Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Startsearches


  • This topic is locked This topic is locked

#1
Ove Mjelde

Ove Mjelde

    New Member

  • Member
  • Pip
  • 8 posts
I sincerely could do with some help. Startsearches have taken control over my IE and my computer has become very slow. I have tried several spam-removal programs with no success before I learned about you guys. The logfile of HijackThis follows. Thank you in advance.

Logfile of HijackThis v1.99.1
Scan saved at 19:21:59, on 26.05.2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\Programfiler\Fellesfiler\Symantec Shared\ccProxy.exe
C:\Programfiler\Norton Internet Security\ISSVC.exe
C:\WINNT\system32\svchost.exe
C:\Programfiler\Fellesfiler\Symantec Shared\SNDSrvc.exe
C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe
C:\Programfiler\Fellesfiler\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe
C:\WINNT\system32\spoolsv.exe
C:\Programfiler\Fellesfiler\Symantec Shared\DJSNETCN.exe
C:\WINNT\System32\svchost.exe
C:\Programfiler\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINNT\System32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Programfiler\Fellesfiler\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\wuauclt.exe
C:\WINNT\system32\Linksts.exe
C:\Programfiler\Real\RealPlayer\RealPlay.exe
C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe
C:\Programfiler\Microsoft AntiSpyware\gcasServ.exe
C:\Programfiler\FotoStation Easy\FotoStation Easy AutoLaunch.exe
C:\Programfiler\Microsoft AntiSpyware\gcasDtServ.exe
C:\Programfiler\Internet Explorer\iexplore.exe
C:\Programfiler\Internet Explorer\iexplore.exe
C:\unzipped\hijackthis_199\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Programfiler\Fellesfiler\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programfiler\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: VMHomepage Class - {FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFA} - C:\WINNT\system32\hp5206.tmp
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Programfiler\Fellesfiler\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programfiler\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [ISDN Monitor] Linksts.exe W 1024
O4 - HKLM\..\Run: [RealTray] C:\Programfiler\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\System32\NeroCheck.exe
O4 - HKLM\..\Run: [telenor] C:\Programfiler\Online\sad.exe
O4 - HKLM\..\Run: [ecc] C:\Programfiler\Telenor\ecc\ecc.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Programfiler\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Programfiler\Fellesfiler\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Programfiler\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\RunServices: [DJSNetCN] C:\Programfiler\Fellesfiler\Symantec Shared\DJSNETCN.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: FotoStation Easy AutoLaunch.lnk = C:\Programfiler\FotoStation Easy\FotoStation Easy AutoLaunch.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programfiler\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll
O9 - Extra button: Microsoft AntiSpyware helper - {DF42F9A6-6F78-4695-9578-8CEF0F87EACE} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {DF42F9A6-6F78-4695-9578-8CEF0F87EACE} - (no file) (HKCU)
O12 - Plugin for .scr: C:\Programfiler\Internet Explorer\PLUGINS\npqtplugin2.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....467&clcid=0x409
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec Licensing Detect Internet Connection (DJSNETCN) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\DJSNETCN.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Programfiler\Norton Internet Security\ISSVC.exe
O23 - Service: Norton AntiVirus Auto-Protect-tjeneste (navapsvc) - Symantec Corporation - C:\Programfiler\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Programfiler\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FELLES~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\CCPD-LC\symlcsvc.exe
  • 0

Advertisements


#2
Ove Mjelde

Ove Mjelde

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Since yesterday I have learned that I was supposed to go through the five preliminary steps in order to solve the problem on my own if possible. I am sorry that I did not realise this. However, I have now performed the tasks listed in those five steps. I should mention that i have a problem with the Ewido-scan. It keeps terminating itself after a short while. Since I still have the malware, I have installed the Windows Update SP1, as recomended. Unfortunately, my computer is still hardly working.
Please find below the most recent logfile of the HijackThis scan.
I would really appreciate any assistance you could give me. Thank you

ove

Logfile of HijackThis v1.99.1
Scan saved at 02:05:10, on 28.05.2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\Programfiler\Fellesfiler\Symantec Shared\ccProxy.exe
C:\Programfiler\Norton Internet Security\ISSVC.exe
C:\WINNT\system32\svchost.exe
C:\Programfiler\Fellesfiler\Symantec Shared\SNDSrvc.exe
C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe
C:\Programfiler\Fellesfiler\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe
C:\WINNT\system32\spoolsv.exe
C:\Programfiler\Fellesfiler\Symantec Shared\DJSNETCN.exe
C:\WINNT\System32\svchost.exe
C:\Programfiler\ewido\security suite\ewidoctrl.exe
C:\Programfiler\ewido\security suite\ewidoguard.exe
C:\Programfiler\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINNT\System32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\Explorer.EXE
C:\Programfiler\Fellesfiler\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\Linksts.exe
C:\Programfiler\Real\RealPlayer\RealPlay.exe
C:\Programfiler\Telenor\ecc\ecc.exe
C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe
C:\Programfiler\Microsoft AntiSpyware\gcasServ.exe
C:\Programfiler\Microsoft AntiSpyware\gcasDtServ.exe
C:\Programfiler\FotoStation Easy\FotoStation Easy AutoLaunch.exe
C:\unzipped\hijackthis_199\HijackThis.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Programfiler\Fellesfiler\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programfiler\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: VMHomepage Class - {FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFA} - C:\WINNT\system32\hp5206.tmp (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Programfiler\Fellesfiler\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programfiler\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [ISDN Monitor] Linksts.exe W 1024
O4 - HKLM\..\Run: [RealTray] C:\Programfiler\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\System32\NeroCheck.exe
O4 - HKLM\..\Run: [telenor] C:\Programfiler\Online\sad.exe
O4 - HKLM\..\Run: [ecc] C:\Programfiler\Telenor\ecc\ecc.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Programfiler\Fellesfiler\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Programfiler\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\RunServices: [DJSNetCN] C:\Programfiler\Fellesfiler\Symantec Shared\DJSNETCN.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: FotoStation Easy AutoLaunch.lnk = C:\Programfiler\FotoStation Easy\FotoStation Easy AutoLaunch.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programfiler\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll
O9 - Extra button: Microsoft AntiSpyware helper - {DF42F9A6-6F78-4695-9578-8CEF0F87EACE} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {DF42F9A6-6F78-4695-9578-8CEF0F87EACE} - (no file) (HKCU)
O12 - Plugin for .scr: C:\Programfiler\Internet Explorer\PLUGINS\npqtplugin2.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....467&clcid=0x409
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec Licensing Detect Internet Connection (DJSNETCN) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\DJSNETCN.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ewido security suite control - ewido networks - C:\Programfiler\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Programfiler\ewido\security suite\ewidoguard.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Programfiler\Norton Internet Security\ISSVC.exe
O23 - Service: Norton AntiVirus Auto-Protect-tjeneste (navapsvc) - Symantec Corporation - C:\Programfiler\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Programfiler\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FELLES~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\CCPD-LC\symlcsvc.exe
  • 0

#3
Guest_usetobe_*

Guest_usetobe_*
  • Guest
Hi Ove,

Lets see if we can get you cleaned.

You have the remnants of CWS infection by the looks of it so we will carry out the full procedure to remove it, just in case it's lurking about.

Please read this post completely, it may make it easier for you if you copy and paste this post to a new text document or print it for reference later.

This will likely be a few step process in removing the malware that has infected your system. I encourage you to stick with it and follow my directions as closely as possible so as to avoid complicating the problem further.

First we will need to download a few tools that will help us in the removal of your problem.

Download about:buster by RubbeRDuckY HERE
Download CWShredder Here.
Download SpSeHjfix Here.
Download and install CleanUp! Here

Set PC to show hidden files (click link if you do not know how)LINK

Save all of these files somewhere you will remember like to the Desktop.

Unzip SpSeHjfix to its own folder (ie c:\SpSeHjfix)

Run the CleanUp! installer. You dont need to do anything with it right now.

Update About:Buster
  • Unzip the contents of AboutBuster.zip and an AboutBuster directory will be created.
  • Navigate to the AboutBuster directory and double-click on AboutBuster.exe.
  • Click "OK" at the prompt with instructions.
  • Click "Update" and then "Check For Update" to begin the update process.
  • If any updates exist please download them by clicking "Download Update" then click the X to close that window.
  • Now close About:Buster
Update CWShredder
  • Open CWShredder and click I AGREE
  • Click Check For Update
  • Close CWShredder
Boot into Safe Mode:
Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.

Please run about:buster by RubbeRDuckY:
  • Click Start and then OK to allow AboutBuster to scan for Alternate Data Streams.
  • Click Yes to allow it to shutdown explorer.exe.
  • It will begin to check your computer for malicious files. If it asks if you would like to do a second pass, allow it to do so.
  • When it has finished, click Save Log. Make sure you save it as I may need a copy of it later.
  • Reboot your computer into safe mode again
Run about:buster again following the same instructions as above, this time without the restart at the end

Now run CWShredder. Click I Agree, then Fix and then Next, let it fix everything it asks about.

Now run SpSeHjfix. A log will be saved in the same folder that you put the exe into. Please post the results of that log in your next reply.

Warning Note: On a few occasions it has been reported that after using the SPSEHjfix you cannot open Internet Explorer. To fix this, go into Control Panel >Internet Options >Programs & press reset web settings, then you can set your home page to what you want on the general tab.

Now scan with HJT and check the following entries if they are there. Some may have been removed by earlier procedures.

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger
O2 - BHO: VMHomepage Class - {FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFA} - C:\WINNT\system32\hp5206.tmp (file missing)
O9 - Extra button: Microsoft AntiSpyware helper - {DF42F9A6-6F78-4695-9578-8CEF0F87EACE} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {DF42F9A6-6F78-4695-9578-8CEF0F87EACE} - (no file) (HKCU)


Ensure no windows open except HJT and click FIX CHECKED.

Now run CleanUp!. Click CleanUp and allow it to delete all the temporary files.

Now Please retry Ewido. click on the Scanner button, Select drives if you have more than one and then start.

grab a cup of coffee, sandwiches, book as this may take some time. Once the first problem is detected ensure you tick the box for all (bottom left) and allow it to continue.

At the end of the scan, it may ask if you would like to delete anything found in archive or zipped files, OK that request, then click on save report. SAVE to the default location, it will then generate a text file. Copy that to post in this thread. If it fails to run try it once more as it sometimes does this.

If it still fails to run try it in normal mode.

Reboot your computer into normal windows
.

Please run an on-line virus scan at Kaspersky OnLine Scan or if that doesnt work, you can use TrendMicro or BitDefender. (Please post the results of the scan(s) in your next reply)

Carry out another HJT scan and post the log back here, so we can sort out any remnants

Edited by usetobe, 28 May 2005 - 04:39 AM.

  • 0

#4
Ove Mjelde

Ove Mjelde

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Scanned at: 11:14:31 on: 29.05.2005

Hi usetobe!
I am sure glad you are out there. I have tried to follow your instructions minutely. It is quite a process as even a simple reboot seems to take forever.
I had to run Ewido in normal mode. I hope that is ok. Further I may have made a mistake with regard to the Kaspersky online scan. I deleted all listed infected files. Hence, there is no log. Do you want me to perform another scan?
Please find below all the logs which you asked for (except there is no Kaspersky log)
I am looking forward to your reply at your conveniance
regards
ove

-- Scan 1 ---------------------------
About:Buster Version 4.0
Reference List : 26

No ADS found on system
Attempted Clean Of Temp folder.
Pages Reset... Done!

-- Scan 2 ---------------------------
About:Buster Version 4.0
Reference List : 26

No ADS found on system
Attempted Clean Of Temp folder.
Pages Reset... Done!

(5.29.05 11:30:42) SPSeHjFix started v1.1.2
(5.29.05 11:30:42) OS: Win2000 Service Pack 4 (5.0.2195)
(5.29.05 11:30:42) Language: norsk (bokmål)
(5.29.05 11:30:42) Win-Path: C:\WINNT
(5.29.05 11:30:42) System-Path: C:\WINNT\system32
(5.29.05 11:30:42) Temp-Path: C:\DOCUME~1\ove\LOKALE~1\Temp\
(5.29.05 11:30:56) Disinfection started
(5.29.05 11:30:56) Bad-Dll(IEP): (not found)
(5.29.05 11:30:56) Bad-Dll(IEP) in BHO: (not found)
(5.29.05 11:30:56) UBF: 4 - UBB: 3 - UBR: 12
(5.29.05 11:30:56) UBF: 4 - UBB: 3 - UBR: 12
(5.29.05 11:30:56) Bad IE-pages: (none)
(5.29.05 11:30:56) Stealth-String not found
(5.29.05 11:30:56) Not infected->END

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 13:01:19, 29.05.2005
+ Report-Checksum: 373B364

+ Date of database: 29.05.2005
+ Version of scan engine: v3.0

+ Duration: 41 min
+ Scanned Files: 43693
+ Speed: 17.58 Files/Second
+ Infected files: 4
+ Removed files: 4
+ Files put in quarantine: 4
+ Files that could not be opened: 0
+ Files that could not be cleaned: 0

+ Binder: Yes
+ Crypter: Yes
+ Archives: Yes

+ Scanned items:
C:\

+ Scan result:
C:\WINNT\Downloaded Program Files\on-line.exe -> Dialer.Generic -> Cleaned with backup
C:\WINNT\system32\appsys.exe -> Spyware.Delf.am -> Cleaned with backup
C:\WINNT\system32\EGCOMSERVICE_1051.dll -> Dialer.Generic -> Cleaned with backup
C:\WINNT\system32\mssys.exe -> Spyware.Delf.am -> Cleaned with backup


::Report End

Logfile of HijackThis v1.99.1
Scan saved at 16:07:32, on 29.05.2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\Programfiler\Fellesfiler\Symantec Shared\ccProxy.exe
C:\Programfiler\Norton Internet Security\ISSVC.exe
C:\WINNT\system32\svchost.exe
C:\Programfiler\Fellesfiler\Symantec Shared\SNDSrvc.exe
C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe
C:\Programfiler\Fellesfiler\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe
C:\WINNT\system32\spoolsv.exe
C:\Programfiler\Fellesfiler\Symantec Shared\DJSNETCN.exe
C:\WINNT\System32\svchost.exe
C:\Programfiler\ewido\security suite\ewidoctrl.exe
C:\Programfiler\ewido\security suite\ewidoguard.exe
C:\Programfiler\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINNT\System32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Programfiler\Fellesfiler\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\Linksts.exe
C:\Programfiler\Real\RealPlayer\RealPlay.exe
C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe
C:\Programfiler\Microsoft AntiSpyware\gcasServ.exe
C:\Programfiler\FotoStation Easy\FotoStation Easy AutoLaunch.exe
C:\Programfiler\Microsoft AntiSpyware\gcasDtServ.exe
C:\Programfiler\JGsoft\EditPadPro\EditPadPro.exe
C:\unzipped\hijackthis_199\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Programfiler\Fellesfiler\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programfiler\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: VMHomepage Class - {FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFA} - C:\WINNT\system32\hp5206.tmp (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Programfiler\Fellesfiler\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programfiler\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [ISDN Monitor] Linksts.exe W 1024
O4 - HKLM\..\Run: [RealTray] C:\Programfiler\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\System32\NeroCheck.exe
O4 - HKLM\..\Run: [telenor] C:\Programfiler\Online\sad.exe
O4 - HKLM\..\Run: [ecc] C:\Programfiler\Telenor\ecc\ecc.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Programfiler\Fellesfiler\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Programfiler\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\RunServices: [DJSNetCN] C:\Programfiler\Fellesfiler\Symantec Shared\DJSNETCN.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: FotoStation Easy AutoLaunch.lnk = C:\Programfiler\FotoStation Easy\FotoStation Easy AutoLaunch.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programfiler\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll
O9 - Extra button: Microsoft AntiSpyware helper - {DF42F9A6-6F78-4695-9578-8CEF0F87EACE} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {DF42F9A6-6F78-4695-9578-8CEF0F87EACE} - (no file) (HKCU)
O12 - Plugin for .scr: C:\Programfiler\Internet Explorer\PLUGINS\npqtplugin2.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.../kavwebscan.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....467&clcid=0x409
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec Licensing Detect Internet Connection (DJSNETCN) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\DJSNETCN.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ewido security suite control - ewido networks - C:\Programfiler\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Programfiler\ewido\security suite\ewidoguard.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Programfiler\Norton Internet Security\ISSVC.exe
O23 - Service: Norton AntiVirus Auto-Protect-tjeneste (navapsvc) - Symantec Corporation - C:\Programfiler\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Programfiler\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FELLES~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\CCPD-LC\symlcsvc.exe
  • 0

#5
Guest_usetobe_*

Guest_usetobe_*
  • Guest
Hi Ove,

Looking better, but we still have some work to do.

First pleae uninstall microsoft antispyware as it can interfere with this next part. We can install it back again once you are clean.

Next reboot PC into SAFE MODE

Scan with HJT and check the following entries;

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
O2 - BHO: VMHomepage Class - {FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFA} - C:\WINNT\system32\hp5206.tmp (file missing)
O9 - Extra button: Microsoft AntiSpyware helper - {DF42F9A6-6F78-4695-9578-8CEF0F87EACE} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {DF42F9A6-6F78-4695-9578-8CEF0F87EACE} - (no file) (HKCU)


Ensure no windows open except HJT and click FIX CHECKED

Make sure PC is still set to show hidden files and using windows explorer delete the following

C:\WINDOWS\system32\blank.htm

Reboot PC normally, rescan with HJT and post the log back
  • 0

#6
Ove Mjelde

Ove Mjelde

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Hi usetobe
Thank you for your quick response. I have followed your instructions. However, I do not seem to have a C:\windows file at all any more??? Please advice. Logfile of HJT follows. Thank you
ove


Logfile of HijackThis v1.99.1
Scan saved at 22:32:25, on 29.05.2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\Programfiler\Fellesfiler\Symantec Shared\ccProxy.exe
C:\Programfiler\Norton Internet Security\ISSVC.exe
C:\WINNT\system32\svchost.exe
C:\Programfiler\Fellesfiler\Symantec Shared\SNDSrvc.exe
C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe
C:\Programfiler\Fellesfiler\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe
C:\WINNT\system32\spoolsv.exe
C:\Programfiler\Fellesfiler\Symantec Shared\DJSNETCN.exe
C:\WINNT\System32\svchost.exe
C:\Programfiler\ewido\security suite\ewidoctrl.exe
C:\Programfiler\ewido\security suite\ewidoguard.exe
C:\Programfiler\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Programfiler\Fellesfiler\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\Linksts.exe
C:\Programfiler\Real\RealPlayer\RealPlay.exe
C:\Programfiler\Telenor\ecc\ecc.exe
C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe
C:\Programfiler\FotoStation Easy\FotoStation Easy AutoLaunch.exe
C:\unzipped\hijackthis_199\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Programfiler\Fellesfiler\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programfiler\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Programfiler\Fellesfiler\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programfiler\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [ISDN Monitor] Linksts.exe W 1024
O4 - HKLM\..\Run: [RealTray] C:\Programfiler\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\System32\NeroCheck.exe
O4 - HKLM\..\Run: [telenor] C:\Programfiler\Online\sad.exe
O4 - HKLM\..\Run: [ecc] C:\Programfiler\Telenor\ecc\ecc.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Programfiler\Fellesfiler\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\RunServices: [DJSNetCN] C:\Programfiler\Fellesfiler\Symantec Shared\DJSNETCN.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: FotoStation Easy AutoLaunch.lnk = C:\Programfiler\FotoStation Easy\FotoStation Easy AutoLaunch.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programfiler\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll
O12 - Plugin for .scr: C:\Programfiler\Internet Explorer\PLUGINS\npqtplugin2.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.../kavwebscan.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....467&clcid=0x409
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec Licensing Detect Internet Connection (DJSNETCN) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\DJSNETCN.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ewido security suite control - ewido networks -
Hi usetobe
I have followed your instructions. However, I do not seem to have any C:\WINDOWS file at all any longer??? so I have not been able to delete C:\WINDOWS\system32\blank.htm. Please advice. HJT log follows. Thank you for your quick response.
ove

C:\Programfiler\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Programfiler\ewido\security suite\ewidoguard.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Programfiler\Norton Internet Security\ISSVC.exe
O23 - Service: Norton AntiVirus Auto-Protect-tjeneste (navapsvc) - Symantec Corporation - C:\Programfiler\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Programfiler\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FELLES~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\CCPD-LC\symlcsvc.exe

Edited by Ove Mjelde, 29 May 2005 - 02:38 PM.

  • 0

#7
Guest_usetobe_*

Guest_usetobe_*
  • Guest
Hi Ove,

We will try this first.

Double click on my computer, then double click on C drive

Scroll down to windows and then right click windows

then click properties

is there a tick in the hidden box?
  • 0

#8
Ove Mjelde

Ove Mjelde

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Hi usetobe
I am afraid I do not have C:\WINDOWS at all. Could it be C:\WINNT on my computer? If so, there is C:\WINNT\system32. I have gone through this one and cannot find any -- \blank.htm. I have checked that there is no tick in the "hidden" box. I am sorry. I am at a loss here.
By the way, there were some strange files under C:\WINNT\system 32. They looked like somthing to do with [bleep]. They were called "uninstall". I tried to double click one and Norton Security came on and said this file were trying to access internet and recommended me to block. After that I deleted them. Was that ok?
Please advice Thanks
ove
  • 0

#9
Guest_usetobe_*

Guest_usetobe_*
  • Guest
Hi Ove,,

Of course you are 2000 and not XP. Doh!

With regards the files you deleted, without knowing the file name, i couldn't comment, many installation files need to access the internet to install the required componants. The fact that none of our scans detected them, leads me to think that they were not malicious.

However i do have good news for you, from your last HJT lOG,

From your log, I see nothing in the ways of trojans, nor any evil entities attempting to possess your computer, except for Windows but it's too late for that one. :tazz:

Congratulations your log now appears to be clean. ;)

Here are some tips, to reduce the potential for spyware infection in the future, I strongly recommend installing the following applications:

Detect and Remove Programs:
  • How to use Ad-Aware to remove Spyware <= If you suspect that you have spyware installed on your computer, here are instructions on how to download, install and then use Ad-Aware.
  • How to use Spybot to remove Spyware <= If you suspect that you have spyware installed on your computer, here are instructions on how to download, install and then use Spybot. Similar to Ad-Aware, I strongly recommend both to catch most spyware.
Prevention Programs:
  • Spywareblaster <= SpywareBlaster will prevent spyware from being installed.
  • Spywareguard <= SpywareGuard offers realtime protection from spyware installation attempts.
  • IE/Spyad <= IE/Spyad places over 4000 websites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites.
  • MVPS Hosts file <= The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your coputer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer
  • Google Toolbar <= Get the free google toolbar to help stop pop up windows.
Other necessary Programs:
  • AntiVirus Program<= An AntiVirus program is a must! Whether it is a free version like AVG or Anti-Vir, or a shareware version like Norton or Kapersky, this is a must have.
  • Firewall<= A firewall is definatley a must have. Two good free versions are Sygate and ZoneLabs.
  • More Secure Browser<= Internet Explorer is not the most secure and best browser. There are safer and better alternatives available. I recommend Firefox, however Opera and SlimBrowsers are good as well.
And also see TonyKlein's good advice
So how did I get infected in the first place? and AntiSpyware Net's spyware article: Spyware, Adware, Malware: What it is, how it got on my computer, how to get rid of it, and how to prevent it.
  • 0

#10
Ove Mjelde

Ove Mjelde

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Hi usetobe.
This is very good news indeed! You are the best!!
I need some time to go through your recommendations in order to prevent this to happen again. I will get back to you in a day or two, also adding a financial compensation for your excellent assistance.
My computer is still very slow in starting up and IE is also very slow in starting up.
I do not know if you have any ideas in this regard. I will certainly look into installing another browser. At this point I am not quite certain how to do this, whether it has concequences for my e-mail etc.
Thanks again.
ove
  • 0

#11
Guest_usetobe_*

Guest_usetobe_*
  • Guest
Hi Ove,

THere are several things we can do to see if we can speed up your PC, if you would like further advice.

With regards to installing a new browser, i can assure you that you would still be able to do everything with a different one that you are able to do now with Internet Explorer, only more secure :tazz:
  • 0

#12
Ove Mjelde

Ove Mjelde

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Hi usetobe,
I have had a computer break-down here so I have been unable to communicate for a while. Anyway, you helped me get rid of the malware. Thanks again.
ove
  • 0

#13
Guest_usetobe_*

Guest_usetobe_*
  • Guest
Hi Ove,

Many thanks for your reply, are your problems now resolved, or can i assist you any further?
  • 0

#14
Ove Mjelde

Ove Mjelde

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Hi usetobe,
At this stage it looks ok. I had to upgrade my computer as Northon security package, which I have choosen, took too much of the available RAM. Thanks for your assistance. Bye for now
ove
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP