Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

My Hijack Log - can someone please review[RESOLVED]

Started by pors , Jun 07 2005 10:26 PM

  • This topic is locked This topic is locked

#1
pors
Posted 07 June 2005 - 10:26 PM

pors

    Member

  • Member
  • PipPip
  • 16 posts
Been having loads of problems - have had to reinstall operating system two times within the last two weeks. Still not working correctly. Here's my log:

Logfile of HijackThis v1.99.1
Scan saved at 11:13:49 PM, on 6/7/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\SYSTEM32\USRmlnkA.exe
C:\WINDOWS\SYSTEM32\USRshutA.exe
C:\WINDOWS\SYSTEM32\USRmlnkA.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HJT\HijackThis.exe

F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [USRpdA] C:\WINDOWS\SYSTEM32\USRmlnkA.exe RunServices \Device\3cpipe-USRpdA
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [wifvwpt] C:\WINDOWS\System32\wifvwpt.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O15 - Trusted Zone: http://www.neededware.com
O16 - DPF: Yahoo! Gin - http://download.game...nts/y/nt1_x.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe

Thanks for your help.
  • 0

Advertisements

#2
JasMonkey
Posted 08 June 2005 - 12:28 AM

JasMonkey

    Member

  • Member
  • PipPipPip
  • 264 posts
Hi pors,


Please download the trial version of Ewido Security Suite here:
http://www.ewido.net/en/download/
Install it, and update the definitions to the newest files. Do NOT run a scan yet.

Please download Nailfix from here:
http://www.noidea.us...050515010747824
Unzip it to the desktop but please do NOT run it yet.

Next, please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.

For additional help in booting into Safe Mode, see the following site:
http://www.pchell.co.../safemode.shtml


Once in Safe Mode, please double-click on Nailfix.cmd. Your desktop and icons will disappear and reappear, and a window should open and close very quickly --- this is normal.

Then please run Ewido, and run a full scan. Save the logfile from the scan.

Next please run HijackThis, click Scan, and check:

F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe

Close all open windows except for HijackThis and click Fix Checked.

Restart your computer in normal mode and please post a new HijackThis log, as well as the log from the Ewido scan.
  • 0

#3
pors
Posted 08 June 2005 - 03:52 PM

pors

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
Okay - I downloaded Ewido and Nailfix and here's the results:
I ran Ewido and here's the scan log:

ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 4:39:28 PM, 6/8/2005
+ Report-Checksum: 61BCCD49

+ Date of database: 6/8/2005
+ Version of scan engine: v3.0

+ Duration: 84 min
+ Scanned Files: 89238
+ Speed: 17.55 Files/Second
+ Infected files: 73
+ Removed files: 73
+ Files put in quarantine: 73
+ Files that could not be opened: 0
+ Files that could not be cleaned: 0

+ Binder: Yes
+ Crypter: Yes
+ Archives: Yes

+ Scanned items:
C:\

+ Scan result:
C:\Documents and Settings\Georgia\Cookies\georgia@46672343[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Georgia\Cookies\georgia@adknowledge[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Georgia\Cookies\[email protected][1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Georgia\Cookies\georgia@burstnet[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Georgia\Cookies\georgia@com[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Georgia\Cookies\georgia@geocities[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Georgia\Cookies\[email protected][1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Georgia\Cookies\[email protected][2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Georgia\Cookies\[email protected][2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Georgia\Cookies\georgia@xiti[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Georgia\Desktop\OregonTrail-dm.exe -> Spyware.Trymedia.a -> Cleaned with backup
C:\Documents and Settings\Georgia.HOME-44BVAB40ED\Cookies\[email protected][2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Georgia.HOME-44BVAB40ED\Cookies\georgia@adknowledge[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Georgia.HOME-44BVAB40ED\Cookies\georgia@advertising[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Georgia.HOME-44BVAB40ED\Cookies\georgia@atdmt[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Georgia.HOME-44BVAB40ED\Cookies\georgia@bannerspace[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Georgia.HOME-44BVAB40ED\Cookies\georgia@Bazooka-Adware-and-Spyware-Scanner[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Georgia.HOME-44BVAB40ED\Cookies\georgia@burstnet[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Georgia.HOME-44BVAB40ED\Cookies\georgia@com[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Georgia.HOME-44BVAB40ED\Cookies\georgia@doubleclick[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Georgia.HOME-44BVAB40ED\Cookies\georgia@fastclick[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Georgia.HOME-44BVAB40ED\Cookies\georgia@geocities[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Georgia.HOME-44BVAB40ED\Cookies\georgia@mediaplex[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Georgia.HOME-44BVAB40ED\Cookies\[email protected][2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Georgia.HOME-44BVAB40ED\Cookies\georgia@targetnet[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Georgia.HOME-44BVAB40ED\Cookies\georgia@tradedoubler[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Georgia.HOME-44BVAB40ED\Cookies\georgia@tribalfusion[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Georgia.HOME-44BVAB40ED\Cookies\[email protected][2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Georgia.HOME-44BVAB40ED\Cookies\[email protected][1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Georgia.HOME-44BVAB40ED\Cookies\georgia@zedo[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Georgia.HOME-44BVAB40ED\installer_MARKETING35.exe -> TrojanDownloader.Adload.a -> Cleaned with backup
C:\Documents and Settings\Georgia.HOME-44BVAB40ED\Local Settings\Temporary Internet Files\Content.IE5\OAA5QBT0\Setup[1].exe -> TrojanDownloader.Lastad.h -> Cleaned with backup
C:\Documents and Settings\Owner.HOME-D2NXQ7ZRIT\Local Settings\Temp\2.qtdfmp -> Not-A-Virus.Hoax.Renos.a -> Cleaned with backup
C:\Documents and Settings\Owner.HOME-D2NXQ7ZRIT\Local Settings\Temp\5.qtdfmp -> TrojanDownloader.Small.ayc -> Cleaned with backup
C:\Documents and Settings\Owner.HOME-D2NXQ7ZRIT\Local Settings\Temp\6.qtdfmp -> TrojanDownloader.Small.aux -> Cleaned with backup
C:\Documents and Settings\Owner.HOME-D2NXQ7ZRIT\Local Settings\Temp\FRV\aurareco.exe -> Spyware.BetterInternet.f -> Cleaned with backup
C:\Documents and Settings\Owner.HOME-D2NXQ7ZRIT\Local Settings\Temp\maxdd.game -> Dialer.Generic -> Cleaned with backup
C:\Documents and Settings\Owner.HOME-D2NXQ7ZRIT\Local Settings\Temp\vx2.game -> Backdoor.Agent.iw -> Cleaned with backup
C:\Program Files\Internet Explorer\sgjnnieg.exe -> TrojanDownloader.Small.vn -> Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\03D56AEB-BAB7-408D-8589-280C2F\813497D1-5551-4C9C-9C7B-E9B3C1 -> Trojan.Pakes -> Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\03D56AEB-BAB7-408D-8589-280C2F\9861334E-D38C-439B-910C-429EEB -> Trojan.Pakes -> Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\3003CB57-3CA0-4034-B638-8B4D97\AB69292D-9629-4CF5-8482-A98FF8 -> Spyware.Azesearch -> Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\3003CB57-3CA0-4034-B638-8B4D97\DE01089C-9228-4EDF-B03C-88FA33 -> Spyware.Azesearch.b -> Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\65A7F329-D892-4CE1-9BDD-EDD0EC\4F2E0BC0-BBC0-457A-921E-2EF0DD -> TrojanDownloader.Agent.jq -> Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\694810B5-D29D-4A92-AE33-5C5307\77BFB99B-614A-48DF-9D7C-138D52 -> Trojan.Pakes -> Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\694810B5-D29D-4A92-AE33-5C5307\7D6A8F9D-EDF0-4E1E-85F1-A4B806 -> Trojan.Pakes -> Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\81948EFC-974D-43CF-A735-579EFE\0554B06E-CD0E-44AF-9907-9064DE -> Trojan.Pakes -> Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\81948EFC-974D-43CF-A735-579EFE\995F8D03-DEF7-4AC4-BB94-DF26E9 -> Trojan.Pakes -> Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\829ADB8B-7FC8-4CF5-A759-4E002C\D844714C-53BD-40B9-9B48-C5C12F -> Spyware.BargainBuddy -> Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\829ADB8B-7FC8-4CF5-A759-4E002C\EE2100D4-70E4-4E5B-B6E4-DA696E -> Spyware.BargainBuddy.n -> Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\93235C5E-3C05-4B6C-8438-5618C0\986A7523-E677-45EB-B787-733868 -> Trojan.Pakes -> Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\93235C5E-3C05-4B6C-8438-5618C0\BACCBF08-B986-4DE8-9B4C-AE9479 -> Trojan.Pakes -> Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\9ECF7B5C-626D-49CD-B547-C05CA4\00F0D7F9-90D3-438A-996C-657006 -> Trojan.Pakes -> Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\9ECF7B5C-626D-49CD-B547-C05CA4\DD9D91F2-26FA-4080-BFF5-38BBCB -> Trojan.Pakes -> Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\B5FF8198-34FB-47DF-BF1A-7DFF17\9305CB84-F05B-405F-9DA3-9E9915 -> Trojan.Pakes -> Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\B5FF8198-34FB-47DF-BF1A-7DFF17\EC670ADE-5A13-4009-A56D-AEC567 -> Trojan.Pakes -> Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\BC434FB4-39EC-4C46-9DFA-0DFF44\19ADFBD4-4117-4E9A-ACCE-B3AA20 -> Trojan.Pakes -> Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\BC434FB4-39EC-4C46-9DFA-0DFF44\9BBA9EC6-1CE9-4731-B818-172880 -> Trojan.Pakes -> Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\DC76FD55-45D7-49F3-A847-B8F378\7ABEED61-D884-4BC6-8381-DC583D -> Trojan.Pakes -> Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\DC76FD55-45D7-49F3-A847-B8F378\A2DB503F-2BED-4254-86D8-E5B14F -> Trojan.Pakes -> Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\ED582C43-E92B-4C62-A269-8AF5AA\7930B291-4EBC-450B-AB45-E935D1 -> Trojan.Pakes -> Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\ED582C43-E92B-4C62-A269-8AF5AA\AAE64327-4026-4ED7-B802-DA2B9E -> Trojan.Pakes -> Cleaned with backup
C:\System Volume Information\_restore{14DDB7A4-A174-40C2-BAE4-B0368E6258B6}\RP10\A0000490.exe -> Spyware.BetterInternet -> Cleaned with backup
C:\System Volume Information\_restore{14DDB7A4-A174-40C2-BAE4-B0368E6258B6}\RP12\A0000494.exe -> Trojan.Nail -> Cleaned with backup
C:\System Volume Information\_restore{14DDB7A4-A174-40C2-BAE4-B0368E6258B6}\RP20\A0000550.exe -> Trojan.Nail -> Cleaned with backup
C:\System Volume Information\_restore{14DDB7A4-A174-40C2-BAE4-B0368E6258B6}\RP21\A0000598.dll -> Spyware.Winsta -> Cleaned with backup
C:\System Volume Information\_restore{14DDB7A4-A174-40C2-BAE4-B0368E6258B6}\RP21\A0000606.exe -> Trojan.Nail -> Cleaned with backup
C:\WINDOWS\Downloaded Program Files\EPXActiveX.ocx -> Spyware.Winsta -> Cleaned with backup
C:\WINDOWS\SYSTEM32\bbchk.exe -> Spyware.Bargainbuddy -> Cleaned with backup
C:\WINDOWS\SYSTEM32\exclean.exe -> Spyware.BargainBuddy -> Cleaned with backup
C:\WINDOWS\SYSTEM32\wifvwpt.exe -> TrojanDownloader.Lastad.h -> Cleaned with backup
C:\WINDOWS\SYSTEM32\wifvwptndw30104lib.dll -> TrojanDownloader.Lastad.h -> Cleaned with backup
C:\WINDOWS\SYSTEM32\WinStat11.dll -> Spyware.Winsta -> Cleaned with backup


::Report End

and here's the new Hijack log:

Logfile of HijackThis v1.99.1
Scan saved at 4:40:07 PM, on 6/8/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
C:\HJT\HijackThis.exe

F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [USRpdA] C:\WINDOWS\SYSTEM32\USRmlnkA.exe RunServices \Device\3cpipe-USRpdA
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\RunOnce: [MicrosoftAntiSpywareCleaner] C:\Program Files\Microsoft AntiSpyware\gcASCleaner.exe
O15 - Trusted Zone: http://www.neededware.com
O16 - DPF: Yahoo! Gin - http://download.game...nts/y/nt1_x.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe


How does it look? Also, any recommendations on what I should have on my system to keep it clean? Thank you.
  • 0

#4
JasMonkey
Posted 08 June 2005 - 04:12 PM

JasMonkey

    Member

  • Member
  • PipPipPip
  • 264 posts
Hi Pors,

First,
Please download "Del Domain" from here

Download it to your desktop or somewhere you will find it. Extract the .inf file from the .zip file you just downloaded. Now right click "Deldomains.inf" and click "Install". It will not appear to have done anything, thats ok.


Second,
Please go offline, close all browsers and any open Windows, making sure that only HijackThis is open. Scan and when it finishes, put a check in the boxes, only next to these following items, then click fix checked.


F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)


Reboot your PC.

If you would please, rescan with HijackThis and post a fresh log in this same topic, and let us know how your system's working. :tazz:
  • 0

#5
pors
Posted 08 June 2005 - 04:31 PM

pors

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
Okay, did the above and here's the latest Hijack log:

Logfile of HijackThis v1.99.1
Scan saved at 5:27:03 PM, on 6/8/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\WINDOWS\SYSTEM32\USRmlnkA.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\SYSTEM32\USRshutA.exe
C:\WINDOWS\SYSTEM32\USRmlnkA.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\HJT\HijackThis.exe

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [USRpdA] C:\WINDOWS\SYSTEM32\USRmlnkA.exe RunServices \Device\3cpipe-USRpdA
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O16 - DPF: Yahoo! Gin - http://download.game...nts/y/nt1_x.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe

Am I good to go? Thanks for all your help.
  • 0

#6
JasMonkey
Posted 08 June 2005 - 04:47 PM

JasMonkey

    Member

  • Member
  • PipPipPip
  • 264 posts
Hi pors,

How is your computer running now??

Please clean out your restore points, here is how to do that:

To reset your restore points, please note that you will need to log into your computer with an account which has full administrator access. You will know if the account has administrator access because you will be able to see the System Restore tab. If the tab is missing, you are logged in under a limited account.

(Windows XP)
1. Turn off System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

2. Reboot.

3. Turn ON System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK.

How to Turn On and Turn Off System Restore in Windows XP
http://support.micro...kb;en-us;310405

Congratulations! Your system is CLEAN :tazz:

The following is a list of tools and utilities that I like to suggest to people. This list is full of great tools and utilities to help you understand how you got infected and how to keep from getting infected again.
  • Spybot Search & Destroy - Uber powerful tool which can search and annhilate nasties that make it onto your system. Now with an Immunize section that will help prevent future infections.
  • AdAware - Another very powerful tool which searches and kills nasties that infect your system. AdAware and Spybot Search & Destroy compliment each other very well.
  • SpywareBlaster - Great prevention tool to keep nasties from installing on your system.
  • SpywareGuard - Works as a Spyware "Shield" to protect your computer from getting malware in the first place.
  • IE-SpyAd - puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.
  • CleanUP! - Cleans temporary files from IE and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out those nasties that like to reside in the temp folders.
  • Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.
  • Google Toolbar - Free google toolbar that allows you to use the powerful Google search engine from the bar, but also blocks pop up windows.
  • Trillian or Miranda-IM - These are Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN)
To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Tony Klein
  • 0

#7
pors
Posted 08 June 2005 - 05:53 PM

pors

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
Thank you very much for all your help. My computer seems to be running very smoothly and quickly now. I have taken your advice and downloaded lots of prevention for my computer so hopefully I will not have this problem again. :tazz:
  • 0

#8
JasMonkey
Posted 08 June 2005 - 05:57 PM

JasMonkey

    Member

  • Member
  • PipPipPip
  • 264 posts
You're Welcome, glad to help. :tazz:
  • 0

#9
JasMonkey
Posted 08 June 2005 - 05:58 PM

JasMonkey

    Member

  • Member
  • PipPipPip
  • 264 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :tazz:

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP