Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Hijackthis Log [RESOLVED]

Started by Neskit , Mar 24 2006 09:38 PM

  • This topic is locked This topic is locked

#1
Neskit
Posted 24 March 2006 - 09:38 PM

Neskit

    New Member

  • Member
  • Pip
  • 7 posts
Thanks in advance for anyhelp you give.


Logfile of HijackThis v1.99.1
Scan saved at 10:30:33 PM, on 24/03/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Documents and Settings\Tim Cassibo Jr\Desktop\HijackThis.exe
D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\rundll32.exe

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [winlog] winlog.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\RunServices: [winlog] winlog.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [CU1] C:\Program Files\Common Files\VCClient\VCClient.exe
O4 - HKCU\..\Run: [CU2] C:\Program Files\Common Files\VCClient\VCMain.exe
O4 - HKCU\..\Run: [zmqi] C:\PROGRA~1\COMMON~1\zmqi\zmqim.exe
O4 - HKCU\..\Run: [HijackThis startup scan] C:\Documents and Settings\Tim Cassibo Jr\Desktop\HijackThis.exe /startupscan
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: WebCheck - C:\WINDOWS\system32\q4rq0e95eh.dll
O23 - Service: AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
  • 0

Advertisements

#2
Flrman1
Posted 24 March 2006 - 09:59 PM

Flrman1

    Malware Assassin

  • Retired Staff
  • 6,596 posts
Hi Neskit

Welcome to G2G! :whistling:

* Click here to download Look2Me-Destroyer.exe and save it to your desktop.
  • Close all windows before continuing.
  • Double-click Look2Me-Destroyer.exe to run it.
  • Put a check next to Run this program as a task.
  • You will receive a message saying Look2Me-Destroyer will close and re-open in approximately 10 seconds. Click OK
  • When Look2Me-Destroyer re-opens, click the Scan for L2M button, your desktop icons will disappear, this is normal.
  • Once it's done scanning, click the Remove L2M button.
  • You will receive a Done Scanning message, click OK.
  • When completed, you will receive this message:
    • Done removing infected files! Look2Me-Destroyer will now shutdown your computer
  • Click OK then your computer will shutdown.
  • Wait 60 seconds then turn your computer back on.
  • Please post the contents of C:\Look2Me-Destroyer.txt and a new HiJackThis log.
If Look2Me-Destroyer does not reopen automatically, reboot and try again.

If you receive a message from your firewall about this program accessing the internet please allow it.

If you receive a runtime error '339' please download MSWINSCK.OCX from the link below and place it in your C:\Windows\System32 Directory.
http://www.ascentive...ib/MSWINSCK.OCX
  • 0

#3
Neskit
Posted 24 March 2006 - 10:13 PM

Neskit

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Thank's so much for helping me.
Also, I seem to have lost the use of the XP theme for my desktop, any ideas on how to fix that as well?

Here is the Hijack log.


Logfile of HijackThis v1.99.1
Scan saved at 11:11:37 PM, on 24/03/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Tim Cassibo Jr\Desktop\hijackthis\HijackThis.exe

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [winlog] winlog.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\RunServices: [winlog] winlog.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [CU1] C:\Program Files\Common Files\VCClient\VCClient.exe
O4 - HKCU\..\Run: [CU2] C:\Program Files\Common Files\VCClient\VCMain.exe
O4 - HKCU\..\Run: [zmqi] C:\PROGRA~1\COMMON~1\zmqi\zmqim.exe
O4 - HKCU\..\Run: [HijackThis startup scan] C:\Documents and Settings\Tim Cassibo Jr\Desktop\HijackThis.exe /startupscan
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe


and the look log


Look2Me-Destroyer V1.0.11

Scanning for infected files.....
Scan started at 24/03/2006 11:01:30 PM

Infected! C:\WINDOWS\system32\q4rq0e95eh.dll
Infected! C:\System Volume Information\_restore{069491D8-E09F-4F1D-AF9F-DE3A25A528A6}\RP205\A0017943.dll
Infected! C:\System Volume Information\_restore{069491D8-E09F-4F1D-AF9F-DE3A25A528A6}\RP205\A0017947.dll
Infected! C:\System Volume Information\_restore{069491D8-E09F-4F1D-AF9F-DE3A25A528A6}\RP205\A0017949.dll
Infected! C:\System Volume Information\_restore{069491D8-E09F-4F1D-AF9F-DE3A25A528A6}\RP205\A0017953.dll
Infected! C:\System Volume Information\_restore{069491D8-E09F-4F1D-AF9F-DE3A25A528A6}\RP205\A0017956.dll
Infected! C:\System Volume Information\_restore{069491D8-E09F-4F1D-AF9F-DE3A25A528A6}\RP205\A0017960.dll
Infected! C:\System Volume Information\_restore{069491D8-E09F-4F1D-AF9F-DE3A25A528A6}\RP205\A0017978.dll
Infected! C:\System Volume Information\_restore{069491D8-E09F-4F1D-AF9F-DE3A25A528A6}\RP205\A0017982.dll
Infected! C:\System Volume Information\_restore{069491D8-E09F-4F1D-AF9F-DE3A25A528A6}\RP205\A0018018.dll
Infected! C:\System Volume Information\_restore{069491D8-E09F-4F1D-AF9F-DE3A25A528A6}\RP205\A0018175.dll
Infected! C:\System Volume Information\_restore{069491D8-E09F-4F1D-AF9F-DE3A25A528A6}\RP205\A0019175.dll
Infected! C:\System Volume Information\_restore{069491D8-E09F-4F1D-AF9F-DE3A25A528A6}\RP205\A0019189.dll
Infected! C:\System Volume Information\_restore{069491D8-E09F-4F1D-AF9F-DE3A25A528A6}\RP205\A0019194.dll
Infected! C:\System Volume Information\_restore{069491D8-E09F-4F1D-AF9F-DE3A25A528A6}\RP205\A0019195.dll
Infected! C:\System Volume Information\_restore{069491D8-E09F-4F1D-AF9F-DE3A25A528A6}\RP205\A0019205.dll
Infected! C:\System Volume Information\_restore{069491D8-E09F-4F1D-AF9F-DE3A25A528A6}\RP205\A0019206.dll
Infected! C:\WINDOWS\system32\lv6209joe.dll
Infected! C:\WINDOWS\system32\nohwvid.dll
Infected! C:\WINDOWS\system32\q4rq0e95eh.dll
Infected! C:\WINDOWS\system32\guard.tmp

Attempting to delete infected files...

Attempting to delete: C:\WINDOWS\system32\q4rq0e95eh.dll
C:\WINDOWS\system32\q4rq0e95eh.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{069491D8-E09F-4F1D-AF9F-DE3A25A528A6}\RP205\A0017943.dll
C:\System Volume Information\_restore{069491D8-E09F-4F1D-AF9F-DE3A25A528A6}\RP205\A0017943.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{069491D8-E09F-4F1D-AF9F-DE3A25A528A6}\RP205\A0017947.dll
C:\System Volume Information\_restore{069491D8-E09F-4F1D-AF9F-DE3A25A528A6}\RP205\A0017947.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{069491D8-E09F-4F1D-AF9F-DE3A25A528A6}\RP205\A0017949.dll
C:\System Volume Information\_restore{069491D8-E09F-4F1D-AF9F-DE3A25A528A6}\RP205\A0017949.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{069491D8-E09F-4F1D-AF9F-DE3A25A528A6}\RP205\A0017953.dll
C:\System Volume Information\_restore{069491D8-E09F-4F1D-AF9F-DE3A25A528A6}\RP205\A0017953.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{069491D8-E09F-4F1D-AF9F-DE3A25A528A6}\RP205\A0017956.dll
C:\System Volume Information\_restore{069491D8-E09F-4F1D-AF9F-DE3A25A528A6}\RP205\A0017956.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{069491D8-E09F-4F1D-AF9F-DE3A25A528A6}\RP205\A0017960.dll
C:\System Volume Information\_restore{069491D8-E09F-4F1D-AF9F-DE3A25A528A6}\RP205\A0017960.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{069491D8-E09F-4F1D-AF9F-DE3A25A528A6}\RP205\A0017978.dll
C:\System Volume Information\_restore{069491D8-E09F-4F1D-AF9F-DE3A25A528A6}\RP205\A0017978.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{069491D8-E09F-4F1D-AF9F-DE3A25A528A6}\RP205\A0017982.dll
C:\System Volume Information\_restore{069491D8-E09F-4F1D-AF9F-DE3A25A528A6}\RP205\A0017982.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{069491D8-E09F-4F1D-AF9F-DE3A25A528A6}\RP205\A0018018.dll
C:\System Volume Information\_restore{069491D8-E09F-4F1D-AF9F-DE3A25A528A6}\RP205\A0018018.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{069491D8-E09F-4F1D-AF9F-DE3A25A528A6}\RP205\A0018175.dll
C:\System Volume Information\_restore{069491D8-E09F-4F1D-AF9F-DE3A25A528A6}\RP205\A0018175.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{069491D8-E09F-4F1D-AF9F-DE3A25A528A6}\RP205\A0019175.dll
C:\System Volume Information\_restore{069491D8-E09F-4F1D-AF9F-DE3A25A528A6}\RP205\A0019175.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{069491D8-E09F-4F1D-AF9F-DE3A25A528A6}\RP205\A0019189.dll
C:\System Volume Information\_restore{069491D8-E09F-4F1D-AF9F-DE3A25A528A6}\RP205\A0019189.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{069491D8-E09F-4F1D-AF9F-DE3A25A528A6}\RP205\A0019194.dll
C:\System Volume Information\_restore{069491D8-E09F-4F1D-AF9F-DE3A25A528A6}\RP205\A0019194.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{069491D8-E09F-4F1D-AF9F-DE3A25A528A6}\RP205\A0019195.dll
C:\System Volume Information\_restore{069491D8-E09F-4F1D-AF9F-DE3A25A528A6}\RP205\A0019195.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{069491D8-E09F-4F1D-AF9F-DE3A25A528A6}\RP205\A0019205.dll
C:\System Volume Information\_restore{069491D8-E09F-4F1D-AF9F-DE3A25A528A6}\RP205\A0019205.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{069491D8-E09F-4F1D-AF9F-DE3A25A528A6}\RP205\A0019206.dll
C:\System Volume Information\_restore{069491D8-E09F-4F1D-AF9F-DE3A25A528A6}\RP205\A0019206.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\lv6209joe.dll
C:\WINDOWS\system32\lv6209joe.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\nohwvid.dll
C:\WINDOWS\system32\nohwvid.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\q4rq0e95eh.dll
C:\WINDOWS\system32\q4rq0e95eh.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\guard.tmp
C:\WINDOWS\system32\guard.tmp Deleted successfully!

Making registry repairs.

Removing: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WebCheck

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{E8197A41-9BFF-4AC2-A028-311DFB14BF5C}"
HKCR\Clsid\{E8197A41-9BFF-4AC2-A028-311DFB14BF5C}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{AAD5025E-A128-457F-B96F-87A60975B8FA}"
HKCR\Clsid\{AAD5025E-A128-457F-B96F-87A60975B8FA}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{81980A0D-F71B-4728-A35B-EE93619B2B20}"
HKCR\Clsid\{81980A0D-F71B-4728-A35B-EE93619B2B20}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{0E3BFEA6-0224-4D13-B8C0-035DF5661D09}"
HKCR\Clsid\{0E3BFEA6-0224-4D13-B8C0-035DF5661D09}

Restoring Windows certificates.

Replaced hosts file with default windows hosts file


Restoring SeDebugPrivilege for Administrators - Succeeded

Edited by Neskit, 24 March 2006 - 10:43 PM.

  • 0

#4
Neskit
Posted 24 March 2006 - 11:22 PM

Neskit

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
I hate to be a bother, but is there anything more wrong with my system.

I still have lost the new XP theme and cant seem to get it back :whistling:
  • 0

#5
Flrman1
Posted 25 March 2006 - 10:30 AM

Flrman1

    Malware Assassin

  • Retired Staff
  • 6,596 posts
* Click here to download Luna.zip. Download it and unzip it to extract the luna.msstyles file it contains. Copy the luna.msstyles file to the C:\WINDOWS\Resources\Themes\Luna folder.

Restart your machine and go to Display Properties and you should be able to choose the XP theme again.



* Click here to download ATF Cleaner by Atribune and save it to your desktop.


* Click Here and download Killbox and save it to your desktop.


* Click here for info on how to boot to safe mode if you don't already know how.


* Now copy these instructions to notepad and save them to your desktop. You will need them to refer to.


* Run Hijack This again and put a check by these. Close ALL windows except HijackThis and click "Fix checked"

O4 - HKLM\..\Run: [winlog] winlog.exe

O4 - HKLM\..\RunServices: [winlog] winlog.exe

O4 - HKCU\..\Run: [CU1] C:\Program Files\Common Files\VCClient\VCClient.exe

O4 - HKCU\..\Run: [CU2] C:\Program Files\Common Files\VCClient\VCMain.exe

O4 - HKCU\..\Run: [zmqi] C:\PROGRA~1\COMMON~1\zmqi\zmqim.exe


* Restart your computer into safe mode now. Perform the following steps in safe mode:


* Go to Add/Remove programs and uninstall VCClient. If it asks you to restart your computer, do not restart.


* Double-click on Killbox.exe to run it.
  • Put a tick by Standard File Kill.
  • In the "Full Path of File to Delete" box, copy and paste each of the following lines one at a time:

    C:\Program Files\Common Files\VCClient

    C:\Program Files\Common Files\zmqi

    C:\Windows\System32\winlog.exe

  • Click on the button that has the red circle with the X in the middle after you enter each file.
  • It will ask for confimation to delete the file.
  • Click Yes.
  • Continue with that procedure until you have pasted all of these in the "Paste Full Path of File to Delete" box.
  • Killbox may tell you that one or more files do not exist.
  • If that happens, just continue on with all the files. Be sure you don't miss any.
  • Exit the Killbox.
* Run ATF Cleaner:
  • Double-click ATF-Cleaner.exe to run the program.
  • Under Main choose: Select All
  • Click the Empty Selected button.
  • If you use Firefox:
  • Click Firefox at the top and choose: Select All
  • Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.
  • If you use Opera:
  • Click Opera at the top and choose: Select All
  • Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.
[*]Click Exit on the Main menu to close the program.
[/list]
* Restart back into Windows normally now.


* Run ActiveScan online virus scan here

When the scan is finished, click on the "Save Report" button an save the results of the scan to your desktop.

Post a new HiJackThis log along with the results from ActiveScan
  • 0

#6
Neskit
Posted 25 March 2006 - 01:17 PM

Neskit

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Sorry it took so long, that scan took forever.
Now would anything here cause my system to make beeping sounds, not through the speakers, but through the tower. (NM... my Girlfriend just called and told me to plug in her cell phone, which was sitting in a pile of clothes next to my tower... it was making the beeping sounds.


Active Scan


Incident Status Location

Spyware:Cookie/myaffiliateprogram Not disinfected C:\Documents and Settings\Tim Cassibo Jr\Application Data\Mozilla\Firefox\Profiles\p7h6k70d.default\cookies.txt[]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Tim Cassibo Jr\Application Data\Mozilla\Firefox\Profiles\p7h6k70d.default\cookies.txt[71875316]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Tim Cassibo Jr\Application Data\Mozilla\Firefox\Profiles\p7h6k70d.default\cookies.txt[]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Tim Cassibo Jr\Application Data\Mozilla\Firefox\Profiles\p7h6k70d.default\cookies.txt[88270523]
Spyware:Cookie/888 Not disinfected C:\Documents and Settings\Tim Cassibo Jr\Application Data\Mozilla\Firefox\Profiles\p7h6k70d.default\cookies.txt[]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Tim Cassibo Jr\Application Data\Mozilla\Firefox\Profiles\p7h6k70d.default\cookies.txt[43075689]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Tim Cassibo Jr\Application Data\Mozilla\Firefox\Profiles\p7h6k70d.default\cookies.txt[65560744]
Virus:Trj/sosmyn.A Disinfected C:\WINDOWS\errorhandler.exe
Adware:adware/dollarrevenue Not disinfected C:\WINDOWS\keyboard5.exe
Adware:Adware/ConsumerAlertSystem Not disinfected C:\WINDOWS\nhgvnpiA.exe
Adware:Adware/DigInk Not disinfected C:\WINDOWS\pf78bb.exe
Adware:Adware/ISearch Not disinfected C:\WINDOWS\VGltIENhc3NpYm8gSnI\p35QKHh1wahDsAf0mBK.vbs



and the Hijack this log


Logfile of HijackThis v1.99.1
Scan saved at 12:20:12 PM, on 25/03/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\hijackthis\HijackThis.exe

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [HijackThis startup scan] C:\Documents and Settings\Tim Cassibo Jr\Desktop\hijackthis\HijackThis.exe /startupscan
O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1143262940997
O23 - Service: AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

Edited by Neskit, 25 March 2006 - 01:41 PM.

  • 0

#7
Flrman1
Posted 25 March 2006 - 03:21 PM

Flrman1

    Malware Assassin

  • Retired Staff
  • 6,596 posts
* Go to Control Panel > Internet Options. On the General tab under "Temporary Internet Files" Click "Delete Files". Put a check by "Delete Offline Content" and click OK. Click on the "Delete Cookies" button to clear all cookies.


* Open Firefox.
Click on Tools, then Options
Select the Privacy icon in the left-hand panel
Click on Cookies
Click on View Cookies
Click on the Remove All Cookies button


* Double-click on Killbox.exe to run it.
  • Put a tick by Delete on Reboot.
  • Copy the following list of files to clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

    C:\WINDOWS\errorhandler.exe
    C:\WINDOWS\system32\CMD.COM
    C:\WINDOWS\system32\netstat.com
    C:\WINDOWS\system32\ping.com
    C:\WINDOWS\system32\regedit.com
    C:\WINDOWS\system32\tasklist.com
    C:\WINDOWS\system32\taskkill.com
    C:\WINDOWS\system32\taskmgr.com
    C:\WINDOWS\system32\tracert.com
    C:\WINDOWS\keyboard5.exe
    C:\WINDOWS\nhgvnpiA.exe
    C:\WINDOWS\pf78bb.exe
    C:\WINDOWS\VGltIENhc3NpYm8gSnI

  • Next in Killbox go to File > Paste from clipboard
  • Click on the All Files button.
  • Next click on the button that has the red circle with the white X in the middle.
  • It will ask for confimation to delete the files on next reboot and ask you if you want to reboot now.
  • Click Yes and let the computer reboot.
* After it reboots, r* Run Kaspersky online virus scan here.

After the updates have downloaded, click on the "Scan Settings" button.
Choose the "Extended database" for the scan.
Under "Please select a target to scan", click "My Computer".
When the scan is finished, Save the results from the scan!

Post a new HiJackThis log along with the results from Kaspersky scan
  • 0

#8
Neskit
Posted 25 March 2006 - 09:21 PM

Neskit

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Thanks again for the help :whistling:



Saturday, March 25, 2006 10:16:50 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version: 5.0.78.0
Kaspersky Anti-Virus database last update: 25/03/2006
Kaspersky Anti-Virus database records: 183981
Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true
Scan Target My Computer
A:\
C:\
D:\
E:\
F:\
Scan Statistics
Total number of scanned objects 36881
Number of viruses found 19
Number of infected objects 49
Number of suspicious objects 2
Duration of the scan process 03:22:59

Infected Object Name Virus Name Last Action
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC3.zip/MTE3NDI6ODoxNg.exe Suspicious: Password-protected-EXE skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC3.zip ZIP: suspicious - 1 skipped
C:\System Volume Information\_restore{069491D8-E09F-4F1D-AF9F-DE3A25A528A6}\RP205\A0017925.dll Infected: not-a-virus:AdWare.Win32.WebHancer.381 skipped
C:\System Volume Information\_restore{069491D8-E09F-4F1D-AF9F-DE3A25A528A6}\RP205\A0017926.dll Infected: not-a-virus:AdWare.Win32.WebHancer.381 skipped
C:\System Volume Information\_restore{069491D8-E09F-4F1D-AF9F-DE3A25A528A6}\RP205\A0017934.exe Infected: Trojan.Win32.VB.tg skipped
C:\System Volume Information\_restore{069491D8-E09F-4F1D-AF9F-DE3A25A528A6}\RP205\A0017935.exe Infected: Trojan-Downloader.Win32.VB.tw skipped
C:\System Volume Information\_restore{069491D8-E09F-4F1D-AF9F-DE3A25A528A6}\RP205\A0017936.exe Infected: Trojan-Downloader.Win32.VB.tw skipped
C:\System Volume Information\_restore{069491D8-E09F-4F1D-AF9F-DE3A25A528A6}\RP205\A0017937.exe Infected: Trojan.Win32.VB.aft skipped
C:\System Volume Information\_restore{069491D8-E09F-4F1D-AF9F-DE3A25A528A6}\RP205\A0017939.dll Infected: Trojan.Win32.VB.aft skipped
C:\System Volume Information\_restore{069491D8-E09F-4F1D-AF9F-DE3A25A528A6}\RP205\A0017965.exe Infected: Trojan.Win32.Runner.h skipped
C:\System Volume Information\_restore{069491D8-E09F-4F1D-AF9F-DE3A25A528A6}\RP205\A0017966.exe/data0002 Infected: Trojan-Clicker.Win32.Small.jf skipped
C:\System Volume Information\_restore{069491D8-E09F-4F1D-AF9F-DE3A25A528A6}\RP205\A0017966.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{069491D8-E09F-4F1D-AF9F-DE3A25A528A6}\RP205\A0017967.exe Infected: Trojan-Dropper.Win32.Agent.aie skipped
C:\System Volume Information\_restore{069491D8-E09F-4F1D-AF9F-DE3A25A528A6}\RP205\A0017968.exe/data.rar/whAgent.exe Infected: not-a-virus:AdWare.Win32.WebHancer.351 skipped
C:\System Volume Information\_restore{069491D8-E09F-4F1D-AF9F-DE3A25A528A6}\RP205\A0017968.exe/data.rar/whSurvey.exe Infected: not-a-virus:AdWare.Win32.WebHancer.381 skipped
C:\System Volume Information\_restore{069491D8-E09F-4F1D-AF9F-DE3A25A528A6}\RP205\A0017968.exe/data.rar/webhdll.dll Infected: not-a-virus:AdWare.Win32.WebHancer.381 skipped
C:\System Volume Information\_restore{069491D8-E09F-4F1D-AF9F-DE3A25A528A6}\RP205\A0017968.exe/data.rar/whiehlpr.dll Infected: not-a-virus:AdWare.Win32.WebHancer.381 skipped
C:\System Volume Information\_restore{069491D8-E09F-4F1D-AF9F-DE3A25A528A6}\RP205\A0017968.exe/data.rar Infected: not-a-virus:AdWare.Win32.WebHancer.381 skipped
C:\System Volume Information\_restore{069491D8-E09F-4F1D-AF9F-DE3A25A528A6}\RP205\A0017968.exe RarSFX: infected - 5 skipped
C:\System Volume Information\_restore{069491D8-E09F-4F1D-AF9F-DE3A25A528A6}\RP205\A0017969.exe/data0002 Infected: Trojan-Clicker.Win32.Small.jf skipped
C:\System Volume Information\_restore{069491D8-E09F-4F1D-AF9F-DE3A25A528A6}\RP205\A0017969.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{069491D8-E09F-4F1D-AF9F-DE3A25A528A6}\RP205\A0017970.exe Infected: Trojan.Win32.VB.tg skipped
C:\System Volume Information\_restore{069491D8-E09F-4F1D-AF9F-DE3A25A528A6}\RP205\A0017971.exe Infected: Trojan-Downloader.Win32.VB.tw skipped
C:\System Volume Information\_restore{069491D8-E09F-4F1D-AF9F-DE3A25A528A6}\RP205\A0017972.exe Infected: Trojan-Downloader.Win32.VB.tw skipped
C:\System Volume Information\_restore{069491D8-E09F-4F1D-AF9F-DE3A25A528A6}\RP205\A0017973.exe Infected: Trojan.Win32.VB.tg skipped
C:\System Volume Information\_restore{069491D8-E09F-4F1D-AF9F-DE3A25A528A6}\RP205\A0017974.exe Infected: Trojan.Win32.VB.tg skipped
C:\System Volume Information\_restore{069491D8-E09F-4F1D-AF9F-DE3A25A528A6}\RP205\A0017977.dll Infected: not-a-virus:AdWare.Win32.Suggestor.o skipped
C:\System Volume Information\_restore{069491D8-E09F-4F1D-AF9F-DE3A25A528A6}\RP205\A0018002.exe Infected: not-a-virus:AdWare.Win32.CASClient.f skipped
C:\System Volume Information\_restore{069491D8-E09F-4F1D-AF9F-DE3A25A528A6}\RP205\A0018003.dll Infected: not-a-virus:AdWare.Win32.CASClient.g skipped
C:\System Volume Information\_restore{069491D8-E09F-4F1D-AF9F-DE3A25A528A6}\RP205\A0018004.exe Infected: Trojan-Dropper.Win32.Small.qn skipped
C:\System Volume Information\_restore{069491D8-E09F-4F1D-AF9F-DE3A25A528A6}\RP205\A0018020.exe Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{069491D8-E09F-4F1D-AF9F-DE3A25A528A6}\RP205\A0018021.exe/data0010 Infected: Trojan-Dropper.Win32.Small.qn skipped
C:\System Volume Information\_restore{069491D8-E09F-4F1D-AF9F-DE3A25A528A6}\RP205\A0018021.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{069491D8-E09F-4F1D-AF9F-DE3A25A528A6}\RP205\A0019186.dll Infected: not-a-virus:AdWare.Win32.Suggestor.o skipped
C:\System Volume Information\_restore{069491D8-E09F-4F1D-AF9F-DE3A25A528A6}\RP205\A0019188.exe Infected: Trojan-Downloader.Win32.Adload.ae skipped
C:\System Volume Information\_restore{069491D8-E09F-4F1D-AF9F-DE3A25A528A6}\RP205\A0019190.dll Infected: not-a-virus:AdWare.Win32.Agent.e skipped
C:\System Volume Information\_restore{069491D8-E09F-4F1D-AF9F-DE3A25A528A6}\RP205\A0019191.dll Infected: not-a-virus:AdWare.Win32.CommAd.a skipped
C:\System Volume Information\_restore{069491D8-E09F-4F1D-AF9F-DE3A25A528A6}\RP205\A0019192.exe Infected: not-a-virus:AdWare.Win32.CommAd.a skipped
C:\System Volume Information\_restore{069491D8-E09F-4F1D-AF9F-DE3A25A528A6}\RP205\A0019226.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\WINDOWS\keyboard5.exe Infected: Trojan-Downloader.Win32.VB.zl skipped
C:\WINDOWS\mousepad5.exe Infected: Trojan-Clicker.Win32.VB.ly skipped
C:\WINDOWS\pf78.exe/data0002 Infected: Trojan-Downloader.Win32.VB.tw skipped
C:\WINDOWS\pf78.exe/data0003 Infected: Trojan.Win32.VB.tg skipped
C:\WINDOWS\pf78.exe/data0006 Infected: Trojan.Win32.VB.tg skipped
C:\WINDOWS\pf78.exe/data0007 Infected: Trojan.Win32.VB.tg skipped
C:\WINDOWS\pf78.exe NSIS: infected - 4 skipped
C:\WINDOWS\pf78bb.exe/data0002 Infected: Trojan-Downloader.Win32.VB.tw skipped
C:\WINDOWS\pf78bb.exe/data0003 Infected: Trojan.Win32.VB.tg skipped
C:\WINDOWS\pf78bb.exe/data0006 Infected: Trojan.Win32.VB.tg skipped
C:\WINDOWS\pf78bb.exe/data0007 Infected: Trojan.Win32.VB.tg skipped
C:\WINDOWS\pf78bb.exe NSIS: infected - 4 skipped
Scan process completed.





Logfile of HijackThis v1.99.1
Scan saved at 10:20:59 PM, on 25/03/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\hijackthis\HijackThis.exe

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [HijackThis startup scan] C:\Documents and Settings\Tim Cassibo Jr\Desktop\hijackthis\HijackThis.exe /startupscan
O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1143262940997
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O23 - Service: AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
  • 0

#9
Flrman1
Posted 25 March 2006 - 10:31 PM

Flrman1

    Malware Assassin

  • Retired Staff
  • 6,596 posts
* Double-click on Killbox.exe to run it.
  • Put a tick by Delete on Reboot.
  • Copy the following list of files to clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

    C:\WINDOWS\keyboard5.exe
    C:\WINDOWS\mousepad5.exe
    C:\WINDOWS\pf78.exe
    C:\WINDOWS\pf78bb.exe

  • Next in Killbox go to File > Paste from clipboard
  • Click on the All Files button.
  • Next click on the button that has the red circle with the white X in the middle.
  • It will ask for confimation to delete the files on next reboot and ask you if you want to reboot now.
  • Click Yes and let the computer reboot.
* After it reboots, open Hijack This and click on the "Open the Misc Tools section" button. Click on the "Open Uninstall Manager" button. Click the "Save List" button. Copy and paste that list here.
  • 0

#10
Neskit
Posted 26 March 2006 - 02:41 PM

Neskit

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
AC3Filter (remove only)
Ad-Aware SE Personal
Adobe Download Manager 2.0 (Remove Only)
Adobe Reader 7.0
AntiVir PersonalEdition Classic Windows
ATMA V 5.04e
Azureus
CDisplay 1.8
CleanUp!
DC++ 0.674
DHS
Diablo II
DivX
DivX Converter
DivX Converter
DivX Player
ewido anti-malware
FireTune
HijackThis 1.99.1
IsoBuster 1.9
J2SE Runtime Environment 5.0 Update 1
J2SE Runtime Environment 5.0 Update 2
J2SE Runtime Environment 5.0 Update 4
J2SE Runtime Environment 5.0 Update 6
Kaspersky On-line Scanner
Macromedia Flash Player 8
Microsoft Office 2000 Premium
Mozilla Firefox (1.5.0.1)
MSN Messenger 7.0
MSXML4 Parser
Nero Suite
NVIDIA Drivers
Panda ActiveScan
PowerISO
Quicklinks
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 9 (KB911565)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Shareaza version 2.1.3.2
Sid Meier's Civilization 4
Spybot - Search & Destroy 1.4
SpywareBlaster v3.5.1
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB910437)
VideoLAN VLC media player 0.8.4a
Windows Installer 3.1 (KB893803)
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
Windows XP Service Pack 2
WinRAR archiver
  • 0

#11
Flrman1
Posted 26 March 2006 - 06:33 PM

Flrman1

    Malware Assassin

  • Retired Staff
  • 6,596 posts
* Go to Add/Remove programs and uninstall these old versions of Java:

J2SE Runtime Environment 5.0 Update 1
J2SE Runtime Environment 5.0 Update 2
J2SE Runtime Environment 5.0 Update 4

Leave only this one:

J2SE Runtime Environment 5.0 Update 6

How is the computer running now?
  • 0

#12
Neskit
Posted 26 March 2006 - 06:39 PM

Neskit

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Computer is running great, I think I have to run a virus scanner and remover again though... I think I still have some virus's kicking around.
  • 0

#13
Flrman1
Posted 26 March 2006 - 07:09 PM

Flrman1

    Malware Assassin

  • Retired Staff
  • 6,596 posts
* Check this out for info on how to tighten your security settings and some good free tools to help prevent this from happening again.


* Go to Windows update and install all "High Priority Updates".


* Now turn off System Restore:

On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

Restart your computer, turn System Restore back on and create a restore point.

To create a restore point:

Single-click Start and point to All Programs.
Mouse over Accessories, then System Tools, and select System Restore.
In the System Restore wizard, select the box next the text labeled "Create a restore point" and click the Next button.
Type a description for your new restore point. Something like "After trojan/spyware cleanup". Click Create and you're done.
  • 0

#14
Flrman1
Posted 03 April 2006 - 06:52 PM

Flrman1

    Malware Assassin

  • Retired Staff
  • 6,596 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :whistling:

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP