Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

bloodhound removal


  • Please log in to reply

#1
saggitarius50

saggitarius50

    New Member

  • Member
  • Pip
  • 3 posts
Ah, i'm another victim of bloodhound. While trying to install your scan thing so you guys could check out my processes, I was told by my computer that my security settings are too high to download the file. I tried fooling around with the internet security in the internet options but nothing is working. I already checked out some of the other posts about the people and their problems with the bloodhound virus. I have norton anti virus and also i already have the service pack 1, but i really need to get the scan thing downloaded so i can send my processes to you guys. Any help is amazingly appreciated, i have alot of things that need to be done for school via my computer, and this virus is making everything soooooo slow. Anyways, thanks alot.
  • 0

Advertisements


#2
admin

admin

    Founder Geek

  • Administrator
  • 24,504 posts
Try this, on the IE toolbar, click Tools -> Internet Options, select the Advanced tab, click the Restore Defaults button.
  • 0

#3
saggitarius50

saggitarius50

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
Yeah, it works now thanks alot. Here ya go.
Logfile of HijackThis v1.98.2
Scan saved at 5:11:10 PM, on 12/8/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Efficient Networks\Tango Manager\app\TangoService.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\spoolvsc.exe
C:\WINDOWS\System32\winssv.exe
C:\WINDOWS\System32\svcshost.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\ntguard32.exe
C:\WINDOWS\System32\btludwvoc.exe
C:\WINDOWS\System32\slserv32.exe
C:\Program Files\ISTsvc\istsvc.exe
C:\Program Files\Windows TaskAd\WinTaskAd.exe
C:\WINDOWS\cossarlb.exe
C:\PROGRA~1\EFFICI~1\TANGOM~2\app\TangoManager.exe
C:\program files\180solutions\sais.exe
C:\Program Files\Windows TaskAd\WinSched.exe
C:\Program Files\Internet Optimizer\optimize.exe
C:\Program Files\BullsEye Network\bin\bargains.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Optimizer\actalert.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Web_Rebates\WebRebates1.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\system32\svphost.exe
C:\WINDOWS\System32\windupdts.exe
C:\WINDOWS\System32\systcfm.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Web_Rebates\WebRebates0.exe
C:\Program Files\Power Scan\powerscan.exe
C:\WINDOWS\lmt.exe
C:\Program Files\Internet Optimizer\optimize.exe
C:\PROGRA~1\COMMON~1\tsa\tsm2.exe
C:\WINDOWS\system32\svphost.exe
C:\Program Files\Internet Optimizer\actalert.exe
C:\Program Files\Web_Rebates\WebRebates0.exe
C:\PROGRA~1\COMMON~1\tsa\ts2.exe
C:\Hijackthis\HJT.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.couldnotf...count_id=155478
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.couldnotf...count_id=155478
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.slotch.co...count_id=155478
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.couldnotf...count_id=155478
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.alltel.ne...wuser/benefits/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.alltel.ne...wuser/benefits/
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O1 - Hosts: 12.129.205.209 search.netscape.com12.129.205.209 sitefinder.verisign.com
O2 - BHO: &EliteBar - {28CAEFF3-0F18-4036-B504-51D73BD81ABC} - C:\WINDOWS\EliteToolBar\EliteToolBar version 58.dll
O2 - BHO: BHO Class - {ED103D9F-3070-4580-AB1E-E5C179C1AE41} - C:\WINDOWS\ELITES~1\ELITES~1.DLL
O3 - Toolbar: &EliteBar - {825CF5BD-8862-4430-B771-0C15C5CA8DEF} - C:\WINDOWS\EliteToolBar\EliteToolBar version 58.dll
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [TangoManager] C:\PROGRA~1\EFFICI~1\TANGOM~2\app\TANGOM~1.EXE
O4 - HKLM\..\Run: [Norton Guard 32] ntguard32.exe
O4 - HKLM\..\Run: [WindowsRegKey upd4te2d4te] btludwvoc.exe
O4 - HKLM\..\Run: [Win32 Secure Updates] spoolvsc.exe
O4 - HKLM\..\Run: [Windows service] slserv32.exe
O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [Windows TaskAd] C:\Program Files\Windows TaskAd\WinTaskAd.exe
O4 - HKLM\..\Run: [VxuOG] C:\WINDOWS\cossarlb.exe
O4 - HKLM\..\Run: [WebRebates0] "C:\Program Files\Web_Rebates\WebRebates0.exe"
O4 - HKLM\..\Run: [sais] c:\program files\180solutions\sais.exe
O4 - HKLM\..\Run: [Power Scan] C:\Program Files\Power Scan\powerscan.exe
O4 - HKLM\..\Run: [lmt] C:\WINDOWS\lmt.exe
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKLM\..\Run: [BullsEye Network] C:\Program Files\BullsEye Network\bin\bargains.exe
O4 - HKLM\..\Run: [Win32 SSL Driver] winssv.exe
O4 - HKLM\..\Run: [Microsoft Windows Update] svcshost.exe
O4 - HKLM\..\Run: [Start Upping] windupdts.exe
O4 - HKLM\..\Run: [System32 CF Manager] systcfm.exe
O4 - HKLM\..\RunServices: [Norton Guard 32] ntguard32.exe
O4 - HKLM\..\RunServices: [WindowsRegKey upd4te2d4te] btludwvoc.exe
O4 - HKLM\..\RunServices: [Win32 Secure Updates] spoolvsc.exe
O4 - HKLM\..\RunServices: [Windows service] slserv32.exe
O4 - HKLM\..\RunServices: [Win32 SSL Driver] winssv.exe
O4 - HKLM\..\RunServices: [Microsoft Windows Update] svcshost.exe
O4 - HKLM\..\RunServices: [Start Upping] windupdts.exe
O4 - HKLM\..\RunServices: [System32 CF Manager] systcfm.exe
O4 - HKLM\..\RunOnce: [Win32 Secure Updates] spoolvsc.exe
O4 - HKLM\..\RunOnce: [Win32 SSL Driver] winssv.exe
O4 - HKLM\..\RunOnce: [Microsoft Windows Update] svcshost.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [WindowsRegKey upd4te2d4te] btludwvoc.exe
O4 - HKCU\..\Run: [Win32 Secure Updates] spoolvsc.exe
O4 - HKCU\..\Run: [Win32 SSL Driver] winssv.exe
O4 - HKCU\..\Run: [Microsoft Windows Update] svcshost.exe
O4 - HKCU\..\RunOnce: [Win32 Secure Updates] spoolvsc.exe
O4 - HKCU\..\RunOnce: [Microsoft Windows Update] svcshost.exe
O4 - HKCU\..\RunOnce: [Win32 SSL Driver] winssv.exe
O8 - Extra context menu item: Web Rebates - file://C:\Program Files\Web_Rebates\Sy1150\Tp1150\scri1150a.htm
O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - C:\Program Files\SideFind\sidefind.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O15 - Trusted Zone: http://*.windowsupdate.com
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1102458665546
O17 - HKLM\System\CCS\Services\Tcpip\..\{5F1ADE49-8EEF-440A-8F7E-9DF73417500D}: NameServer = 166.102.165.11 166.102.165.13
  • 0

#4
saggitarius50

saggitarius50

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
Did i do it right? And is there anything you guys can do to fix it? I would be extremely grateful for any suggestions on fixing this because i have many papers coming up due and id like to get a jump on them. Thanks alot.
  • 0

#5
-=jonnyrotten=-

-=jonnyrotten=-

    Member 2k

  • Retired Staff
  • 2,678 posts
Ok, looks like you have a little cleaning up do to for us to make this go smoothly.

Go to control panel, add/remove programs and uninstall any or all of the following:

TV Media
Windows Adcontrol
NewDotNet (new.net)
WebRebates
WhenU
180 Solutions
myway
mysearch
mywebsearch
viewpoint manager
viewpoint
wild tangent
weatherbug
gain
gator
gmt
wintools
any searchbar/toolbar besides google

Reboot:

You have a number of randomonly named files on your system. We like to start with an online virus and trojan scan. Even though you have antivirus software on your system, it can become corrupted by malware.

Please run a free online virus scan here (tick the "Auto Clean" checkbox): Needs to be run with Internet Explorer.
http://housecall.antivirus.com/

And a free trojan scan here: (you will have to download the 30 day trial of "The Cleaner" here)
http://www.moosoft.com/

Reboot your PC.

If you would please, rescan with HijackThis and post a fresh log in this same topic, and we'll remove what's left.

Also I have a question. Do you know what "Tango Manager" is by Efficient Networks?

Very Important: Please go here and install this microsoft windows update:
http://www.microsoft...&displaylang=en

-=jonnyrotten=- biggrin.gif
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP