore{D2DDE1D8-8179-436B-BAE9-B22DCA7A7484}\RP9\A0003475.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\g022lafo1d2c.dll
C:\WINDOWS\system32\g022lafo1d2c.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\k462lejo1hoc.dll
C:\WINDOWS\system32\k462lejo1hoc.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\m4460ehseh460.dll
C:\WINDOWS\system32\m4460ehseh460.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\MPWMDM.dll
C:\WINDOWS\system32\MPWMDM.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\sztupapi.dll
C:\WINDOWS\system32\sztupapi.dll Deleted successfully!

Making registry repairs.

Removing: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Control Panel

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{B05096DC-7008-44C4-9A9A-2FB431F5209E}"
HKCR\Clsid\{B05096DC-7008-44C4-9A9A-2FB431F5209E}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{D024C884-5A80-476A-80D6-E30CEB4C1B31}"
HKCR\Clsid\{D024C884-5A80-476A-80D6-E30CEB4C1B31}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{8FE03905-D69C-40D3-A603-662823F1F636}"
HKCR\Clsid\{8FE03905-D69C-40D3-A603-662823F1F636}

Restoring Windows certificates.

Replaced hosts file with default windows hosts file


Restoring SeDebugPrivilege for Administrators - Succeeded

And HJT log

Logfile of HijackThis v1.99.1
Scan saved at 11:43:29, on 22/03/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ntl\ntl Netguard\fws.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\ntl\ntl Netguard\RPS.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\a\Desktop\Protection Stuff\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [ntl Netguard] "C:\Program Files\ntl\ntl Netguard\RPS.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [iwko] C:\PROGRA~1\COMMON~1\iwko\iwkom.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\YQ\command.exe (file missing)
O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
O23 - Service: Radialpoint Service (FWS) - Radialpoint Inc. - C:\Program Files\ntl\ntl Netguard\fws.exe
  • 0

#4
loophole
Posted 22 March 2006 - 10:15 AM

loophole

    Malware Expert

  • Retired Staff
  • 9,798 posts
Hi Elrawiel :tazz:

Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
O4 - HKCU\..\Run: [iwko] C:\PROGRA~1\COMMON~1\iwko\iwkom.exe

Now close all windows other than HiJackThis, then click Fix Checked

Using Windows Explorer (to get there right-click your Start button and go to "Explore"), please delete these folders (if present):

C:\Program files\Common files\iwko


Go to Start >>> Run and copy and paste or type the following lines (in bold) in the open run box one at a time pressing enter after each

sc stop cmdService [enter]

sc delete cmdService [enter]


Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post with a new Hijack log.
Thanks :)
  • 0

#5
Elrawiel
Posted 22 March 2006 - 11:46 AM

Elrawiel

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
The HiJack This log

Logfile of HijackThis v1.99.1
Scan saved at 17:42:26, on 22/03/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ntl\ntl Netguard\fws.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\ntl\ntl Netguard\RPS.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\a\Desktop\Protection Stuff\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [ntl Netguard] "C:\Program Files\ntl\ntl Netguard\RPS.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
O23 - Service: Radialpoint Service (FWS) - Radialpoint Inc. - C:\Program Files\ntl\ntl Netguard\fws.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

And the Kaspersky Virus Scan

-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Wednesday, March 22, 2006 5:41:09 PM
Operating System: Microsoft Windows XP Professional, Service Pack 1 (Build 2600)
Kaspersky On-line Scanner version: 5.0.78.0
Kaspersky Anti-Virus database last update: 22/03/2006
Kaspersky Anti-Virus database records: 183461
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\

Scan Statistics:
Total number of scanned objects: 16174
Number of viruses found: 10
Number of infected objects: 28
Number of suspicious objects: 0
Duration of the scan process: 00:33:19

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\a\Application Data\Microsoft\Internet Explorer\Desktop.htt Infected: Trojan-Clicker.JS.Agent.e skipped
C:\Documents and Settings\a\Local Settings\Temporary Internet Files\Content.IE5\FKJQZITF\AppWrap[1].exe Infected: not-a-virus:AdWare.Win32.Zestyfind skipped
C:\Documents and Settings\a\Local Settings\Temporary Internet Files\Content.IE5\ZEZ9CR8O\AppWrap[1].exe Infected: not-a-virus:AdWare.Win32.AdURL.c skipped
C:\System Volume Information\_restore{D2DDE1D8-8179-436B-BAE9-B22DCA7A7484}\RP8\A0002406.exe Infected: not-a-virus:AdWare.Win32.WebHancer.351 skipped
C:\System Volume Information\_restore{D2DDE1D8-8179-436B-BAE9-B22DCA7A7484}\RP8\A0002407.exe Infected: not-a-virus:AdWare.Win32.WebHancer.381 skipped
C:\System Volume Information\_restore{D2DDE1D8-8179-436B-BAE9-B22DCA7A7484}\RP8\A0002431.dll Infected: not-a-virus:AdWare.Win32.WebHancer.381 skipped
C:\System Volume Information\_restore{D2DDE1D8-8179-436B-BAE9-B22DCA7A7484}\RP8\A0002432.dll Infected: not-a-virus:AdWare.Win32.WebHancer.381 skipped
C:\System Volume Information\_restore{D2DDE1D8-8179-436B-BAE9-B22DCA7A7484}\RP8\A0002562.exe Infected: Trojan-Downloader.Win32.Adload.ac skipped
C:\System Volume Information\_restore{D2DDE1D8-8179-436B-BAE9-B22DCA7A7484}\RP8\A0002575.exe/data0002 Infected: Trojan-Clicker.Win32.Small.jf skipped
C:\System Volume Information\_restore{D2DDE1D8-8179-436B-BAE9-B22DCA7A7484}\RP8\A0002575.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{D2DDE1D8-8179-436B-BAE9-B22DCA7A7484}\RP8\A0002576.exe/data.rar/whAgent.exe Infected: not-a-virus:AdWare.Win32.WebHancer.351 skipped
C:\System Volume Information\_restore{D2DDE1D8-8179-436B-BAE9-B22DCA7A7484}\RP8\A0002576.exe/data.rar/whSurvey.exe Infected: not-a-virus:AdWare.Win32.WebHancer.381 skipped
C:\System Volume Information\_restore{D2DDE1D8-8179-436B-BAE9-B22DCA7A7484}\RP8\A0002576.exe/data.rar/webhdll.dll Infected: not-a-virus:AdWare.Win32.WebHancer.381 skipped
C:\System Volume Information\_restore{D2DDE1D8-8179-436B-BAE9-B22DCA7A7484}\RP8\A0002576.exe/data.rar/whiehlpr.dll Infected: not-a-virus:AdWare.Win32.WebHancer.381 skipped
C:\System Volume Information\_restore{D2DDE1D8-8179-436B-BAE9-B22DCA7A7484}\RP8\A0002576.exe/data.rar Infected: not-a-virus:AdWare.Win32.WebHancer.381 skipped
C:\System Volume Information\_restore{D2DDE1D8-8179-436B-BAE9-B22DCA7A7484}\RP8\A0002576.exe RarSFX: infected - 5 skipped
C:\System Volume Information\_restore{D2DDE1D8-8179-436B-BAE9-B22DCA7A7484}\RP8\A0002593.exe Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{D2DDE1D8-8179-436B-BAE9-B22DCA7A7484}\RP8\A0002594.exe/data0010 Infected: Trojan-Dropper.Win32.Small.qn skipped
C:\System Volume Information\_restore{D2DDE1D8-8179-436B-BAE9-B22DCA7A7484}\RP8\A0002594.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{D2DDE1D8-8179-436B-BAE9-B22DCA7A7484}\RP8\A0002599.dll Infected: not-a-virus:AdWare.Win32.CommAd.a skipped
C:\System Volume Information\_restore{D2DDE1D8-8179-436B-BAE9-B22DCA7A7484}\RP9\A0003214.exe Infected: not-a-virus:AdWare.Win32.AdURL.c skipped
C:\System Volume Information\_restore{D2DDE1D8-8179-436B-BAE9-B22DCA7A7484}\RP9\A0003477.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{D2DDE1D8-8179-436B-BAE9-B22DCA7A7484}\RP9\A0003478.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{D2DDE1D8-8179-436B-BAE9-B22DCA7A7484}\RP9\A0003479.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\WINDOWS\icont.exe Infected: not-a-virus:AdWare.Win32.AdURL.c skipped
C:\WINDOWS\iconu.exe Infected: not-a-virus:AdWare.Win32.Zestyfind skipped
C:\WINDOWS\system32\ad.html Infected: Trojan-Clicker.JS.Agent.e skipped
C:\WINDOWS\Temp\bw2.com Infected: not-a-virus:AdWare.Win32.Zestyfind skipped

Scan process completed.
  • 0

#6
loophole
Posted 22 March 2006 - 01:51 PM

loophole

    Malware Expert

  • Retired Staff
  • 9,798 posts
Hi Elrawiel :tazz:

Almost done

Please download the Killbox by Option^Explicit.

Note: In the event you already have Killbox, this is a new version that I need you to download.

Save it to your desktop.

Turn off System Restore.
  • On the Desktop, right-click My Computer.
  • Click Properties.
  • Click the System Restore tab.
  • Check Turn off System Restore.
  • Click Apply, and then click OK.

Pocket Killbox
  • Please double-click Killbox.exe to run it.
  • Select:
    • Delete on Reboot
    • then Click on the All Files button.
  • Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):


    C:\WINDOWS\icont.exe
    C:\WINDOWS\iconu.exe
    C:\WINDOWS\system32\ad.html
    C:\WINDOWS\Temp\bw2.com
    C:\Documents and Settings\a\Application Data\Microsoft\Internet Explorer\Desktop.htt
    C:\Documents and Settings\a\Local Settings\Temporary Internet Files\Content.IE5\FKJQZITF\AppWrap[1].exe



  • Return to Killbox, go to the File menu, and choose Paste from Clipboard.
  • Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt. Click OK at any PendingFileRenameOperations prompt (and please let me know if you receive this message!).
If your computer does not restart automatically, please restart it manually.

If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run Killbox, click here to download and run missingfilesetup.exe. Then try Killbox again.


After the reboot

Turn ON System Restore.
  • On the Desktop, right-click My Computer.
  • Click Properties.
  • Click the System Restore tab.
  • UN-Check *Turn off System Restore*.
  • Click Apply, and then click OK.

Post a new Hijack log and tell me how your system is running now.

Thanks
  • 0

#7
Elrawiel
Posted 23 March 2006 - 01:37 AM

Elrawiel

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Next HJT log.

Logfile of HijackThis v1.99.1
Scan saved at 07:33:39, on 23/03/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ntl\ntl Netguard\fws.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\ntl\ntl Netguard\RPS.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\a\Desktop\Protection Stuff\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [ntl Netguard] "C:\Program Files\ntl\ntl Netguard\RPS.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
O23 - Service: Radialpoint Service (FWS) - Radialpoint Inc. - C:\Program Files\ntl\ntl Netguard\fws.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Been no pop-ups for a while, and to answer your question... no I received no PendingFileRenameOperations prompts
  • 0

#8
loophole
Posted 23 March 2006 - 12:34 PM

loophole

    Malware Expert

  • Retired Staff
  • 9,798 posts
Congratulations :whistling: Your log is clean

The following is a list of tools and utilities that I like to suggest to people. This list is full of great tools and utilities to help you understand how you got infected and how to keep from getting infected again.
  • Spybot Search & Destroy - Uber powerful tool which can search and annhilate nasties that make it onto your system. Now with an Immunize section that will help prevent future infections.
  • AdAware - Another very powerful tool which searches and kills nasties that infect your system. AdAware and Spybot Search & Destroy compliment each other very well.
  • SpywareBlaster - Great prevention tool to keep nasties from installing on your system.
  • SpywareGuard - Works as a Spyware "Shield" to protect your computer from getting malware in the first place.
  • IE-SpyAd - puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.
  • CleanUP! - Cleans temporary files from IE and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out those nasties that like to reside in the temp folders.
  • Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.
  • Google Toolbar - Free google toolbar that allows you to use the powerful Google search engine from the bar, but also blocks pop up windows.
  • Trillian or Miranda-IM - These are Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN)
To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Tony Klein
  • 0

#9
Elrawiel
Posted 24 March 2006 - 05:27 AM

Elrawiel

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Thanks much, know some about computers but not the whole shebang as most on here do. I know exactly why it got infected and will remind my family to ensure the protection is running before they download anything. lol

Appreciate the time and thanks again :whistling:
  • 0

#10
loophole
Posted 24 March 2006 - 12:07 PM

loophole

    Malware Expert

  • Retired Staff
  • 9,798 posts
Your welcome :whistling:
  • 0

#11
loophole
Posted 02 April 2006 - 08:18 PM

loophole

    Malware Expert

  • Retired Staff
  • 9,798 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :whistling:

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP