Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Malicious Software detected on my PC-resolved


  • This topic is locked This topic is locked

#1
suman_m

suman_m

    New Member

  • Member
  • Pip
  • 6 posts
I try to loginto my office network from home using RAS but always fail to do so because the Malware scan run during login detects Malicious software. The log file indicates that it is to do with iexplore.exe and explorer.exe

I have tried to get rid of malware by followng the suggested steps:
-show hidden and system files
-removing temp anmd internet files
-disabling non-microsoft services
-booting into safe mode with networking
-Running adware, cwshredder, sybbot and ViruScan

But still not all malware is removed, and the ones that are removed, reappear again. I noticed that I always have a blue tool bar at the bottom of Internet explorer with words Casino, mortgage, Travel, Music etc

Anyway, I have just run HiJackThis. The contents of the log is pasted below. Please advise what to do next. Thanks


Logfile of HijackThis v1.99.1
Scan saved at 20:32:03, on 02/08/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\savedump.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Common Files\Citianywhere\CAPing.exe
C:\Program Files\Citianywhere\CA\IPInsight\IPClient.exe
C:\Program Files\Citianywhere\CA\IPInsight\IPMon32.exe
C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\MSI\PC Alert III\alert.exe
C:\Palm\HOTSYNC.EXE
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Citianywhere\CA\IPInsight\IPClient.exe
C:\WINDOWS\system32\wuauclt.exe
C:\My Shared Folder\HijackThis.exe

Edited by coachwife6, 22 August 2005 - 10:39 PM.

  • 0

Advertisements


#2
coachwife6

coachwife6

    SuperStar

  • Retired Staff
  • 11,413 posts
Sorry you were missed the first go-round. :)

Can you run hijack this again and post a new log in this thread? Please include the entire contents of the log. The bottom half is missing. :tazz:
  • 0

#3
suman_m

suman_m

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
I have rerun HiJackThis again. Here is the contents of the log. Cheers.

Logfile of HijackThis v1.99.1
Scan saved at 21:36:23, on 18/08/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Common Files\Citianywhere\CAPing.exe
C:\Program Files\Citianywhere\CA\IPInsight\IPClient.exe
C:\Program Files\Citianywhere\CA\IPInsight\IPMon32.exe
C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\MSI\PC Alert III\alert.exe
C:\Palm\HOTSYNC.EXE
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Citianywhere\CA\IPInsight\IPClient.exe
C:\My Shared Folder\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.oluhokwzn...KkUS3Z/GyIu.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
O1 - Hosts: 66.159.20.51 astalavista.box.sk
O2 - BHO: (no name) - {9C0AC681-88FE-C2A7-C0EB-8890385FEFFF} - C:\DOCUME~1\Rumana\APPLIC~1\DartEnc\EachCamp.exe (file missing)
O2 - BHO: (no name) - {C7C93327-1520-C6FF-96D2-9376FC8A7733} - C:\DOCUME~1\Arman\APPLIC~1\DartEnc\FLAP CASH.exe
O3 - Toolbar: (no name) - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - (no file)
O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [CAPing] C:\Program Files\Common Files\Citianywhere\CAPing.exe
O4 - HKLM\..\Run: [IPInSightLAN 01] "C:\Program Files\Citianywhere\CA\IPInsight\IPClient.exe" -l
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\Citianywhere\CA\IPInsight\IPMon32.exe"
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [Amen Noun Great Four] C:\Documents and Settings\All Users\Application Data\Mapi Sign Amen Noun\KEEPBIAS.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [Proxy name default tray] C:\Documents and Settings\All Users\Application Data\Exit Dead Proxy Name\Ace Platform.exe
O4 - HKLM\..\RunServices: [AccessRampLAN 01] C:\SSBRLA\Insight\ArUpld32.exe
O4 - HKLM\..\RunServices: [AccessRampMonitor 01] C:\SSBRLA\Insight\ArMon32a.exe
O4 - HKLM\..\RunServices: [RunAlert] C:\Program Files\MSI\PC Alert III\AService.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Safeworld] C:\Program Files\Safeworld Software\Safeworld\Freedom.exe
O4 - HKCU\..\Run: [SaveStart] C:\DOCUME~1\Arman\APPLIC~1\STOPME~1\softwareonelove.exe
O4 - Startup: HotSync Manager.lnk = C:\Palm\HOTSYNC.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: PC Alert III.lnk = C:\Program Files\MSI\PC Alert III\alert.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://dbrasweb.db.com
O15 - Trusted Zone: *.db.com
O16 - DPF: {3BA494B1-D507-4C11-9BDA-D47E1A65DFCF} (Confidence Online Enterprise Edition) - https://dbrasweb-hh1...db.com,CT=java
O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - https://dbrasweb-hh1...db.com,CT=java
O16 - DPF: {4CC35DAD-40EA-4640-ACC2-A1A3B6FB3E06} (NeoterisSetup Control) - https://dbrasweb-hh1...oterisSetup.cab
O16 - DPF: {5EA3D7B3-2612-4335-8459-2B519477C054} (Motivus ERA LiveEdit ActiveX) - https://dbrasweb-wh1...om,SSL,CT=java
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1098654799265
O16 - DPF: {8E28B3A9-FE83-45D1-B657-D5426B81A121} (CustomerCtrl Class) - http://cs7b.instants...erxsigned33.cab
O16 - DPF: {C3FDA8CE-9414-4E33-AC6B-4922922259A5} - http://www.jambalala.com/movies2.exe
O16 - DPF: {F57D17AE-CE37-4BC8-B232-EA57747BE5E7} - http://66.230.146.33/EPlugin.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5F873BA2-5246-4B08-ADA4-3D45918D7FEA}: NameServer = 194.72.9.44 194.74.65.86
O17 - HKLM\System\CS1\Services\Tcpip\..\{5F873BA2-5246-4B08-ADA4-3D45918D7FEA}: NameServer = 194.72.9.44 194.74.65.86
O23 - Service: Visual IP InSight Client (CitiGroup-WWDS) (InverseLaunchIPI_CitiGroup:WWDS) - Unknown owner - C:\ssbrla\insight\LaunchIPI.exe (file missing)
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
  • 0

#4
coachwife6

coachwife6

    SuperStar

  • Retired Staff
  • 11,413 posts
Is this your ISP?

role: BTnet Support
address: 154 St Albans Rd
address: Sandridge
address: St Albans
address: Hertfordshire
address: AL4 9NH
address: GB
  • 0

#5
coachwife6

coachwife6

    SuperStar

  • Retired Staff
  • 11,413 posts
Please download spyware blaster

Spywareblaster <= SpywareBlaster will prevent spyware from being installed.

Update it and install it. It runs constantly in the background.

Please download CleanUp! - Download - HomePage
Install and run.

Don't run it yet.

There are quite a few programs available that offer protection features to help keep a computer from getting infected. While this is normally a helpful feature, it can keep a victim from making the changes necessary to clean their comptuer. Please read the following and uninstall or disable those that apply to your machine.

These programs need to be uninstalled

AdWatch


These programs can just be disabled

Microsoft Antispyware
TeaTimer
SpySweeper
Win Patrol
Spyware Guard
PSGuard
Pestpatrol
Regrun
Diamonds Process controller



You may wish to print out a copy of these instructions to follow while you complete this procedure.

Please save Hijack This in a permanent folder (i.e. C:\HJT). This ensures backups are saved and accessible.

Please go offline, close all browsers and any open Windows, making sure that only HijackThis is open. Scan and when it finishes, put an X in the boxes, only next to these following items, then click fix checked.

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.oluhokwzn...KkUS3Z/GyIu.htm

O1 - Hosts: 66.159.20.51 astalavista.box.sk

O2 - BHO: (no name) - {9C0AC681-88FE-C2A7-C0EB-8890385FEFFF} - C:\DOCUME~1\Rumana\APPLIC~1\DartEnc\EachCamp.exe (file missing)
O2 - BHO: (no name) - {C7C93327-1520-C6FF-96D2-9376FC8A7733} - C:\DOCUME~1\Arman\APPLIC~1\DartEnc\FLAP CASH.exe

O3 - Toolbar: (no name) - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - (no file)

O4 - HKLM\..\Run: [CAPing] C:\Program Files\Common Files\Citianywhere\CAPing.exe
O4 - HKLM\..\Run: [IPInSightLAN 01] "C:\Program Files\Citianywhere\CA\IPInsight\IPClient.exe" -l
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\Citianywhere\CA\IPInsight\IPMon32.exe"
O4 - HKLM\..\Run: [Amen Noun Great Four] C:\Documents and Settings\All Users\Application Data\Mapi Sign Amen Noun\KEEPBIAS.exe
O4 - HKLM\..\Run: [Proxy name default tray] C:\Documents and Settings\All Users\Application Data\Exit Dead Proxy Name\Ace Platform.exe
O4 - HKCU\..\Run: [SaveStart] C:\DOCUME~1\Arman\APPLIC~1\STOPME~1\softwareonelove.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE<<resource hog

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O15 - Trusted Zone: http://dbrasweb.db.com
O15 - Trusted Zone: *.db.com

O16 - DPF: {3BA494B1-D507-4C11-9BDA-D47E1A65DFCF} (Confidence Online Enterprise Edition) - https://dbrasweb-hh1...db.com,CT=java
O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - https://dbrasweb-hh1...db.com,CT=java
O16 - DPF: {4CC35DAD-40EA-4640-ACC2-A1A3B6FB3E06} (NeoterisSetup Control) - https://dbrasweb-hh1...oterisSetup.cab
O16 - DPF: {5EA3D7B3-2612-4335-8459-2B519477C054} (Motivus ERA LiveEdit ActiveX) - https://dbrasweb-wh1...om,SSL,CT=java
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1098654799265
O16 - DPF: {8E28B3A9-FE83-45D1-B657-D5426B81A121} (CustomerCtrl Class) - http://cs7b.instants...erxsigned33.cab
O16 - DPF: {C3FDA8CE-9414-4E33-AC6B-4922922259A5} - http://www.jambalala.com/movies2.exe
O16 - DPF: {F57D17AE-CE37-4BC8-B232-EA57747BE5E7} - http://66.230.146.33/EPlugin.cab

Please reboot into safe mode (continually tap the F8 key while your system is starting, select Safe Mode from the menu).
Be sure you're able to view hidden files, and remove the following files in bold (if found):

C:\DOCUME~1\Arman\APPLIC~1\DartEnc\<<entire folder
C:\Program Files\Citianywhere\<<entire folder
C:\Documents and Settings\All Users\Application Data\Mapi Sign Amen Noun\<<entire folder
C:\Documents and Settings\All Users\Application Data\Exit Dead Proxy Name<<entire folder
C:\DOCUME~1\Arman\APPLIC~1\STOPME~1<<entire folder


Click on the button labeled CleanUp!.

When it finishes it will prompt you to restart Windows - there will be one or two files it cannot delete when Windows is running - however, they will be deleted next time Windows starts up.

Reboot and post a new hijack this log and leg me know how it's running. :tazz:
  • 0

#6
suman_m

suman_m

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Thanks very much for you help. My PC work much better now, with no ads appearing so far. Also I can login to my office network using RAS, with Malicious software detected when I login.

I believe that BTnet Support is my ISP since I use BT Yahoo broadband.

I could not uninstall or disable the programs that you suggested since I could not find them when I use Add/Remove programs via control panel or msconfig (startup / services tab). Please advise.

AdWatch
Microsoft Antispyware
TeaTimer
SpySweeper
Win Patrol
Spyware Guard
PSGuard
Pestpatrol
Regrun
Diamonds Process controller

Here is my hijack log. I believe all the items that you suggested have been fixed, Please note that there is still the entry below since I require this applet when logging into my office network.
O16 - DPF: {3BA494B1-D507-4C11-9BDA-D47E1A65DFCF} (Confidence Online Enterprise Edition) - https://dbrasweb-hh1...db.com,CT=java

Thanks again, Suman

Logfile of HijackThis v1.99.1
Scan saved at 13:49:31, on 21/08/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\MSI\PC Alert III\alert.exe
C:\Palm\HOTSYNC.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\My Shared Folder\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\RunServices: [AccessRampLAN 01] C:\SSBRLA\Insight\ArUpld32.exe
O4 - HKLM\..\RunServices: [AccessRampMonitor 01] C:\SSBRLA\Insight\ArMon32a.exe
O4 - HKLM\..\RunServices: [RunAlert] C:\Program Files\MSI\PC Alert III\AService.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Safeworld] C:\Program Files\Safeworld Software\Safeworld\Freedom.exe
O4 - Startup: HotSync Manager.lnk = C:\Palm\HOTSYNC.EXE
O4 - Global Startup: PC Alert III.lnk = C:\Program Files\MSI\PC Alert III\alert.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {3BA494B1-D507-4C11-9BDA-D47E1A65DFCF} (Confidence Online Enterprise Edition) - https://dbrasweb-hh1...db.com,CT=java
O17 - HKLM\System\CCS\Services\Tcpip\..\{5F873BA2-5246-4B08-ADA4-3D45918D7FEA}: NameServer = 194.72.9.44 194.74.65.86
O23 - Service: Visual IP InSight Client (CitiGroup-WWDS) (InverseLaunchIPI_CitiGroup:WWDS) - Unknown owner - C:\ssbrla\insight\LaunchIPI.exe (file missing)
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
  • 0

#7
suman_m

suman_m

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Sorry in my first sentence below I meant to say
"... with NO Malicious software detected when I login."
  • 0

#8
coachwife6

coachwife6

    SuperStar

  • Retired Staff
  • 11,413 posts
It looks good. Is it still running well?
  • 0

#9
suman_m

suman_m

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Yes it is running fine.

Thanks again, you are a star
  • 0

#10
coachwife6

coachwife6

    SuperStar

  • Retired Staff
  • 11,413 posts
Glad we could help. This topic is now closed. If it needs to be reopened, please PM a staff member

The following is a list of tools and utilities that I like to suggest to people. This list is full of great tools and utilities to help you understand how you got infected and how to keep from getting infected again.
  • Spybot Search & Destroy - Uber powerful tool which can search and annhilate nasties that make it onto your system. Now with an Immunize section that will help prevent future infections.
  • AdAware - Another very powerful tool which searches and kills nasties that infect your system. AdAware and Spybot Search & Destroy compliment each other very well.
  • SpywareBlaster - Great prevention tool to keep nasties from installing on your system.
  • SpywareGuard - Works as a Spyware "Shield" to protect your computer from getting malware in the first place.
  • IE-SpyAd - puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.
  • CleanUP! - Cleans temporary files from IE and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out those nasties that like to reside in the temp folders.
  • Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.
  • Google Toolbar - Free google toolbar that allows you to use the powerful Google search engine from the bar, but also blocks pop up windows.
  • Trillian or Miranda-IM - These are Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN)
  • Weather Watcher - Free taskbar weather program that is free, malware free, and resource light.
To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Tony Klein
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP