Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Common components about blank/about:blank hijack[RESOLVED]

Started by aalya , May 25 2005 12:31 AM

  • This topic is locked This topic is locked

#1
aalya
Posted 25 May 2005 - 12:31 AM

aalya

    New Member

  • Member
  • Pip
  • 4 posts
Hello,

Could anyone help? ;)

Internet explorer comes up with an about:blank page and this is now fixed as the home page every time I turn on the computer. I've tried deleting temp files and many other files! Also I've downloaded a few different spyware removal programmes once I realised it wasnt a virus (ran a norton and kaspersky anti virus check) but without much luck.
Spyware doctor seems like a good program as it detected a lot of infections. I can delete most of them from spyware doc except for 'common components about blank'- the laptop just restarts without deleting. The following files keep coming up on spyware doctor:

CWS home search assistant
Common components for gogotools, CWS variants and other adware
Advertising
Tracking cookie(s)
CWS
Trojan/small


Here's the hijack this log:

Logfile of HijackThis v1.99.1
Scan saved at 07:27:58, on 5/25/2005
Platform: Windows XP SP2, v.2096 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2096)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\TOSHIBA\Power Management\CeEPwrSvc.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-gb\msnappau.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\WINDOWS\system32\ieqy32.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX00.250\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\namoh.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\namoh.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\namoh.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\namoh.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\namoh.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\namoh.dll/sp.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\namoh.dll/sp.html#37049
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Class - {9E51B05C-3A1D-6175-2F9B-368F3DF431A5} - C:\WINDOWS\system32\mfcjv.dll
O2 - BHO: Class - {FA402061-C457-66D0-CC72-378C7FF18253} - C:\WINDOWS\javarn.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\en-gb\msntb.dll (file missing)
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [CeEPOWER] C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
O4 - HKLM\..\Run: [CPLDBL10] C:\Program Files\EzButton\CPLDBL10.EXE
O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [CorelDRAW Graphics Suite 11b] C:\Program Files\Corel\Corel Graphics 12\Languages\EN\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=052905 serial=DR12WCX-1304237-CRS lang=EN
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [D-Link AirPlus XtremeG] C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-gb\msnappau.exe"
O4 - HKLM\..\Run: [iexplore.exe] C:\Program Files\Internet Explorer\iexplore.exe
O4 - HKLM\..\Run: [ieqy32.exe] C:\WINDOWS\system32\ieqy32.exe
O4 - HKLM\..\Run: [ntrf.exe] C:\WINDOWS\ntrf.exe
O4 - HKLM\..\Run: [KAV50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\kav.exe" -run -n PersonalPro -v 5.0.0.0 -chkss
O4 - HKLM\..\RunOnce: [apiwh32.exe] C:\WINDOWS\apiwh32.exe
O4 - HKLM\..\RunOnce: [d3xw32.exe] C:\WINDOWS\system32\d3xw32.exe
O4 - HKLM\..\RunOnce: [mfcjq32.exe] C:\WINDOWS\mfcjq32.exe
O4 - HKLM\..\RunOnce: [atlod.exe] C:\WINDOWS\system32\atlod.exe
O4 - HKLM\..\RunOnce: [netfa.exe] C:\WINDOWS\netfa.exe
O4 - HKLM\..\RunOnce: [netbh32.exe] C:\WINDOWS\netbh32.exe
O4 - HKLM\..\RunOnce: [sysin.exe] C:\WINDOWS\sysin.exe
O4 - HKLM\..\RunOnce: [ipgo.exe] C:\WINDOWS\ipgo.exe
O4 - HKLM\..\RunOnce: [d3qk.exe] C:\WINDOWS\system32\d3qk.exe
O4 - HKCU\..\Run: [pClamp80Installer] D:\SETUP.EXE
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll (file missing)
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.shockwave...aploader_v5.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ic.ac.uk
O17 - HKLM\Software\..\Telephony: DomainName = ic.ac.uk
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = ic.ac.uk
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = ic.ac.uk
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: Remote Procedure Call (RPC) Helper ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\apiwh32.exe
O23 - Service: CeEPwrSvc - COMPAL ELECTRONIC INC. - C:\Program Files\TOSHIBA\Power Management\CeEPwrSvc.exe
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: Kaspersky Anti-Virus Service (KLBLMain) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\kavmm.exe" -run bl -n PersonalPro -v 5.0.0.0 -ttsr 10000000 (file missing)
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe


Could you tell me what are the right bits to delete from this?

Thanks,

Aalya

*******************************************************************
Hello :tazz:

I've since tried to get rid of the problem following Loophole's instructions to Barrie. Here's the new hijack log. The logs of cwshredder and spsehjfix were clear. about:buster found two bad data streams and corrected them, but unfortunately I over wrote the log file without realising.Sorry.

Could someone please please check this to tell me what else I need to do? Internet explorer still opens spontaneously though it doesnt go to 'about:blank'.

Many thanks,

Aalya


Logfile of HijackThis v1.99.1
Scan saved at 16:42:24, on 5/27/2005
Platform: Windows XP SP2, v.2096 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2096)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-gb\msnappau.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\TOSHIBA\Power Management\CeEPwrSvc.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX02.157\HijackThis.exe

R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Class - {2AA0FE3E-BB7C-7DE4-3FD1-D24B5ACFB827} - C:\WINDOWS\mfcmt32.dll (file missing)
O2 - BHO: Class - {5241C50B-BD53-DE43-6854-8F9CF02CE647} - C:\WINDOWS\appyj.dll (file missing)
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: (no name) - {DF6EE72D-6DA9-D49D-AEDC-B86B1D310C21} - C:\WINDOWS\appyj.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [CeEPOWER] C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
O4 - HKLM\..\Run: [CPLDBL10] C:\Program Files\EzButton\CPLDBL10.EXE
O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [CorelDRAW Graphics Suite 11b] C:\Program Files\Corel\Corel Graphics 12\Languages\EN\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=052905 serial=DR12WCX-1304237-CRS lang=EN
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [D-Link AirPlus XtremeG] C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-gb\msnappau.exe"
O4 - HKLM\..\Run: [iexplore.exe] C:\Program Files\Internet Explorer\iexplore.exe
O4 - HKLM\..\Run: [ieqy32.exe] C:\WINDOWS\system32\ieqy32.exe
O4 - HKLM\..\Run: [ntrf.exe] C:\WINDOWS\ntrf.exe
O4 - HKLM\..\Run: [WildTangent CDA] "C:\Program Files\WildTangent\Apps\CDA\GameDrvr.exe" /startup "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0500.dll"
O4 - HKLM\..\Run: [ieom.exe] C:\WINDOWS\system32\ieom.exe
O4 - HKLM\..\Run: [ipli32.exe] C:\WINDOWS\ipli32.exe
O4 - HKLM\..\Run: [syszv32.exe] C:\WINDOWS\system32\syszv32.exe
O4 - HKCU\..\Run: [pClamp80Installer] D:\SETUP.EXE
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.shockwave...aploader_v5.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ic.ac.uk
O17 - HKLM\Software\..\Telephony: DomainName = ic.ac.uk
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = ic.ac.uk
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = ic.ac.uk
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: CeEPwrSvc - COMPAL ELECTRONIC INC. - C:\Program Files\TOSHIBA\Power Management\CeEPwrSvc.exe
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe

Edited by aalya, 27 May 2005 - 09:51 AM.

  • 0

Advertisements

#2
loophole
Posted 27 May 2005 - 01:21 PM

loophole

    Malware Expert

  • Retired Staff
  • 9,798 posts
Hello aayla :tazz:

Please save Hijack This in a permanent folder (i.e. C:\HJT). This ensures backups are saved and accessible
Lets see if we can get the rest of this cleaned up
You may wish to print out a copy of these instructions to follow while you complete this procedure.

Please go offline, close all browsers and any open Windows, making sure that only HijackThis is open. Scan and when it finishes, put an X in the boxes, only next to these following items, then click fix checked.

R3 - Default URLSearchHook is missing
O2 - BHO: Class - {2AA0FE3E-BB7C-7DE4-3FD1-D24B5ACFB827} - C:\WINDOWS\mfcmt32.dll (file missing)
O2 - BHO: Class - {5241C50B-BD53-DE43-6854-8F9CF02CE647} - C:\WINDOWS\appyj.dll (file missing)
O2 - BHO: (no name) - {DF6EE72D-6DA9-D49D-AEDC-B86B1D310C21} - C:\WINDOWS\appyj.dll (file missing)
O4 - HKLM\..\Run: [ieqy32.exe] C:\WINDOWS\system32\ieqy32.exe
O4 - HKLM\..\Run: [ntrf.exe] C:\WINDOWS\ntrf.exe
O4 - HKLM\..\Run: [ieom.exe] C:\WINDOWS\system32\ieom.exe
O4 - HKLM\..\Run: [ipli32.exe] C:\WINDOWS\ipli32.exe
O4 - HKLM\..\Run: [syszv32.exe] C:\WINDOWS\system32\syszv32.exe

Please reboot into safe mode (continually tap the F8 key while your system is starting, select Safe Mode from the menu).

Using windows explorer( right click start, left click explore)
Search for and delete these files and folders
C:\WINDOWS\system32\ieqy32.exe
C:\WINDOWS\ntrf.exe
C:\WINDOWS\system32\ieom.exe
C:\WINDOWS\ipli32.exe
C:\WINDOWS\system32\syszv32.exe

run a free online virus scan here (tick the "Auto Clean" checkbox):
http://housecall.antivirus.com/

And a free trojan scan here:
http://www.moosoft.com/

Reboot your PC.

If you would please, rescan with HijackThis and post a fresh log in this same topic and anything the scans found to please ,Thanks

Edited by loophole, 27 May 2005 - 07:16 PM.

  • 0

#3
aalya
Posted 28 May 2005 - 06:58 PM

aalya

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Hello again,

Thanks for the steps, I did as you advised. Here's the hijack this log:

Logfile of HijackThis v1.99.1
Scan saved at 23:40:45, on 5/28/2005
Platform: Windows XP SP2, v.2096 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2096)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-gb\msnappau.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\TOSHIBA\Power Management\CeEPwrSvc.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX00.203\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [CeEPOWER] C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
O4 - HKLM\..\Run: [CPLDBL10] C:\Program Files\EzButton\CPLDBL10.EXE
O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [CorelDRAW Graphics Suite 11b] C:\Program Files\Corel\Corel Graphics 12\Languages\EN\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=052905 serial=DR12WCX-1304237-CRS lang=EN
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [D-Link AirPlus XtremeG] C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-gb\msnappau.exe"
O4 - HKLM\..\Run: [iexplore.exe] C:\Program Files\Internet Explorer\iexplore.exe
O4 - HKCU\..\Run: [pClamp80Installer] D:\SETUP.EXE
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.shockwave...aploader_v5.cab
O16 - DPF: {E13F1132-4CA0-4005-84D3-51406E27D269} (BTDownloadCtrl Control) - http://www.shockwave...ownloadCtrl.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ic.ac.uk
O17 - HKLM\Software\..\Telephony: DomainName = ic.ac.uk
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = ic.ac.uk
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = ic.ac.uk
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: CeEPwrSvc - COMPAL ELECTRONIC INC. - C:\Program Files\TOSHIBA\Power Management\CeEPwrSvc.exe
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe

I tried to find and delete the files you mentioned in safe mode but they didnt exist.

The house call anti virus scan found quite a few things:

Results:
We have detected 735 infected file(s) with 735 virus(es) on
your computer. Only 500 out of 735 infected files are
displayed: - 235 virus(es) passed, 0 virus(es) no action
available
- 0 virus(es) cleaned, 0 virus(es) uncleanable
- 500 virus(es) deleted, 0 virus(es) undeletable
- 0 virus(es) not found, 0 virus(es) unaccessible
Detected FileAssociated Virus NameAction Taken
C:\WINDOWS\system32\addae.exeTROJ_DLOADER.HPDeletion
successful
C:\WINDOWS\system32\addcm32.exeTROJ_DLOADER.GEDeletion
successful
C:\WINDOWS\system32\addeb32.exeTROJ_AGENT.TQDeletion
successful
C:\WINDOWS\system32\addeh.exeTROJ_DLOADER.GEDeletion
successful
C:\WINDOWS\system32\adden32.exeTROJ_DLOADER.GEDeletion
successful
C:\WINDOWS\system32\addes32.exeTROJ_DLOADER.GEDeletion
successful
C:\WINDOWS\system32\addex32.exeTROJ_DLOADER.GEDeletion
successful
C:\WINDOWS\system32\addgb32.exeTROJ_DLOADER.HPDeletion
successful
C:\WINDOWS\system32\addhy.exeTROJ_DLOADER.GEDeletion
successful
C:\WINDOWS\system32\addil32.exeTROJ_DLOADER.GEDeletion
successful
C:\WINDOWS\system32\addjc32.exeTROJ_DLOADER.GEDeletion
successful
C:\WINDOWS\system32\addjf.exeTROJ_DLOADER.GEDeletion
successful
C:\WINDOWS\system32\addkj.exeTROJ_DLOADER.HPDeletion
successful
C:\WINDOWS\system32\addkk.exeTROJ_DLOADER.GEDeletion
successful
C:\WINDOWS\system32\addkq.exeTROJ_DLOADER.HPDeletion
successful
C:\WINDOWS\system32\addlz32.exeTROJ_DLOADER.GEDeletion
successful
C:\WINDOWS\system32\addoe.exeTROJ_DLOADER.LZDeletion
successful
C:\WINDOWS\system32\addoo32.exeTROJ_DLOADER.HPDeletion
successful
C:\WINDOWS\system32\addpg.exeTROJ_DLOADER.HPDeletion
successful
C:\WINDOWS\system32\addrt32.exeTROJ_DLOADER.GEDeletion
successful
C:\WINDOWS\system32\addtn32.exeTROJ_DLOADER.HPDeletion
successful
C:\WINDOWS\system32\addtx.exeTROJ_DLOADER.GEDeletion
successful
C:\WINDOWS\system32\adduh.exeTROJ_DLOADER.HPDeletion
successful
C:\WINDOWS\system32\adduv.exeTROJ_DLOADER.LZDeletion
successful
C:\WINDOWS\system32\adduz.exeTROJ_DLOADER.GEDeletion
successful
C:\WINDOWS\system32\addvl32.exeTROJ_DLOADER.GEDeletion
successful
C:\WINDOWS\system32\addvz.exeTROJ_DLOADER.HPDeletion
successful
C:\WINDOWS\system32\addwx.exeTROJ_DLOADER.GEDeletion
successful
C:\WINDOWS\system32\addxz32.exeTROJ_DLOADER.HPDeletion
successful
C:\WINDOWS\system32\apiaa.exeTROJ_AGENT.TQDeletion
successful
C:\WINDOWS\system32\apiaj32.exeTROJ_AGENT.PGDeletion
successful
C:\WINDOWS\system32\apibd.exeTROJ_AGENT.TQDeletion
successful
C:\WINDOWS\system32\apici.exeTROJ_DLOADER.GEDeletion
successful
C:\WINDOWS\system32\apide32.exeTROJ_DLOADER.LZDeletion
successful
C:\WINDOWS\system32\apidi32.exeTROJ_AGENT.PGDeletion
successful
C:\WINDOWS\system32\apidq32.exeTROJ_AGENT.PGDeletion
successful
C:\WINDOWS\system32\apiea.exeTROJ_DLOADER.GEDeletion
successful
C:\WINDOWS\system32\apigc.exeTROJ_DLOADER.GEDeletion
successful
C:\WINDOWS\system32\apiiz32.exeTROJ_DLOADER.GEDeletion
successful
C:\WINDOWS\system32\apijz32.exeTROJ_AGENT.PGDeletion
successful
C:\WINDOWS\system32\apikg32.exeTROJ_DLOADER.HPDeletion
successful
C:\WINDOWS\system32\apild32.exeTROJ_DLOADER.GEDeletion
successful
C:\WINDOWS\system32\apinh.exeTROJ_DLOADER.GEDeletion
successful
C:\WINDOWS\system32\apinj32.exeTROJ_DLOADER.GEDeletion
successful
C:\WINDOWS\system32\apiol32.exeTROJ_DLOADER.LZDeletion
successful
C:\WINDOWS\system32\apioy32.exeTROJ_DLOADER.GEDeletion
successful
C:\WINDOWS\system32\apioz32.exeTROJ_DLOADER.LZDeletion
successful
C:\WINDOWS\system32\apirf.exeTROJ_DLOADER.GEDeletion
successful
C:\WINDOWS\system32\apisk.exeTROJ_DLOADER.GEDeletion
successful
C:\WINDOWS\system32\apisq32.exeTROJ_DLOADER.HPDeletion
successful
C:\WINDOWS\system32\apisx.exeTROJ_DLOADER.GEDeletion
successful
C:\WINDOWS\system32\apity.exeTROJ_DLOADER.GEDeletion
successful
C:\WINDOWS\system32\apivu32.exeTROJ_DLOADER.GEDeletion
successful
C:\WINDOWS\system32\apiwb32.exeTROJ_DLOADER.GEDeletion
successful
C:\WINDOWS\system32\apiws.exeTROJ_DLOADER.LZDeletion
successful
C:\WINDOWS\system32\apixf32.dllTROJ_DLOADER.OGDeletion
successful
C:\WINDOWS\system32\apixf32.exeTROJ_DLOADER.HPDeletion
successful
C:\WINDOWS\system32\apixy.exeTROJ_DLOADER.GEDeletion
successful
C:\WINDOWS\system32\apiym.exeTROJ_DLOADER.GEDeletion
successful
C:\WINDOWS\system32\apiza32.exeTROJ_DLOADER.HPDeletion
successful
C:\WINDOWS\system32\appab32.exeTROJ_DLOADER.GEDeletion
successful
C:\WINDOWS\system32\appbj.exeTROJ_DLOADER.HPDeletion
successful
C:\WINDOWS\system32\appbt.exeTROJ_DLOADER.HPDeletion
successful
C:\WINDOWS\system32\appbx32.exeTROJ_DLOADER.GEDeletion
successful
C:\WINDOWS\system32\appgq32.exeTROJ_DLOADER.HPDeletion
successful
C:\WINDOWS\system32\appin.exeTROJ_DLOADER.GEDeletion
successful
C:\WINDOWS\system32\appiz32.dllTROJ_DLOADER.LZDeletion
successful
C:\WINDOWS\system32\appjn.exeTROJ_DLOADER.GEDeletion
successful
C:\WINDOWS\system32\appjo.exeTROJ_DLOADER.GEDeletion
successful
C:\WINDOWS\system32\appjx.exeTROJ_DLOADER.GEDeletion
successful
C:\WINDOWS\system32\appnb.exeTROJ_DLOADER.GEDeletion
successful
C:\WINDOWS\system32\appow32.exeTROJ_DLOADER.GEDeletion
successful
C:\WINDOWS\system32\apprd32.exeTROJ_DLOADER.GEDeletion
successful
C:\WINDOWS\system32\appsw32.exeTROJ_DLOADER.HPDeletion
successful
C:\WINDOWS\system32\appwb32.exeTROJ_DLOADER.GEDeletion
successful
C:\WINDOWS\system32\appzk.exeTROJ_AGENT.PGDeletion
successful
C:\WINDOWS\system32\atlbj.exeTROJ_DLOADER.LZDeletion
successful
C:\WINDOWS\system32\atlda.exeTROJ_DLOADER.GEDeletion
successful
C:\WINDOWS\system32\atldg32.exeTROJ_DLOADER.LZDeletion
successful
C:\WINDOWS\system32\atlet.exeTROJ_AGENT.PGDeletion
successful
C:\WINDOWS\system32\atlhc.exeTROJ_DLOADER.HPDeletion
successful
C:\WINDOWS\system32\atlij32.exeTROJ_DLOADER.GEDeletion
successful
C:\WINDOWS\system32\atliz32.exeTROJ_AGENT.JIDeletion
successful
C:\WINDOWS\system32\atlmg.dllTROJ_STARTPAG.REDeletion
successful
C:\WINDOWS\system32\atlnk.exeTROJ_DLOADER.HPDeletion
successful
C:\WINDOWS\system32\atloh.exeTROJ_DLOADER.GEDeletion
successful
C:\WINDOWS\system32\atloj.exeTROJ_DLOADER.HPDeletion
successful
C:\WINDOWS\system32\atlsh.exeTROJ_AGENT.TQDeletion
successful
C:\WINDOWS\system32\atlsy32.exeTROJ_DLOADER.GEDeletion
successful
C:\WINDOWS\system32\atltq.exeTROJ_DLOADER.LZDeletion
successful
C:\WINDOWS\system32\atluo.exeTROJ_AGENT.TQDeletion
successful
C:\WINDOWS\system32\atluy.exeTROJ_DLOADER.GEDeletion
successful
C:\WINDOWS\system32\atlym.exeTROJ_DLOADER.GEDeletion
successful
C:\WINDOWS\system32\atlyt32.exeTROJ_DLOADER.GEDeletion
successful
C:\WINDOWS\system32\atlzs32.exeTROJ_DLOADER.GEDeletion
successful
C:\WINDOWS\system32\bylfz.dllTROJ_STARTPAG.REDeletion
successful
C:\WINDOWS\system32\cdgaq.dllTROJ_STARTPAG.REDeletion
successful
C:\WINDOWS\system32\cnapb.dllTROJ_STARTPAG.REDeletion
successful
C:\WINDOWS\system32\crcc32.exeTROJ_DLOADER.GEDeletion
successful
C:\WINDOWS\system32\crcm.exeTROJ_DLOADER.GEDeletion
successful
C:\WINDOWS\system32\crdo32.exeTROJ_DLOADER.GEDeletion
successful
C:\WINDOWS\system32\creu32.exeTROJ_DLOADER.LZDeletion
successful
C:\WINDOWS\system32\crfi.exeTROJ_DLOADER.HPDeletion
successful
C:\WINDOWS\system32\crgf.exeTROJ_DLOADER.GEDeletion
successful
C:\WINDOWS\system32\crhx.exeTROJ_DLOADER.GEDeletion
successful
C:\WINDOWS\system32\crhy32.exeTROJ_DLOADER.GEDeletion
successful
C:\WINDOWS\system32\crjj.exeTROJ_DLOADER.HPDeletion
successful
C:\WINDOWS\system32\crki32.exeTROJ_AGENT.TQDeletion
successful
C:\WINDOWS\system32\crkx.exeTROJ_AGENT.PGDeletion
successful
C:\WINDOWS\system32\crqy32.exeTROJ_AGENT.PGDeletion
successful
C:\WINDOWS\system32\crrd.exeTROJ_DLOADER.LZDeletion
successful
C:\WINDOWS\system32\crum.exeTROJ_DLOADER.HPDeletion
successful
C:\WINDOWS\system32\crvn32.exeTROJ_DLOADER.GEDeletion
successful
C:\WINDOWS\system32\cryz.exeTROJ_DLOADER.GEDeletion
successful
C:\WINDOWS\system32\crzz32.exeTROJ_DLOADER.HPDeletion
successful
C:\WINDOWS\system32\d3ad.exeTROJ_DLOADER.GEDeletion
successful
C:\WINDOWS\system32\d3bb.exeTROJ_DLOADER.HPDeletion
successful
C:\WINDOWS\system32\d3by.exeTROJ_DLOADER.GEDeletion
successful
C:\WINDOWS\system32\d3fi.exeTROJ_DLOADER.GEDeletion
successful
C:\WINDOWS\system32\d3hi32.exeTROJ_DLOADER.GEDeletion
successful
C:\WINDOWS\system32\d3hu32.exeTROJ_DLOADER.HPDeletion
successful
C:\WINDOWS\system32\d3ip.exeTROJ_AGENT.TQDeletion
successful
C:\WINDOWS\system32\d3js.exeTROJ_AGENT.PGDeletion
successful
C:\WINDOWS\system32\d3kf.exeTROJ_DLOADER.GEDeletion
successful
C:\WINDOWS\system32\d3ld.exeTROJ_AGENT.JIDeletion
successful
C:\WINDOWS\system32\d3lf32.exeTROJ_AGENT.TQDeletion
successful
C:\WINDOWS\system32\d3lw.exeTROJ_DLOADER.GEDeletion
successful
C:\WINDOWS\system32\d3no32.exeTROJ_DLOADER.GEDeletion
successful
C:\WINDOWS\system32\d3pq.exeTROJ_DLOADER.GEDeletion
successful
C:\WINDOWS\system32\d3pr.exeTROJ_DLOADER.LZDeletion
successful
C:\WINDOWS\system32\d3sh32.exeTROJ_DLOADER.HPDeletion
successful
C:\WINDOWS\system32\d3sn.exeTROJ_DLOADER.GEDeletion
successful
C:\WINDOWS\system32\d3tb32.exeTROJ_DLOADER.HPDeletion
successful
C:\WINDOWS\system32\d3un32.exeTROJ_DLOADER.LZDeletion
successful
C:\WINDOWS\system32\d3xi32.exeTROJ_DLOADER.GEDeletion
successful
C:\WINDOWS\system32\ftfun.dllTROJ_STARTPAG.REDeletion
successful
C:\WINDOWS\system32\gvqfq.dllTROJ_STARTPAG.REDeletion
successful
C:\WINDOWS\system32\iecc.exeTROJ_DLOADER.HPDeletion
successful
C:\WINDOWS\system32\iecv.exeTROJ_AGENT.PGDeletion
successful
C:\WINDOWS\system32\ieds.exeTROJ_DLOADER.HPDeletion
successful
C:\WINDOWS\system32\ieft.exeTROJ_DLOADER.LZDeletion
successful
C:\WINDOWS\system32\iegk.exeTROJ_DLOADER.HPDeletion
successful
C:\WINDOWS\system32\iehl.exeTROJ_DLOADER.GEDeletion
successful
C:\WINDOWS\system32\iehy32.exeTROJ_AGENT.PGDeletion
successful
C:\WINDOWS\system32\ieiu.exeTROJ_DLOADER.HPDeletion
successful
C:\WINDOWS\system32\ieke.dllTROJ_DLOADER.LZDeletion
successful
C:\WINDOWS\system32\ient.exeTROJ_DLOADER.LZDeletion
successful
C:\WINDOWS\system32\iepy32.exeTROJ_DLOADER.GEDeletion
successful
C:\WINDOWS\system32\iesu32.exeTROJ_DLOADER.LZDeletion
successful
C:\WINDOWS\system32\ievb.exeTROJ_DLOADER.GEDeletion
successful
C:\WINDOWS\system32\ievt32.exeTROJ_DLOADER.HPDeletion
successful
C:\WINDOWS\system32\ievu32.exeTROJ_DLOADER.GEDeletion
successful
C:\WINDOWS\system32\iexm.exeTROJ_DLOADER.GEDeletion
successful
C:\WINDOWS\system32\iexn32.exeTROJ_DLOADER.GEDeletion
successful
C:\WINDOWS\system32\iezo.exeTROJ_DLOADER.GEDeletion
successful
C:\WINDOWS\system32\imjfs.dllTROJ_STARTPAG.REDeletion
successful
C:\WINDOWS\system32\ipam.exeTROJ_AGENT.PGDeletion
successful
C:\WINDOWS\system32\ipee32.exeTROJ_DLOADER.GEDeletion
successful
C:\WINDOWS\system32\ipev32.exeTROJ_DLOADER.GEDeletion
successful
C:\WINDOWS\system32\ipfa32.exeTROJ_DLOADER.GEDeletion
successful
C:\WINDOWS\system32\ipiw32.exeTROJ_DLOADER.GEDeletion
successful
C:\WINDOWS\system32\ipjs.exeTROJ_DLOADER.GEDeletion
successful
C:\WINDOWS\system32\ipjy.exeTROJ_AGENT.TQDeletion
successful
C:\WINDOWS\system32\ipkc.exeTROJ_DLOADER.LZDeletion
successful
C:\WINDOWS\system32\ipmb32.exeTROJ_DLOADER.LZDeletion
successful
C:\WINDOWS\system32\ipmp.exeTROJ_AGENT.PGDeletion
successful
C:\WINDOWS\system32\ipor.exeTROJ_DLOADER.GEDeletion
successful
C:\WINDOWS\system32\iprd.exeTROJ_AGENT.PGDeletion
successful
C:\WINDOWS\system32\ipri.exeTROJ_DLOADER.GEDeletion
successful
C:\WINDOWS\system32\ipsn.exeTROJ_DLOADER.GEDeletion
successful
C:\WINDOWS\system32\ipur32.exeTROJ_DLOADER.GEDeletion
successful
C:\WINDOWS\system32\ipzm.ex_TROJ_DLOADER.GEDeletion
successful
C:\WINDOWS\system32\ipzz.exeTROJ_DLOADER.GEDeletion
successful
C:\WINDOWS\system32\javaad32.exeTROJ_DLOADER.GEDeletion
successful
C:\WINDOWS\system32\javaar.exeTROJ_DLOADER.LZDeletion
successful
C:\WINDOWS\system32\javaau.exeTROJ_DLOADER.GEDeletion
successful
C:\WINDOWS\system32\javabg32.exeTROJ_DLOADER.GEDeletion
successful
C:\WINDOWS\system32\javabi.exeTROJ_DLOADER.LZDeletion
successful
C:\WINDOWS\system32\javacl32.exeTROJ_DLOADER.GEDeletion
successful
C:\WINDOWS\system32\javaeg.exeTROJ_AGENT.PGDeletion
successful
C:\WINDOWS\system32\javais.exeTROJ_DLOADER.GEDeletion
successful
C:\WINDOWS\system32\javaiy32.exeTROJ_AGENT.PGDeletion
successful
C:\WINDOWS\system32\javakx.exeTROJ_DLOADER.HPDeletion
successful
C:\WINDOWS\system32\javaky32.exeTROJ_DLOADER.GEDeletion
successful
C:\WINDOWS\system32\javama.exeTROJ_DLOADER.GEDeletion
successful
C:\WINDOWS\system32\javanu32.exeTROJ_DLOADER.GEDeletion
successful
C:\WINDOWS\system32\javaop32.exeTROJ_DLOADER.HPDeletion
successful
C:\WINDOWS\system32\javart32.exeTROJ_DLOADER.GEDeletion
successful
C:\WINDOWS\system32\javasj32.exeTROJ_DLOADER.HPDeletion
successful
C:\WINDOWS\system32\javasm32.exeTROJ_DLOADER.LZDeletion
successful
C:\WINDOWS\system32\javasr.exeTROJ_DLOADER.GEDeletion
successful
C:\WINDOWS\system32\javavg32.exeTROJ_DLOADER.GEDeletion
successful
C:\WINDOWS\system32\javavi.exeTROJ_DLOADER.GEDeletion
successful
C:\WINDOWS\system32\javawh.exeTROJ_DLOADER.LZDeletion
successful
C:\WINDOWS\system32\javazm.exeTROJ_DLOADER.GEDeletion
successful
C:\WINDOWS\system32\mfcad32.exeTROJ_DLOADER.GEDeletion
successful
C:\WINDOWS\system32\mfcax32.exeTROJ_DLOADER.GEDeletion
successful
C:\WINDOWS\system32\mfccb.exeTROJ_DLOADER.LZDeletion
successful
C:\WINDOWS\system32\mfcce32.exeTROJ_AGENT.PGDeletion
successful
C:\WINDOWS\system32\mfcdq32.exeTROJ_DLOADER.HPDeletion
successful
C:\WINDOWS\system32\mfcea.exeTROJ_DLOADER.GEDeletion
successful
C:\WINDOWS\system32\mfcei.exeTROJ_DLOADER.GEDeletion
successful
C:\WINDOWS\system32\mfcfn.exeTROJ_DLOADER.LZDeletion
successful
C:\WINDOWS\system32\mfcgx32.exeTROJ_AGENT.TQDeletion
successful
C:\WINDOWS\system32\mfchk32.exeTROJ_DLOADER.HPDeletion
successful
C:\WINDOWS\system32\mfchm.exeTROJ_DLOADER.GEDeletion
successful
C:\WINDOWS\system32\mfchv.exeTROJ_DLOADER.HPDeletion
successful
C:\WINDOWS\system32\mfcid32.exeTROJ_AGENT.TQDeletion
successful
C:\WINDOWS\system32\mfcii32.exeTROJ_DLOADER.LZDeletion
successful
C:\WINDOWS\system32\mfcit.exeTROJ_DLOADER.HPDeletion
successful
C:\WINDOWS\system32\mfcjr.exeTROJ_AGENT.PGDeletion
successful
C:\WINDOWS\system32\mfcjr32.exeTROJ_DLOADER.GEDeletion
successful
C:\WINDOWS\system32\mfckd32.exeTROJ_DLOADER.GEDeletion
successful
C:\WINDOWS\system32\mfcll32.exeTROJ_DLOADER.LZDeletion
successful
C:\WINDOWS\system32\mfcmf.exeTROJ_DLOADER.GEDeletion
successful
C:\WINDOWS\system32\mfcrh32.exeTROJ_DLOADER.GEDeletion
successful
C:\WINDOWS\system32\mfctr32.exeTROJ_DLOADER.GEDeletion
successful
C:\WINDOWS\system32\mfcug32.exeTROJ_DLOADER.HPDeletion
successful
C:\WINDOWS\system32\mfcvf.exeTROJ_DLOADER.GEDeletion
successful
C:\WINDOWS\system32\mfcwy.exeTROJ_AGENT.TQDeletion
successful
C:\WINDOWS\system32\mfcxb.exeTROJ_DLOADER.LZDeletion
successful
C:\WINDOWS\system32\mfcxe32.exeTROJ_DLOADER.GEDeletion
successful
C:\WINDOWS\system32\mfcxj32.exeTROJ_DLOADER.HPDeletion
successful
C:\WINDOWS\system32\mfcyv.exeTROJ_DLOADER.GEDeletion
successful
C:\WINDOWS\system32\mfpxy.dllTROJ_STARTPAG.REDeletion
successful
C:\WINDOWS\system32\msad32.exeTROJ_DLOADER.HPDeletion
successful
C:\WINDOWS\system32\msbi32.exeTROJ_DLOADER.GEDeletion
successful
C:\WINDOWS\system32\mscy.exeTROJ_DLOADER.LZDeletion
successful
C:\WINDOWS\system32\msey32.exeTROJ_AGENT.TQDeletion
successful
C:\WINDOWS\system32\msfe32.exeTROJ_DLOADER.GEDeletion
successful
C:\WINDOWS\system32\msnt.exeTROJ_DLOADER.GEDeletion
successful
C:\WINDOWS\system32\msob.exeTROJ_DLOADER.LZDeletion
successful
C:\WINDOWS\system32\mspi32.exeTROJ_DLOADER.GEDeletion
successful
C:\WINDOWS\system32\mspj.exeTROJ_DLOADER.GEDeletion
successful
C:\WINDOWS\system32\mspj32.exeTROJ_AGENT.PGDeletion
successful
C:\WINDOWS\system32\msrf32.exeTROJ_DLOADER.GEDeletion
successful
C:\WINDOWS\system32\msrr.exeTROJ_DLOADER.GEDeletion
successful
C:\WINDOWS\system32\mssk.exeTROJ_DLOADER.GEDeletion
successful
C:\WINDOWS\system32\msuy32.exeTROJ_DLOADER.LZDeletion
successful
C:\WINDOWS\system32\msvf32.exeTROJ_DLOADER.GEDeletion
successful
C:\WINDOWS\system32\mswo32.exeTROJ_DLOADER.GEDeletion
successful
C:\WINDOWS\system32\msxz.exeTROJ_DLOADER.GEDeletion
successful
C:\WINDOWS\system32\mszm32.exeTROJ_DLOADER.HPDeletion
successful
C:\WINDOWS\system32\ndasb.dllTROJ_STARTPAG.REDeletion
successful
C:\WINDOWS\system32\neteg32.exeTROJ_DLOADER.GEDeletion
successful
C:\WINDOWS\system32\netei32.exeTROJ_AGENT.PGDeletion
successful
C:\WINDOWS\system32\neter32.exeTROJ_DLOADER.HPDeletion
successful
C:\WINDOWS\system32\netex32.exeTROJ_DLOADER.LZDeletion
successful
C:\WINDOWS\system32\netfb.exeTROJ_DLOADER.HPDeletion
successful
C:\WINDOWS\system32\netfd32.exeTROJ_DLOADER.GEDeletion
successful
C:\WINDOWS\system32\netff32.exeTROJ_DLOADER.GEDeletion
successful
C:\WINDOWS\system32\nethy32.exeTROJ_DLOADER.GEDeletion
successful
C:\WINDOWS\system32\netic.exeTROJ_DLOADER.GEDeletion
successful
C:\WINDOWS\system32\netij.exeTROJ_DLOADER.HPDeletion
successful
C:\WINDOWS\system32\netjs.exeTROJ_DLOADER.GEDeletion
successful
C:\WINDOWS\system32\netjt.exeTROJ_DLOADER.HPDeletion
successful
C:\WINDOWS\system32\netlc.exeTROJ_DLOADER.GEDeletion
successful
C:\WINDOWS\system32\netoz32.exeTROJ_DLOADER.GEDeletion
successful
C:\WINDOWS\system32\netpu32.exeTROJ_AGENT.TQDeletion
successful
C:\WINDOWS\system32\netqr32.exeTROJ_DLOADER.GEDeletion
successful
C:\WINDOWS\system32\netra32.exeTROJ_DLOADER.GEDeletion
successful
C:\WINDOWS\system32\netrd.exeTROJ_DLOADER.GEDeletion
successful
C:\WINDOWS\system32\nettt.exeTROJ_DLOADER.GEDeletion
successful
C:\WINDOWS\system32\netuc.exeTROJ_DLOADER.GEDeletion
successful
C:\WINDOWS\system32\netuh.exeTROJ_AGENT.TQDeletion
successful
C:\WINDOWS\system32\netus.exeTROJ_DLOADER.GEDeletion
successful
C:\WINDOWS\system32\netuz.exeTROJ_DLOADER.GEDeletion
successful
C:\WINDOWS\system32\netwq.exeTROJ_DLOADER.HPDeletion
successful
C:\WINDOWS\system32\netxk.exeTROJ_DLOADER.HPDeletion
successful
C:\WINDOWS\system32\netyi.exeTROJ_AGENT.PGDeletion
successful
C:\WINDOWS\system32\ntav32.exeTROJ_DLOADER.GEDeletion
successful
C:\WINDOWS\system32\ntaz.exeTROJ_DLOADER.HPDeletion
successful
C:\WINDOWS\system32\ntbd.exeTROJ_DLOADER.LZDeletion
successful
C:\WINDOWS\system32\ntcb.exeTROJ_DLOADER.LZDeletion
successful
C:\WINDOWS\system32\ntct.exeTROJ_DLOADER.GEDeletion
successful
C:\WINDOWS\system32\ntem32.exeTROJ_AGENT.TQDeletion
successful
C:\WINDOWS\system32\ntfg.exeTROJ_DLOADER.HPDeletion
successful
C:\WINDOWS\system32\ntfu.exeTROJ_DLOADER.LZDeletion
successful
C:\WINDOWS\system32\nthm32.exeTROJ_DLOADER.GEDeletion
successful
C:\WINDOWS\system32\ntis32.exeTROJ_AGENT.JIDeletion
successful
C:\WINDOWS\system32\ntix32.exeTROJ_AGENT.PGDeletion
successful
C:\WINDOWS\system32\ntiz.exeTROJ_DLOADER.GEDeletion
successful
C:\WINDOWS\system32\ntjp.exeTROJ_DLOADER.GEDeletion
successful
C:\WINDOWS\system32\ntjv32.exeTROJ_DLOADER.GEDeletion
successful
C:\WINDOWS\system32\ntmv.exeTROJ_DLOADER.GEDeletion
successful
C:\WINDOWS\system32\ntni.exeTROJ_AGENT.PGDeletion
successful
C:\WINDOWS\system32\ntsj32.exeTROJ_DLOADER.GEDeletion
successful
C:\WINDOWS\system32\nttd32.exeTROJ_DLOADER.HPDeletion
successful
C:\WINDOWS\system32\nttt.exeTROJ_AGENT.TQDeletion
successful
C:\WINDOWS\system32\ntua.exeTROJ_DLOADER.GEDeletion
successful
C:\WINDOWS\system32\ntuu32.exeTROJ_DLOADER.HPDeletion
successful
C:\WINDOWS\system32\ntvo32.exeTROJ_DLOADER.GEDeletion
successful
C:\WINDOWS\system32\ntzt32.exeTROJ_DLOADER.GEDeletion
successful
C:\WINDOWS\system32\orlsx.dllTROJ_STARTPAG.REDeletion
successful
C:\WINDOWS\system32\rnrcs.dllTROJ_STARTPAG.REDeletion
successful
C:\WINDOWS\system32\sbkfu.dllTROJ_STARTPAG.REDeletion
successful
C:\WINDOWS\system32\sdkaw32.exeTROJ_DLOADER.GEDeletion
successful
C:\WINDOWS\system32\sdkbp.exeTROJ_DLOADER.HPDeletion
successful
C:\WINDOWS\system32\sdkcd.exeTROJ_DLOADER.GEDeletion
successful
C:\WINDOWS\system32\sdkcp.exeTROJ_DLOADER.LZDeletion
successful
C:\WINDOWS\system32\sdkeu32.exeTROJ_DLOADER.GEDeletion
successful
C:\WINDOWS\system32\sdkew32.exeTROJ_DLOADER.GEDeletion
successful
C:\WINDOWS\system32\sdkgx32.exeTROJ_DLOADER.HPDeletion
successful
C:\WINDOWS\system32\sdkhm32.exeTROJ_DLOADER.GEDeletion
successful
C:\WINDOWS\system32\sdkin32.exeTROJ_DLOADER.GEDeletion
successful
C:\WINDOWS\system32\sdkku32.exeTROJ_AGENT.PGDeletion
successful
C:\WINDOWS\system32\sdkle32.exeTROJ_DLOADER.GEDeletion
successful
C:\WINDOWS\system32\sdklw.exeTROJ_DLOADER.HPDeletion
successful
C:\WINDOWS\system32\sdkoa.exeTROJ_DLOADER.LZDeletion
successful
C:\WINDOWS\system32\sdkpm.exeTROJ_DLOADER.GEDeletion
successful
C:\WINDOWS\system32\sdkrv32.exeTROJ_AGENT.TQDeletion
successful
C:\WINDOWS\system32\sdkug32.exeTROJ_DLOADER.GEDeletion
successful
C:\WINDOWS\system32\sdkuk32.ex_TROJ_DLOADER.GEDeletion
successful
C:\WINDOWS\system32\sdkvi.exeTROJ_DLOADER.HPDeletion
successful
C:\WINDOWS\system32\sdkwg32.exeTROJ_DLOADER.GEDeletion
successful
C:\WINDOWS\system32\sdkwm32.exeTROJ_DLOADER.GEDeletion
successful
C:\WINDOWS\system32\sdkwy32.exeTROJ_DLOADER.LZDeletion
successful
C:\WINDOWS\system32\sdkzg.exeTROJ_DLOADER.GEDeletion
successful
C:\WINDOWS\system32\styiq.dllTROJ_STARTPAG.REDeletion
successful
C:\WINDOWS\system32\sysaj32.exeTROJ_DLOADER.LZDeletion
successful
C:\WINDOWS\system32\sysam32.exeTROJ_DLOADER.GEDeletion
successful
C:\WINDOWS\system32\sysch32.exeTROJ_DLOADER.GEDeletion
successful
C:\WINDOWS\system32\syscx32.exeTROJ_DLOADER.GEDeletion
successful
C:\WINDOWS\system32\sysdb32.exeTROJ_DLOADER.LZDeletion
successful
C:\WINDOWS\system32\sysdp.exeTROJ_DLOADER.LZDeletion
successful
C:\WINDOWS\system32\sysds32.exeTROJ_DLOADER.GEDeletion
successful
C:\WINDOWS\system32\sysid32.exeTROJ_DLOADER.GEDeletion
successful
C:\WINDOWS\system32\sysie32.exeTROJ_AGENT.PGDeletion
successful
C:\WINDOWS\system32\sysig32.exeTROJ_DLOADER.HPDeletion
successful
C:\WINDOWS\system32\sysim32.exeTROJ_DLOADER.GEDeletion
successful
C:\WINDOWS\system32\sysiz.exeTROJ_DLOADER.GEDeletion
successful
C:\WINDOWS\system32\syslo.exeTROJ_DLOADER.GEDeletion
successful
C:\WINDOWS\system32\sysmm.exeTROJ_AGENT.PGDeletion
successful
C:\WINDOWS\system32\sysqg.exeTROJ_DLOADER.GEDeletion
successful
C:\WINDOWS\system32\syssi.exeTROJ_DLOADER.GEDeletion
successful
C:\WINDOWS\system32\systy32.exeTROJ_DLOADER.GEDeletion
successful
C:\WINDOWS\system32\syswa32.exeTROJ_DLOADER.GEDeletion
successful
C:\WINDOWS\system32\sysxm.exeTROJ_DLOADER.GEDeletion
successful
C:\WINDOWS\system32\sysxs32.exeTROJ_AGENT.PGDeletion
successful
C:\WINDOWS\system32\sysya.exeTROJ_DLOADER.HPDeletion
successful
C:\WINDOWS\system32\vwsnv.dllTROJ_STARTPAG.REDeletion
successful
C:\WINDOWS\system32\winbu.exeTROJ_DLOADER.GEDeletion
successful
C:\WINDOWS\system32\wincj.exeTROJ_DLOADER.LZDeletion
successful
C:\WINDOWS\system32\winfe32.exeTROJ_DLOADER.GEDeletion
successful
C:\WINDOWS\system32\winim32.exeTROJ_DLOADER.HPDeletion
successful
C:\WINDOWS\system32\winkz.exeTROJ_DLOADER.LZDeletion
successful
C:\WINDOWS\system32\winll32.exeTROJ_DLOADER.GEDeletion
successful
C:\WINDOWS\system32\winol32.exeTROJ_AGENT.PGDeletion
successful
C:\WINDOWS\system32\winrl32.exeTROJ_AGENT.PGDeletion
successful
C:\WINDOWS\system32\winrq.exeTROJ_DLOADER.GEDeletion
successful
C:\WINDOWS\system32\winur.exeTROJ_DLOADER.GEDeletion
successful
C:\WINDOWS\system32\winvg32.exeTROJ_DLOADER.HPDeletion
successful
C:\WINDOWS\system32\winvh.exeTROJ_DLOADER.LZDeletion
successful
C:\WINDOWS\system32\winvn32.exeTROJ_AGENT.PGDeletion
successful
C:\WINDOWS\system32\winvx.exeTROJ_DLOADER.HPDeletion
successful
C:\WINDOWS\system32\winxm.exeTROJ_DLOADER.LZDeletion
successful
C:\WINDOWS\system32\winxq.exeTROJ_DLOADER.GEDeletion
successful
C:\WINDOWS\system32\winxu.exeTROJ_DLOADER.GEDeletion
successful
C:\WINDOWS\system32\winyt.exeTROJ_DLOADER.GEDeletion
successful
C:\WINDOWS\system32\xodin.dllTROJ_STARTPAG.REDeletion
successful
C:\WINDOWS\system32\yxogl.dllTROJ_STARTPAG.REDeletion
successful
C:\WINDOWS\adddr.exeTROJ_DLOADER.GEDeletion
successful
C:\WINDOWS\addfs32.exeTROJ_DLOADER.HPDeletion
successful
C:\WINDOWS\addhb32.exeTROJ_DLOADER.HPDeletion
successful
C:\WINDOWS\addhi32.dllTROJ_DLOADER.LZDeletion
successful
C:\WINDOWS\addjn.exeTROJ_DLOADER.GEDeletion
successful
C:\WINDOWS\addkl.exeTROJ_DLOADER.GEDeletion
successful
C:\WINDOWS\addku32.exeTROJ_DLOADER.GEDeletion
successful
C:\WINDOWS\addmo32.exeTROJ_DLOADER.LZDeletion
successful
C:\WINDOWS\addqi32.exeTROJ_DLOADER.GEDeletion
successful
C:\WINDOWS\addqk.exeTROJ_DLOADER.HPDeletion
successful
C:\WINDOWS\addsm.exeTROJ_AGENT.TQDeletion
successful
C:\WINDOWS\addsz.exeTROJ_DLOADER.HPDeletion
successful
C:\WINDOWS\addua32.exeTROJ_DLOADER.GEDeletion
successful
C:\WINDOWS\addui32.exeTROJ_AGENT.PGDeletion
successful
C:\WINDOWS\addwf32.exeTROJ_DLOADER.HPDeletion
successful
C:\WINDOWS\addxo32.exeTROJ_DLOADER.GEDeletion
successful
C:\WINDOWS
  • 0

#4
aalya
Posted 28 May 2005 - 07:00 PM

aalya

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
The trojan scan found something too:

[5/28/2005 18:25:44] System Is WindowsXP (5.1 (2600.Service Pack 2, v.2096))
[5/28/2005 18:25:44] The Cleaner Professional 4.1 BUILD 4252
[5/28/2005 18:25:44] Local Path: C:\Program Files\The Cleaner\
[5/28/2005 18:25:44] System Directory: C:\WINDOWS\system32\
[5/28/2005 18:25:44] Windows Directory: C:\WINDOWS\
[5/28/2005 18:26:53] *** Loading Options ***
[5/28/2005 18:26:53] *** Begin Session ***
[5/28/2005 18:26:53] System Is WindowsXP (5.1 (2600.Service Pack 2, v.2096))
[5/28/2005 18:26:53] The Cleaner Professional 4.1 BUILD 4252
[5/28/2005 18:26:53] Local Path: C:\Program Files\The Cleaner\
[5/28/2005 18:26:53] System Directory: C:\WINDOWS\system32\
[5/28/2005 18:26:53] Windows Directory: C:\WINDOWS\
[5/28/2005 18:29:18] Load Database
[5/28/2005 18:29:18] Loading database...
[5/28/2005 18:29:19] Ready.
[5/28/2005 18:29:19] PE = 1
[5/28/2005 18:29:19] Examining drives
[5/28/2005 18:29:19] C:\
[5/28/2005 18:29:19] D:\
[5/28/2005 18:29:21] Free space on drive C:\ = 15089475584.00 (14.05GB)
[5/28/2005 18:29:27] Scanning...
[5/28/2005 18:29:27] Beginning Scan
[5/28/2005 18:29:28] Scanning active memory...
[5/28/2005 18:29:33] Active memory scan complete.
[5/28/2005 18:29:33] Estimate byte count is 14908096512
[5/28/2005 18:29:33] Scanning Drive C
[5/28/2005 19:23:15] Cleaning Agent found in c:\windows\ipgv32.exe
[5/28/2005 19:23:19] Cleaning Agent found in c:\windows\iphb32.exe
[5/28/2005 19:23:21] Cleaning Agent found in c:\windows\ipoa.exe
[5/28/2005 19:23:26] Cleaning Agent found in c:\windows\iprl.exe
[5/28/2005 19:23:26] Cleaning Agent found in c:\windows\ipto.exe
[5/28/2005 19:23:26] Cleaning Agent found in c:\windows\ipur.exe
[5/28/2005 19:23:26] Cleaning Agent found in c:\windows\ipxo32.exe
[5/28/2005 19:23:26] Cleaning Agent found in c:\windows\ipyq.exe
[5/28/2005 19:23:26] Cleaning Agent found in c:\windows\ipyw32.exe
[5/28/2005 19:23:26] Cleaning Agent found in c:\windows\ipzd.exe
[5/28/2005 19:23:26] Cleaning Agent found in c:\windows\ipzg32.exe
[5/28/2005 19:23:27] Cleaning Agent found in c:\windows\javaaw32.exe
[5/28/2005 19:23:27] Cleaning Agent found in c:\windows\javael.exe
[5/28/2005 19:23:27] Cleaning Agent found in c:\windows\javaep.exe
[5/28/2005 19:23:27] Cleaning Agent found in c:\windows\javagb32.exe
[5/28/2005 19:23:27] Cleaning Agent found in c:\windows\javahk32.exe
[5/28/2005 19:23:27] Cleaning Agent found in c:\windows\javahw32.exe
[5/28/2005 19:23:27] Cleaning Agent found in c:\windows\javakb32.exe
[5/28/2005 19:23:28] Cleaning Agent found in c:\windows\javarf.exe
[5/28/2005 19:23:28] Cleaning Agent found in c:\windows\javarl.exe
[5/28/2005 19:23:28] Cleaning Agent found in c:\windows\javatn32.exe
[5/28/2005 19:23:29] Cleaning Agent found in c:\windows\mfcab32.exe
[5/28/2005 19:23:29] Cleaning Agent found in c:\windows\mfcan.exe
[5/28/2005 19:23:30] Cleaning Agent found in c:\windows\mfcev32.exe
[5/28/2005 19:23:30] Cleaning Agent found in c:\windows\mfciq32.exe
[5/28/2005 19:23:30] Cleaning Agent found in c:\windows\mfciv.exe
[5/28/2005 19:23:30] Cleaning Agent found in c:\windows\mfcjh.exe
[5/28/2005 19:23:30] Cleaning Agent found in c:\windows\mfcjs32.exe
[5/28/2005 19:23:30] Cleaning Agent found in c:\windows\mfcle.exe
[5/28/2005 19:23:30] Cleaning Agent found in c:\windows\mfcle32.exe
[5/28/2005 19:23:30] Cleaning Agent found in c:\windows\mfcli32.exe
[5/28/2005 19:23:30] Cleaning Agent found in c:\windows\mfcls.exe
[5/28/2005 19:23:31] Cleaning Agent found in c:\windows\mfcoe32.exe
[5/28/2005 19:23:31] Cleaning Agent found in c:\windows\mfcpv.exe
[5/28/2005 19:23:31] Cleaning Agent found in c:\windows\mfcqu32.exe
[5/28/2005 19:23:31] Cleaning Agent found in c:\windows\mfcte.exe
[5/28/2005 19:23:31] Cleaning Agent found in c:\windows\mfcty32.exe
[5/28/2005 19:23:31] Cleaning Agent found in c:\windows\mfcuu32.exe
[5/28/2005 19:23:32] Cleaning Agent found in c:\windows\mfcxu.exe
[5/28/2005 19:23:32] Cleaning Agent found in c:\windows\mfcyy.exe
[5/28/2005 19:23:33] Cleaning Agent found in c:\windows\msds.exe
[5/28/2005 19:23:33] Cleaning Agent found in c:\windows\mshe32.exe
[5/28/2005 19:23:33] Cleaning Agent found in c:\windows\msmq.exe
[5/28/2005 19:23:33] Cleaning Agent found in c:\windows\msnf32.exe
[5/28/2005 19:23:33] Cleaning Agent found in c:\windows\mspn.exe
[5/28/2005 19:23:33] Cleaning Agent found in c:\windows\msse32.exe
[5/28/2005 19:23:33] Cleaning Agent found in c:\windows\mssr.exe
[5/28/2005 19:23:34] Cleaning Agent found in c:\windows\msti32.exe
[5/28/2005 19:23:34] Cleaning Agent found in c:\windows\msvm.exe
[5/28/2005 19:23:34] Cleaning Agent found in c:\windows\mswh.exe
[5/28/2005 19:23:34] Cleaning Agent found in c:\windows\msyf.exe
[5/28/2005 19:23:34] Cleaning Agent found in c:\windows\netbc32.exe
[5/28/2005 19:23:34] Cleaning Agent found in c:\windows\netch.exe
[5/28/2005 19:23:34] Cleaning Agent found in c:\windows\netdy32.exe
[5/28/2005 19:23:35] Cleaning Agent found in c:\windows\neteh.exe
[5/28/2005 19:23:35] Cleaning Agent found in c:\windows\netff.exe
[5/28/2005 19:23:35] Cleaning Agent found in c:\windows\netgh.exe
[5/28/2005 19:23:35] Cleaning Agent found in c:\windows\netkp32.exe
[5/28/2005 19:23:35] Cleaning Agent found in c:\windows\netld.exe
[5/28/2005 19:23:35] Cleaning Agent found in c:\windows\netnt.exe
[5/28/2005 19:23:35] Cleaning Agent found in c:\windows\netnu.exe
[5/28/2005 19:23:36] Cleaning Agent found in c:\windows\netpe.exe
[5/28/2005 19:23:36] Cleaning Agent found in c:\windows\netqo32.exe
[5/28/2005 19:23:36] Cleaning Agent found in c:\windows\netuc.exe
[5/28/2005 19:23:36] Cleaning Agent found in c:\windows\netvc.exe
[5/28/2005 19:23:36] Cleaning Agent found in c:\windows\netwq32.exe
[5/28/2005 19:23:37] Cleaning Agent found in c:\windows\netwy.exe
[5/28/2005 19:23:37] Cleaning Agent found in c:\windows\netxg.exe
[5/28/2005 19:23:37] Cleaning Agent found in c:\windows\netxr.exe
[5/28/2005 19:23:37] Cleaning Agent found in c:\windows\netyz32.exe
[5/28/2005 19:23:37] Cleaning Agent found in c:\windows\ntae32.exe
[5/28/2005 19:23:37] Cleaning Agent found in c:\windows\ntar32.exe
[5/28/2005 19:23:37] Cleaning Agent found in c:\windows\ntas.exe
[5/28/2005 19:23:37] Cleaning Agent found in c:\windows\ntay32.exe
[5/28/2005 19:23:37] Cleaning Agent found in c:\windows\ntbz.exe
[5/28/2005 19:23:38] Cleaning Agent found in c:\windows\ntcp32.exe
[5/28/2005 19:23:38] Cleaning Agent found in c:\windows\ntgl.exe
[5/28/2005 19:23:38] Cleaning Agent found in c:\windows\ntgr.exe
[5/28/2005 19:23:38] Cleaning Agent found in c:\windows\ntgz32.exe
[5/28/2005 19:23:38] Cleaning Agent found in c:\windows\nthg.exe
[5/28/2005 19:23:38] Cleaning Agent found in c:\windows\ntjg.exe
[5/28/2005 19:23:38] Cleaning Agent found in c:\windows\ntjr.exe
[5/28/2005 19:23:39] Cleaning Agent found in c:\windows\ntkt32.exe
[5/28/2005 19:23:39] Cleaning Agent found in c:\windows\ntln.exe
[5/28/2005 19:23:39] Cleaning Agent found in c:\windows\ntmk32.exe
[5/28/2005 19:23:39] Cleaning Agent found in c:\windows\ntrd32.exe
[5/28/2005 19:23:39] Cleaning Agent found in c:\windows\nttg.exe
[5/28/2005 19:23:39] Cleaning Agent found in c:\windows\nttt.exe
[5/28/2005 19:23:39] Cleaning Agent found in c:\windows\ntxo.exe
[5/28/2005 19:23:39] Cleaning Agent found in c:\windows\ntye.exe
[5/28/2005 19:23:39] Cleaning Agent found in c:\windows\ntyj32.exe
[5/28/2005 19:23:40] Cleaning Agent found in c:\windows\ntzx.exe
[5/28/2005 19:23:44] Cleaning Agent found in c:\windows\sdkct32.exe
[5/28/2005 19:23:44] Cleaning Agent found in c:\windows\sdkde32.exe
[5/28/2005 19:23:44] Cleaning Agent found in c:\windows\sdkem32.exe
[5/28/2005 19:23:44] Cleaning Agent found in c:\windows\sdkev32.exe
[5/28/2005 19:23:44] Cleaning Agent found in c:\windows\sdkgj.exe
[5/28/2005 19:23:45] Cleaning Agent found in c:\windows\sdkjk.exe
[5/28/2005 19:23:45] Cleaning Agent found in c:\windows\sdkld32.exe
[5/28/2005 19:23:45] Cleaning Agent found in c:\windows\sdknx.exe
[5/28/2005 19:23:45] Cleaning Agent found in c:\windows\sdkqd.exe
[5/28/2005 19:23:45] Cleaning Agent found in c:\windows\sdkqs32.exe
[5/28/2005 19:23:45] Cleaning Agent found in c:\windows\sdkrp.exe
[5/28/2005 19:23:45] Cleaning Agent found in c:\windows\sdkse.exe
[5/28/2005 19:23:45] Cleaning Agent found in c:\windows\sdkto.exe
[5/28/2005 19:23:46] Cleaning Agent found in c:\windows\sdkvl.exe
[5/28/2005 19:23:46] Cleaning Agent found in c:\windows\sdkvw.exe
[5/28/2005 19:23:46] Cleaning Agent found in c:\windows\sdkwq32.exe
[5/28/2005 19:23:46] Cleaning Agent found in c:\windows\sdkxo32.exe
[5/28/2005 19:23:46] Cleaning Agent found in c:\windows\sdkzk.exe
[5/28/2005 19:23:46] Cleaning Agent found in c:\windows\sdkzx.exe
[5/28/2005 19:23:47] Cleaning Agent found in c:\windows\sysap.exe
[5/28/2005 19:23:47] Cleaning Agent found in c:\windows\syscb32.exe
[5/28/2005 19:23:47] Cleaning Agent found in c:\windows\syscn32.exe
[5/28/2005 19:23:47] Cleaning Agent found in c:\windows\sysew32.exe
[5/28/2005 19:23:48] Cleaning Agent found in c:\windows\sysfp32.exe
[5/28/2005 19:23:48] Cleaning Agent found in c:\windows\sysgq.exe
[5/28/2005 19:23:48] Cleaning Agent found in c:\windows\sysio.exe
[5/28/2005 19:23:48] Cleaning Agent found in c:\windows\sysjy.exe
[5/28/2005 19:23:48] Cleaning Agent found in c:\windows\syskq.exe
[5/28/2005 19:23:48] Cleaning Agent found in c:\windows\sysnu32.exe
[5/28/2005 19:23:48] Cleaning Agent found in c:\windows\syspy.exe
[5/28/2005 19:23:49] Cleaning Agent found in c:\windows\syssz.exe
[5/28/2005 19:23:49] Cleaning Agent found in c:\windows\system.ini
[5/28/2005 19:23:49] Cleaning Agent found in c:\windows\sysus32.exe
[5/28/2005 19:23:49] Cleaning Agent found in c:\windows\sysvt.exe
[5/28/2005 19:23:49] Cleaning Agent found in c:\windows\syswp.exe
[5/28/2005 19:23:49] Cleaning Agent found in c:\windows\sysxh.exe
[5/28/2005 19:23:49] Cleaning Agent found in c:\windows\sysyj.exe
[5/28/2005 19:23:49] Cleaning Agent found in c:\windows\syszc32.exe
[5/28/2005 19:23:52] Cleaning Agent found in c:\windows\winag32.exe
[5/28/2005 19:23:53] Cleaning Agent found in c:\windows\winbx32.exe
[5/28/2005 19:23:53] Cleaning Agent found in c:\windows\wincp.exe
[5/28/2005 19:23:53] Cleaning Agent found in c:\windows\wincv32.exe
[5/28/2005 19:23:53] Cleaning Agent found in c:\windows\winer32.exe
[5/28/2005 19:23:53] Cleaning Agent found in c:\windows\wingd32.exe
[5/28/2005 19:23:54] Cleaning Agent found in c:\windows\winja32.exe
[5/28/2005 19:23:54] Cleaning Agent found in c:\windows\winkl.exe
[5/28/2005 19:23:54] Cleaning Agent found in c:\windows\winkq32.exe
[5/28/2005 19:23:54] Cleaning Agent found in c:\windows\winni.exe
[5/28/2005 19:23:54] Cleaning Agent found in c:\windows\winns32.exe
[5/28/2005 19:23:55] Cleaning Agent found in c:\windows\winny32.exe
[5/28/2005 19:23:55] Cleaning Agent found in c:\windows\winpe32.exe
[5/28/2005 19:23:55] Cleaning Agent found in c:\windows\winpr32.exe
[5/28/2005 19:23:55] Cleaning Agent found in c:\windows\winqp.exe
[5/28/2005 19:23:55] Cleaning Agent found in c:\windows\winrv.exe
[5/28/2005 19:23:55] Cleaning Agent found in c:\windows\winsw32.exe
[5/28/2005 19:23:55] Cleaning Agent found in c:\windows\wintm32.exe
[5/28/2005 19:23:55] Cleaning Agent found in c:\windows\winun32.exe
[5/28/2005 19:23:55] Cleaning Agent found in c:\windows\winwb32.exe
[5/28/2005 19:23:56] Cleaning Agent found in c:\windows\winwu32.exe
[5/28/2005 19:23:56] Cleaning Agent found in c:\windows\winxf.exe
[5/28/2005 19:23:56] Cleaning Agent found in c:\windows\winzo.exe
[5/28/2005 22:27:45] *** Loading Options ***
[5/28/2005 22:27:45] *** Begin Session ***
[5/28/2005 22:27:45] System Is WindowsXP (5.1 (2600.Service Pack 2, v.2096))
[5/28/2005 22:27:45] The Cleaner Professional 4.1 BUILD 4252
[5/28/2005 22:27:45] Local Path: C:\Program Files\The Cleaner\
[5/28/2005 22:27:45] System Directory: C:\WINDOWS\system32\
[5/28/2005 22:27:45] Windows Directory: C:\WINDOWS\
[5/28/2005 22:27:54] Load Database
[5/28/2005 22:27:54] Loading database...
[5/28/2005 22:27:55] Ready.
[5/28/2005 22:27:55] PE = 1
[5/28/2005 22:27:55] Examining drives
[5/28/2005 22:27:55] C:\
[5/28/2005 22:27:55] D:\
[5/28/2005 22:27:57] Free space on drive C:\ = 15105404928.00 (14.07GB)
[5/28/2005 22:28:02] Scanning...
[5/28/2005 22:28:02] Beginning Scan
[5/28/2005 22:28:02] Scanning active memory...
[5/28/2005 22:28:03] Active memory scan complete.
[5/28/2005 22:28:03] Estimate byte count is 14892154880
[5/28/2005 22:28:03] Scanning Drive C
[5/28/2005 23:13:15] Final file count: 56962
[5/28/2005 23:13:15] Final byte count: 14892154880
[5/28/2005 23:13:15] Scan Complete
[5/28/2005 23:13:15] 56962 files scanned in 45m:11s @ 27.4 files/s
[5/28/2005 23:35:25] *** Loading Options ***

Does this mean that even the corporate edition of norton antivirus is useless?

Everything seems ok now, except that Internet explorer still opens up on its own upon start up..it didnt used to do this.

Thanks again,

Aalya :tazz:
  • 0

#5
loophole
Posted 28 May 2005 - 07:58 PM

loophole

    Malware Expert

  • Retired Staff
  • 9,798 posts
Hello Aayla

Please save Hijack This in a permanent folder (i.e. C:\HJT). This ensures backups are saved and accessible this line shows me its in a Temp directory
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX00.203\HijackThis.exe
It can not make backups from there which would be important if something goes wrong

Please go offline, close all browsers and any open Windows, making sure that only HijackThis is open. Scan and when it finishes, put an X in the boxes, only next to these following items, then click fix checked.

O4 - HKLM\..\Run: [iexplore.exe] C:\Program Files\Internet Explorer\iexplore.exe

Reboot and post a new log and tell me if this solves your problem
thanks
  • 0

#6
aalya
Posted 29 May 2005 - 08:46 AM

aalya

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Hello,

Thanks! Its done it. Here's the log:

Logfile of HijackThis v1.99.1
Scan saved at 15:40:22, on 5/29/2005
Platform: Windows XP SP2, v.2096 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2096)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\TOSHIBA\Power Management\CeEPwrSvc.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-gb\msnappau.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [CeEPOWER] C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
O4 - HKLM\..\Run: [CPLDBL10] C:\Program Files\EzButton\CPLDBL10.EXE
O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [CorelDRAW Graphics Suite 11b] C:\Program Files\Corel\Corel Graphics 12\Languages\EN\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=061305 serial=DR12WCX-1304237-CRS lang=EN
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [D-Link AirPlus XtremeG] C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-gb\msnappau.exe"
O4 - HKCU\..\Run: [pClamp80Installer] D:\SETUP.EXE
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.shockwave...aploader_v5.cab
O16 - DPF: {E13F1132-4CA0-4005-84D3-51406E27D269} (BTDownloadCtrl Control) - http://www.shockwave...ownloadCtrl.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ic.ac.uk
O17 - HKLM\Software\..\Telephony: DomainName = ic.ac.uk
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = ic.ac.uk
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = ic.ac.uk
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: CeEPwrSvc - COMPAL ELECTRONIC INC. - C:\Program Files\TOSHIBA\Power Management\CeEPwrSvc.exe
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe


Oops, I had hijack this on the desktop....didnt know that counted at temporary.
What would you recommend for regularly checking the computer? I dont really trust just the norton antivirus anymore.

Thanks for the help,

Aalya
  • 0

#7
loophole
Posted 29 May 2005 - 11:09 AM

loophole

    Malware Expert

  • Retired Staff
  • 9,798 posts
Hello aayla

Norton is fine as long as you keep it updated. I use norton (but dont tell anybody here that ;) ) theres always a small chance of infectios as new ones come out every day.If you wish to get a different one please read below. Its been a pleasure working with you Aalya :tazz:

Congratulations! Your system is CLEAN ;)

Here are some tips, to reduce the potential for spyware infection in the future, I strongly recommend installing the following applications:

Detect and Remove Programs:
  • How to use Ad-Aware to remove Spyware <= If you suspect that you have spyware installed on your computer, here are instructions on how to download, install and then use Ad-Aware.
  • How to use Spybot to remove Spyware <= If you suspect that you have spyware installed on your computer, here are instructions on how to download, install and then use Spybot. Similar to Ad-Aware, I strongly recommend both to catch most spyware.
Prevention Programs:
  • Spywareblaster <= SpywareBlaster will prevent spyware from being installed.
  • Spywareguard <= SpywareGuard offers realtime protection from spyware installation attempts.
  • IE/Spyad <= IE/Spyad places over 4000 websites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites.
  • MVPS Hosts file <= The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your coputer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer
  • Google Toolbar <= Get the free google toolbar to help stop pop up windows.
Other necessary Programs:
  • AntiVirus Program<= An AntiVirus program is a must! Whether it is a free version like AVG or Anti-Vir, or a shareware version like Norton or Kapersky, this is a must have.
  • Firewall<= A firewall is definatley a must have. Two good free versions are Sygate and ZoneLabs.
  • More Secure Browser<= Internet Explorer is not the most secure and best browser. There are safer and better alternatives available. I recommend Firefox, however Opera and SlimBrowsers are good as well.
And also see TonyKlein's good advice
So how did I get infected in the first place? and AntiSpyware Net's spyware article: Spyware, Adware, Malware: What it is, how it got on my computer, how to get rid of it, and how to prevent it.
  • 0

#8
loophole
Posted 31 May 2005 - 09:49 PM

loophole

    Malware Expert

  • Retired Staff
  • 9,798 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :tazz:

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP