Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

PSGuard [RESOLVED]


  • This topic is locked This topic is locked

#1
zzshupinga

zzshupinga

    Member

  • Member
  • PipPip
  • 15 posts
While waiting for someone to get to mine, I took a look at the other posts in the forum wiht people that seemed to have similar problems as I did. So I followed some of those steps, running HijakThis and making a few changes, running (among a couple of others) AdAware, Spybot, Spyware Doctor, FSecure, Ewido, and CCleaner and I think that I've finally gotten rid of it. The computer seems to be running a bit slower, but I'm guessing that's because of something I may have done, but no worse for the wear. So if someone could check this out for me and make sure its finally gone and that nothing is screwed up too badly it would be much appreciated. Thanks.

Logfile of HijackThis v1.99.1
Scan saved at 8:28:58 AM, on 8/3/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\devldr32.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Charter High-Speed Security Suite\Common\FSM32.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\Hewlett-Packard\AiO\hp officejet k series\Bin\hpoorn07.exe
C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe
C:\WINDOWS\System32\hpoipm07.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fsgk32st.exe
C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\FSGK32.EXE
C:\Program Files\Charter High-Speed Security Suite\backweb\4476822\program\fsbwsys.exe
C:\Program Files\Charter High-Speed Security Suite\Common\FSMA32.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Charter High-Speed Security Suite\Common\FSMB32.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fssm32.exe
C:\Program Files\Charter High-Speed Security Suite\Common\FCH32.EXE
C:\Program Files\Charter High-Speed Security Suite\Common\FAMEH32.EXE
C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fsav32.exe
C:\Program Files\Charter High-Speed Security Suite\FWES\Program\fsdfwd.exe
C:\Program Files\Charter High-Speed Security Suite\FSGUI\fsguiexe.exe
C:\Program Files\Netscape\Netscape Browser\netscape.exe
C:\Documents and Settings\Sashas Comp\Desktop\HijackThis.exe

N4 - Mozilla: user_pref("browser.search.defaultengine", "http://www.google.com/"); (C:\Documents

and Settings\Sashas Comp\Application Data\Mozilla\Profiles\default\ahlr8s1e.slt\prefs.js)
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} -

C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} -

C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [AHQInit] C:\Program Files\Creative\SBLive\Program\AHQInit.exe
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Charter High-Speed Security

Suite\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\Charter High-Speed Security

Suite\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Charter High-Speed Security

Suite\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop

Search\GoogleDesktop.exe" /startup
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - Global Startup: HPAiODevice(hp officejet k series) - 1.lnk = C:\Program

Files\Hewlett-Packard\AiO\hp officejet k series\Bin\hpoorn07.exe
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} -

C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\MSMSGS.EXE
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -

http://www.pandasoft...free/asinst.cab
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - Unknown owner -

C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe (file missing)
O23 - Service: F-Secure Anti-Virus 2005 (BackWeb Plug-in - 4476822) - Unknown owner -

C:\PROGRA~1\CHARTE~1\backweb\4476822\Program\SERVIC~1.EXE
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd -

C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security

suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security

suite\ewidoguard.exe
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\Charter

High-Speed Security Suite\Anti-Virus\fsgk32st.exe
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\Charter High-Speed Security

Suite\backweb\4476822\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program

Files\Charter High-Speed Security Suite\FWES\Program\fsdfwd.exe
O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\Charter High-Speed Security

Suite\Common\FSMA32.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation -

C:\WINDOWS\System32\nvsvc32.exe
  • 0

Advertisements


#2
Rawe

Rawe

    Visiting Staff

  • Member
  • PipPipPipPipPipPipPip
  • 4,746 posts
We can definitely help you, but first you need to help us. The first step in this process is to apply Service Pack 1a for Windows XP. Without this update, you're wide open to re-infection, and we're both just wasting our time.
Click here: http://www.microsoft...&DisplayLang=en
Apply the update, reboot, and post a fresh Hijack This log.
  • 0

#3
zzshupinga

zzshupinga

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Sorry about the multiple posts. I had some trouble installing the pack so I'm not sure it installed all the way and it won't uninstall. But here's the new hijakthis log. Thanks.

Logfile of HijackThis v1.99.1
Scan saved at 9:59:28 AM, on 8/3/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\System32\devldr32.exe
C:\Program Files\Charter High-Speed Security Suite\Common\FSM32.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\Hewlett-Packard\AiO\hp officejet k series\Bin\hpoorn07.exe
C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe
C:\WINDOWS\System32\hpoipm07.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fsgk32st.exe
C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\FSGK32.EXE
C:\Program Files\Charter High-Speed Security Suite\backweb\4476822\program\fsbwsys.exe
C:\Program Files\Charter High-Speed Security Suite\Common\FSMA32.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Charter High-Speed Security Suite\Common\FSMB32.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fssm32.exe
C:\Program Files\Charter High-Speed Security Suite\Common\FCH32.EXE
C:\Program Files\Charter High-Speed Security Suite\Common\FAMEH32.EXE
C:\Program Files\Charter High-Speed Security Suite\FWES\Program\fsdfwd.exe
C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fsav32.exe
C:\Program Files\Charter High-Speed Security Suite\FSGUI\fsguiexe.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\SYSTEM32\rundll32.exe
C:\Documents and Settings\Sashas Comp\Desktop\HijackThis.exe

N4 - Mozilla: user_pref("browser.search.defaultengine", "http://www.google.com/"); (C:\Documents

and Settings\Sashas Comp\Application Data\Mozilla\Profiles\default\ahlr8s1e.slt\prefs.js)
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} -

C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} -

C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [AHQInit] C:\Program Files\Creative\SBLive\Program\AHQInit.exe
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Charter High-Speed Security

Suite\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\Charter High-Speed Security

Suite\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Charter High-Speed Security

Suite\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop

Search\GoogleDesktop.exe" /startup
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - Global Startup: HPAiODevice(hp officejet k series) - 1.lnk = C:\Program

Files\Hewlett-Packard\AiO\hp officejet k series\Bin\hpoorn07.exe
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} -

C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\MSMSGS.EXE
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -

http://www.pandasoft...free/asinst.cab
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - Unknown owner -

C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe (file missing)
O23 - Service: F-Secure Anti-Virus 2005 (BackWeb Plug-in - 4476822) - Unknown owner -

C:\PROGRA~1\CHARTE~1\backweb\4476822\Program\SERVIC~1.EXE
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd -

C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security

suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security

suite\ewidoguard.exe
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\Charter

High-Speed Security Suite\Anti-Virus\fsgk32st.exe
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\Charter High-Speed Security

Suite\backweb\4476822\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program

Files\Charter High-Speed Security Suite\FWES\Program\fsdfwd.exe
O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\Charter High-Speed Security

Suite\Common\FSMA32.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation -

C:\WINDOWS\System32\nvsvc32.exe
  • 0

#4
zzshupinga

zzshupinga

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
I still can't seem to get the service pack installed :tazz:
It starts up and comes up with a message about update.inf (?) something being wrong with it and to check and make sure cryptographic service is working right. Any advice?
  • 0

#5
Rawe

Rawe

    Visiting Staff

  • Member
  • PipPipPipPipPipPipPip
  • 4,746 posts
Actually you got the Sp1a, don't try to uninstall it/install it again. For now, can you run a fresh HiJackThis scan and post the log, BUT this time make sure WordWrap is NOT selected in Notepad. It's easier to read your log that way.
  • 0

#6
zzshupinga

zzshupinga

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Here's a fresh hijak log and thanks for the help

Logfile of HijackThis v1.99.1
Scan saved at 1:48:15 PM, on 8/3/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fsgk32st.exe
C:\Program Files\Charter High-Speed Security Suite\backweb\4476822\program\fsbwsys.exe
C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\FSGK32.EXE
C:\Program Files\Charter High-Speed Security Suite\Common\FSMA32.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fssm32.exe
C:\Program Files\Charter High-Speed Security Suite\Common\FSMB32.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Charter High-Speed Security Suite\Common\FSM32.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\WINDOWS\System32\devldr32.exe
C:\Program Files\Charter High-Speed Security Suite\Common\FCH32.EXE
C:\Program Files\Charter High-Speed Security Suite\Common\FAMEH32.EXE
C:\Program Files\Hewlett-Packard\AiO\hp officejet k series\Bin\hpoorn07.exe
C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe
C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fsav32.exe
C:\WINDOWS\System32\hpoipm07.exe
C:\Program Files\Charter High-Speed Security Suite\FWES\Program\fsdfwd.exe
C:\Program Files\Charter High-Speed Security Suite\FSGUI\fsguiexe.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Sashas Comp\Desktop\HijackThis.exe

N4 - Mozilla: user_pref("browser.search.defaultengine", "http://www.google.com/"); (C:\Documents and Settings\Sashas Comp\Application Data\Mozilla\Profiles\default\ahlr8s1e.slt\prefs.js)
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [AHQInit] C:\Program Files\Creative\SBLive\Program\AHQInit.exe
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Charter High-Speed Security Suite\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\Charter High-Speed Security Suite\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Charter High-Speed Security Suite\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - Global Startup: HPAiODevice(hp officejet k series) - 1.lnk = C:\Program Files\Hewlett-Packard\AiO\hp officejet k series\Bin\hpoorn07.exe
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - Unknown owner - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe (file missing)
O23 - Service: F-Secure Anti-Virus 2005 (BackWeb Plug-in - 4476822) - Unknown owner - C:\PROGRA~1\CHARTE~1\backweb\4476822\Program\SERVIC~1.EXE
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fsgk32st.exe
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\Charter High-Speed Security Suite\backweb\4476822\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Charter High-Speed Security Suite\FWES\Program\fsdfwd.exe
O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\Charter High-Speed Security Suite\Common\FSMA32.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
  • 0

#7
Rawe

Rawe

    Visiting Staff

  • Member
  • PipPipPipPipPipPipPip
  • 4,746 posts
Your log's looking fine. Any particular problems or did you just want to check?

If you indeed have any problems, can you run this online scan and post the results;
Panda Activescan

- Rawe :tazz:
  • 0

#8
zzshupinga

zzshupinga

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
I had PSGuard that I was having trouble getting rid of as well as some other things that I was having trouble with. And I finally got rid of it and just wanted to check and make sure that it was gone. It seems to be running slow right now and I'm not sure why, but I'm glad everything else looks all right.
  • 0

#9
Rawe

Rawe

    Visiting Staff

  • Member
  • PipPipPipPipPipPipPip
  • 4,746 posts
Ok, well I can give you bunch of suggestions on how to make your PC working faster. :tazz:
Can you do the following first;
  • Open HiJackThis
  • Click on the configure button on the bottom right
  • Click on the tab "Misc Tools"
  • Click on the Box that says "Uninstall Manager"
  • Click on the button "Save list"
  • Copy and paste the List from the notebook onto your post

  • 0

#10
zzshupinga

zzshupinga

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
I can't seem to get panda open at the moment. It keeps freezing. But I had opened it before and it said that there was nothing. Here's the list:
Ad-Aware SE Personal
Adobe Acrobat 5.0
Adobe Photoshop Album 2.0 Starter Edition
AOL Instant Messenger
BCM V.92 56K Modem
BellSouth FastAccess DSL WEB Controls
CCleaner (remove only)
Dell | Support
Direct Connect 1.0 Preview Build 9
DocuCount 97
Easy CD Creator 5 Basic
Free Solitaire
F-Secure Anti-Virus 2005
GearPlayer
Google Desktop Search
HijackThis 1.99.1
hp instant support
hp officejet k series
Kazaa Media Desktop 2.0
Kazaa Media Desktop 2.0.2
LiveReg (Symantec Corporation)
LiveUpdate 1.80 (Symantec Corporation)
Microsoft .NET Framework 1.1
Microsoft Office Professional
Microsoft Streets and Trips 2002
Microsoft Word 2002
Microsoft Works 2002 Setup Launcher
Microsoft Works 6.0
Microsoft Works Suite Add-in for Microsoft Word
Modem Helper
MUSICMATCH Jukebox
Netscape (7.2)
Netscape Browser (remove only)
NVIDIA Display Driver
NVIDIA Windows 2000/XP Display Drivers
Outlook Express Update Q330994
Picasa 2
Realtek RTL8139 Diagnostics Program
Shockwave
Snood for Windows version 3.01-W
Snowy Scenes Screen Saver
Sound Blaster Live! Value
Spyware Doctor 3.2
StuffIt Standard Edition 7.5
Viewpoint Manager (Remove Only)
Viewpoint Media Player
Windows Media Player Hotfix [See wm828026 for more information]
Windows XP Hotfix - KB823559
Windows XP Hotfix - KB823980
Windows XP Hotfix - KB825119
Windows XP Hotfix - KB833987
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB835732
Windows XP Hotfix - KB840987
Windows XP Hotfix - KB841356
Windows XP Hotfix - KB841533
Windows XP Hotfix - KB842773
Windows XP Hotfix - KB873376
Windows XP Hotfix - KB887822
Windows XP Hotfix (SP1) [See Q309521 for more information]
Windows XP Hotfix (SP1) [See Q313450 for more information]
Windows XP Hotfix (SP1) [See Q318138 for more information]
Windows XP Hotfix (SP1) [See Q323172 for more information]
Windows XP Hotfix (SP1) [See Q324096 for more information]
Windows XP Hotfix (SP1) [See Q324380 for more information]
Windows XP Hotfix (SP1) [See Q326830 for more information]
Windows XP Hotfix (SP1) [See Q328940 for more information]
Windows XP Hotfix (SP2) [See Q329048 for more information]
Windows XP Hotfix (SP2) [See Q329115 for more information]
Windows XP Hotfix (SP2) [See Q329390 for more information]
Windows XP Hotfix (SP2) [See Q329834 for more information]
Windows XP Hotfix (SP2) Q328310
Windows XP Hotfix (SP2) Q329170
Windows XP Hotfix (SP2) Q329441
Windows XP Hotfix (SP2) Q810577
Windows XP Hotfix (SP2) Q810833
Windows XP Hotfix (SP2) Q811493
Windows XP Hotfix (SP2) Q815021
Windows XP Hotfix (SP2) Q817606
Windows XP Hotfix (SP2) Q819696
  • 0

Advertisements


#11
Rawe

Rawe

    Visiting Staff

  • Member
  • PipPipPipPipPipPipPip
  • 4,746 posts
Ok, firstly. Viewpoint Manager should be uninstalled. Go to Add/Remove programs, uninstall Viewpoint Manager, then delete this folder; C:\Program Files\Viewpoint Manager

Second, uninstall your current version of Netscape. Uninstall the program, delete the folder. Get the latest Netscape here;
http://browser.netscape.com/ns8/

Install it.

I suggest you to uninstall CCleaner first, then delete the folder.

Empty your recycle bin.

Download
CleanUp

Run the CleanUp! installer and launch the program. Run CleanUp but don't reboot yet.

Disable System Restore;

1. Click Start > Programs > Accessories > Windows Explorer
2. Right-click My Computer, and then click Properties.
3. Click the System Restore tab.
4. Check the "Turn off System Restore"
5. Click Apply. An message shows up.
6. Click "Yes" to do this.
7. Confirm with "Ok".


Reboot.

Enable System Restore;

1. Click Start.
2. Right-click My Computer, and then click Properties.
3. Click the System Restore tab.
4. Uncheck the "Turn off System Restore" check box.
5. Click Apply, and then click "OK".


System Restore will now be active again. ;) Be sure to set a new restore point, and if you need additional help with that, here's a link; http://filext.com/in...thread.php?t=27

Visit;
http://www.windowsupdate.com to get Service Pack 2 which is a critical update to get.. It'll increase your protection. Apply it - reboot. After that, apply ANY available critical updates. Reboot.

Take a read here about P2P programs, I noticed you have Kazaa Media Desktop;
http://www.spywarein...m/articles/p2p/

Here's some tips for future to prevent spyware;

Detect and Remove Programs:
  • How to use Ad-Aware to remove Spyware <= If you suspect that you have spyware installed on your computer, here are instructions on how to download, install and then use Ad-Aware.
  • How to use Spybot to remove Spyware <= If you suspect that you have spyware installed on your computer, here are instructions on how to download, install and then use Spybot. Similar to Ad-Aware, I strongly recommend both to catch most spyware.
Prevention Programs:
  • Spywareblaster <= SpywareBlaster will prevent spyware from being installed. (My favourite)
  • Spywareguard <= SpywareGuard offers realtime protection from spyware installation attempts.
  • MVPS Hosts file <= The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer
  • Google Toolbar <= Get the free google toolbar to help stop pop up windows.
Other necessary Programs:
  • AntiVirus Program <= An AntiVirus program is a must! Whether it is a free version like AVG or Anti-Vir, or a shareware version like Norton or Kaspersky, this is a must have.
  • Firewall <= A firewall is definatley a must have. Two good free versions are Sygate and ZoneLabs.
  • More Secure Browser <= Internet Explorer is not the most secure and best browser. There are safer and better alternatives available. I recommend Firefox.
And also see TonyKlein's good advice;
So how did I get infected in the first place? (My favourite)

Install some of the prevention software above..

- Rawe :tazz:

Let me know how it goes.

You might also want to do this step, if still feels slow;

Download and install EasyCleaner:
http://personal.inet...rts/ecleane.htm

After installing it check under Settings > Registry tab if the backup
option is checked and if the directory it points to exists.
This should be true by default, but check anyway.

Then click OK and click Registry
Then click Search. When it is done select all the items per color,
(most, if not all should be green) and click Remove.

And reboot.

  • 0

#12
zzshupinga

zzshupinga

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
It works a whole lot faster now. Thanks. I do have one more bit of trouble. When I'm running Spybot it comes up with these same seven registry changes from Smitfraud-C and I can't quite seem to get rid of them. All of the other scans are coming up clean.
This is what it comes up with. Any suggestions on how to get rid of it (I'm guessing its spyware because it did delete some of the stuff from this heading earlier. It just won't do anything with this)? Thanks in advance.


Smitfraud-C.: User settings (Registry change, fixing failed)
HKEY_USERS\S-1-5-21-1774555873-3238835185-1224598246-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\awmdabest.com\*!=W=4

Smitfraud-C.: User settings (Registry change, fixing failed)
HKEY_USERS\S-1-5-21-1774555873-3238835185-1224598246-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\s13.tempx.cc\*!=W=4

Smitfraud-C.: User settings (Registry change, fixing failed)
HKEY_USERS\S-1-5-21-1774555873-3238835185-1224598246-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\trackhits.cc\*!=W=4

Smitfraud-C.: User settings (Registry change, fixing failed)
HKEY_USERS\S-1-5-21-1774555873-3238835185-1224598246-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\tracktraff.cc\*!=W=4

Smitfraud-C.: User settings (Registry change, fixing failed)
HKEY_USERS\S-1-5-21-1774555873-3238835185-1224598246-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\vparivalka.com\*!=W=4

Smitfraud-C.: User settings (Registry change, fixing failed)
HKEY_USERS\S-1-5-21-1774555873-3238835185-1224598246-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\vv7.al.57e.net\*!=W=4

Smitfraud-C.: User settings (Registry change, fixing failed)
HKEY_USERS\S-1-5-21-1774555873-3238835185-1224598246-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\win-eto.com\*!=W=4


--- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---

2005-05-31 blindman.exe (1.0.0.1)
2005-05-31 SpybotSD.exe (1.4.0.3)
2005-05-31 TeaTimer.exe (1.4.0.2)
2005-08-03 unins000.exe (51.41.0.0)
2005-05-31 Update.exe (1.4.0.0)
2005-05-31 advcheck.dll (1.0.2.0)
2005-05-31 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2005-05-31 SDHelper.dll (1.4.0.0)
2005-05-31 Tools.dll (2.0.0.2)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2005-04-26 Includes\Cookies.sbi (*)
2005-07-29 Includes\Dialer.sbi (*)
2005-07-29 Includes\Hijackers.sbi (*)
2005-06-23 Includes\Keyloggers.sbi (*)
2005-07-29 Includes\Malware.sbi (*)
2005-07-22 Includes\PUPS.sbi (*)
2005-04-27 Includes\Revision.sbi (*)
2005-07-29 Includes\Security.sbi (*)
2005-07-29 Includes\Spybots.sbi (*)
2005-02-17 Includes\Tracks.uti
2005-07-29 Includes\Trojans.sbi (*)
  • 0

#13
Rawe

Rawe

    Visiting Staff

  • Member
  • PipPipPipPipPipPipPip
  • 4,746 posts
Ok.. Firstly, is your SpyBot fully updated?
What version is it?

SpyBot S&D 1.4 is currently the latest one..
  • 0

#14
zzshupinga

zzshupinga

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Just downloaded it today from the link in the previous post. So it should be 1.4 and fully updated. And is just finished checking it.

Edited by zzshupinga, 03 August 2005 - 02:33 PM.

  • 0

#15
zzshupinga

zzshupinga

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
I need emergency help!!!
You helped me with my mom's computer throughout today, now I'm having serious trouble with mine. I ran the Cleanup program and all of a sudden nothing is working right on my computer. I can't see the start button, some of the programs aren't working. What did I do wrong??? :tazz: ;) :)


It will open hijak this, but won't run the log!!! Please, please help!!!!!!!!!
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP