Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

unwanted toolbars and frequent changes to homepage


  • Please log in to reply

#1
sliknick105

sliknick105

    New Member

  • Member
  • Pip
  • 7 posts
Hi I've tried a lot to get rid of this problem but I'm kind of computer retarded so hopefully you all can help me out. When i open my homepage, a blue, unremovable tool bar comes up at the bottom of the screen and a beije, unremovable toolbar comes up under the address bar. Also, my homepage is frequently changed to random websites and websites and catagories are added to my favorites. In addition to this, random icons will be added on my desktop such as "casino" and "bingo" but can easily be removed. I think this started when i clicked a link from a friends profile and i was taken to a search200 website but I'm not sure because it has been a while. I'm including my hijack this logfile in full because i dont know what information is necessary.

Logfile of HijackThis v1.99.0
Scan saved at 12:01:23 PM, on 1/17/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\Explorer.EXE
F:\WINDOWS\system32\spoolsv.exe
F:\Program Files\Common Files\Symantec Shared\ccApp.exe
F:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
F:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
F:\Program Files\iPod\bin\iPodManager.exe
F:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
F:\Program Files\QuickTime\qttask.exe
F:\Program Files\Common Files\Real\Update_OB\realsched.exe
F:\Program Files\Alwil Software\Avast4\ashServ.exe
F:\Program Files\Microsoft IntelliPoint\point32.exe
F:\PROGRA~1\Java\J2RE14~1.2\bin\jusched.exe
F:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
F:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
F:\Program Files\eDonkey2000\eDonkey2000.exe
F:\PROGRA~1\COMMON~1\ADAPTE~1\CreateCD\CREATE~1.EXE
F:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
F:\Program Files\Messenger\msmsgs.exe
F:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
F:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
F:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
F:\Program Files\WinZip\WZQKPICK.EXE
f:\progra~1\intern~1\iexplore.exe
F:\PROGRA~1\NORTON~1\NORTON~2\GHOSTS~2.EXE
F:\Program Files\iPod\bin\iPodService.exe
F:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
F:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
F:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
F:\WINDOWS\System32\svchost.exe
F:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
F:\WINDOWS\system32\wscntfy.exe
F:\WINDOWS\system32\wuauclt.exe
F:\Program Files\Internet Explorer\iexplore.exe
F:\Program Files\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yhljgadae...Wpz2Yj5PFbi.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.msn.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.msn.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = www.disney.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = www.disney.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = www.msn.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = www.msn.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1F6D462F-65E0-A323-9381-7F487C313214} - (no file)
O2 - BHO: (no name) - {5B1A6213-129F-75F2-7C34-2FDB32E6445D} - F:\DOCUME~1\ADMINI~1\APPLIC~1\HelpThis\InterBags.exe
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - f:\windows\googletoolbar2.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - F:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - F:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - F:\Program Files\AIM Toolbar\AIMBar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - f:\windows\googletoolbar2.dll
O4 - HKLM\..\Run: [ccApp] "F:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "F:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [GhostStartTrayApp] F:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
O4 - HKLM\..\Run: [iPodManager] F:\Program Files\iPod\bin\iPodManager.exe
O4 - HKLM\..\Run: [MMTray] F:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [QuickTime Task] "F:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AdaptecDirectCD] "F:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [TkBellExe] "F:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [IntelliPoint] "F:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] F:\PROGRA~1\Java\J2RE14~1.2\bin\jusched.exe
O4 - HKLM\..\Run: [ViewMgr] F:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [mmtask] F:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [Second show stop coal] F:\Documents and Settings\All Users\Application Data\BrowseMfcdSecondShow\CastGram.exe
O4 - HKLM\..\Run: [TrojanScanner] F:\Program Files\Trojan Remover\Trjscan.exe
O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "F:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
O4 - HKLM\..\Run: [bend build bits grid] F:\Documents and Settings\All Users\Application Data\Popstylebendbuild\CITYJOY.exe
O4 - HKLM\..\Run: [eDonkey2000] F:\Program Files\eDonkey2000\eDonkey2000.exe -t
O4 - HKLM\..\Run: [avast!] F:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [CreateCD50] F:\PROGRA~1\COMMON~1\ADAPTE~1\CreateCD\CREATE~1.EXE -r
O4 - HKCU\..\Run: [MSMSGS] "F:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] F:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [RdrEach] F:\DOCUME~1\ADMINI~1\APPLIC~1\GRIDLO~1\AnteBlahSetup.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = F:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = F:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = F:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = F:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &AIM Search - res://F:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Google Search - res://f:\windows\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://f:\windows\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://f:\windows\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://f:\windows\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://f:\windows\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\WINDOWS\System32\msjava.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - F:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} (Microsoft VM) - http://www.wildtange...javx86_3805.exe
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnote...ad/mnviewer.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150...ip/RdxIE601.cab
O16 - DPF: {8EDAD21C-3584-4E66-A8AB-EB0E5584767D} - http://toolbar.googl...gleActivate.cab
O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} - http://install.wildt...nce/install.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/...aploader_v5.cab
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalci...illama/ampx.cab
O16 - DPF: {FDDCE9FE-1FC6-413C-80B1-37B101FDA1D4} (ShellInstaller Control) - http://download.budd...allerRaptor.cab
O23 - Service: avast! iAVS4 Control Service - Unknown - F:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown - F:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - F:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: Symantec Event Manager - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: GhostStartService - Symantec Corporation - F:\PROGRA~1\NORTON~1\NORTON~2\GHOSTS~2.EXE
O23 - Service: iPod Service - Apple Computer, Inc - F:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service - Symantec Corporation - F:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection - Symantec Corporation - F:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: ScriptBlocking Service - Symantec Corporation - F:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Speed Disk service - Symantec Corporation - F:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe

Thanks in advance.
  • 0

Advertisements


#2
LineOFire

LineOFire

    Malware Expert

  • Retired Staff
  • 235 posts
Hello and welcome to GeeksToGo Forums. We hope you enjoy your stay here! :tazz:

You may want to print out these instructions or save them to your desktop as a text file with Notepad because we will be restarting into Safe Mode later on in the fix and you might not be able to access the Internet.

Place a checkmark next to these entries, close all browsers and windows, and have HijackThis fix them by clicking Fix Checked:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yhljgadae...Wpz2Yj5PFbi.htm
O2 - BHO: (no name) - {1F6D462F-65E0-A323-9381-7F487C313214} - (no file)
O2 - BHO: (no name) - {5B1A6213-129F-75F2-7C34-2FDB32E6445D} - F:\DOCUME~1\ADMINI~1\APPLIC~1\HelpThis\InterBags.exe
O4 - HKLM\..\Run: [ViewMgr] F:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [Second show stop coal] F:\Documents and Settings\All Users\Application Data\BrowseMfcdSecondShow\CastGram.exe
O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "F:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
O4 - HKLM\..\Run: [bend build bits grid] F:\Documents and Settings\All Users\Application Data\Popstylebendbuild\CITYJOY.exe
O4 - HKCU\..\Run: [RdrEach] F:\DOCUME~1\ADMINI~1\APPLIC~1\GRIDLO~1\AnteBlahSetup.exe
O16 - DPF: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} (Microsoft VM) - http://www.wildtange...javx86_3805.exe
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150...ip/RdxIE601.cab
O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} - http://install.wildt...nce/install.cab
O16 - DPF: {FDDCE9FE-1FC6-413C-80B1-37B101FDA1D4} (ShellInstaller Control) - http://download.budd...allerRaptor.cab

Reconfigure Windows XP to show hidden files:
Click Start. Open My Computer.
Select the Tools menu and click Folder Options. Select the View Tab.

Under the Hidden files and folders heading select "Show hidden files and folders".
Uncheck the "Hide protected operating system files (recommended)" option.
Uncheck the "Hide file extensions for known file types" option.
Click Yes to confirm. Click OK.

Boot into Safe Mode:
Restart your computer and immediately begin tapping the F8 key on your keyboard.
If done right a Windows Advanced Options menu will appear. Select the Safe Mode option and press Enter.
To return to normal mode just restart your computer as you normally would.

Please remove these entries from Add/Remove Programs in the Control Panel(if present):

Viewpoint Manager
WildTangent

Please delete these folders using Windows Explorer(if present):

F:\Documents and Settings\Administrator\Application Data\GRIDLO <- folder to delete starts with these letters!
F:\Documents and Settings\Administrator\Application Data\HelpThis
F:\Documents and Settings\All Users\Application Data\BrowseMfcdSecondShow
F:\Documents and Settings\All Users\Application Data\Popstylebendbuild
F:\Program Files\Viewpoint
F:\Program Files\WildTangent

Now you can restart the computer normally.
Please run HijackThis again and post a fresh log, just so I can make sure that all the malware was deleted according to plan. ;)
  • 0

#3
sliknick105

sliknick105

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
All seems to be well-- Thank you so much for your help and EASY to follow instructions... score one for the technologically retarded.
Here is the fresh log.
Logfile of HijackThis v1.99.0
Scan saved at 4:16:56 PM, on 1/17/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\Explorer.EXE
F:\WINDOWS\system32\spoolsv.exe
F:\Program Files\Common Files\Symantec Shared\ccApp.exe
F:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
F:\Program Files\iPod\bin\iPodManager.exe
F:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
F:\Program Files\QuickTime\qttask.exe
F:\Program Files\Common Files\Real\Update_OB\realsched.exe
F:\Program Files\Microsoft IntelliPoint\point32.exe
F:\PROGRA~1\Java\J2RE14~1.2\bin\jusched.exe
F:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
F:\Program Files\eDonkey2000\eDonkey2000.exe
F:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
F:\PROGRA~1\COMMON~1\ADAPTE~1\CreateCD\CREATE~1.EXE
F:\Program Files\Messenger\msmsgs.exe
F:\Program Files\AIM\aim.exe
F:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
F:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
F:\Program Files\WinZip\WZQKPICK.EXE
F:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
F:\Program Files\Alwil Software\Avast4\ashServ.exe
F:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
F:\PROGRA~1\NORTON~1\NORTON~2\GHOSTS~2.EXE
F:\Program Files\iPod\bin\iPodService.exe
F:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
F:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
F:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
F:\WINDOWS\System32\svchost.exe
F:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
F:\WINDOWS\system32\wscntfy.exe
F:\WINDOWS\system32\wuauclt.exe
F:\WINDOWS\system32\wuauclt.exe
F:\Program Files\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.zinlbemvu...pz2Yj5PFbi.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.msn.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.msn.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = www.disney.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = www.disney.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = www.msn.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = www.msn.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - f:\windows\googletoolbar2.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - F:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - F:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - F:\Program Files\AIM Toolbar\AIMBar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - f:\windows\googletoolbar2.dll
O4 - HKLM\..\Run: [ccApp] "F:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "F:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [GhostStartTrayApp] F:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
O4 - HKLM\..\Run: [iPodManager] F:\Program Files\iPod\bin\iPodManager.exe
O4 - HKLM\..\Run: [MMTray] F:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [QuickTime Task] "F:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AdaptecDirectCD] "F:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [TkBellExe] "F:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [IntelliPoint] "F:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] F:\PROGRA~1\Java\J2RE14~1.2\bin\jusched.exe
O4 - HKLM\..\Run: [mmtask] F:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [TrojanScanner] F:\Program Files\Trojan Remover\Trjscan.exe
O4 - HKLM\..\Run: [eDonkey2000] F:\Program Files\eDonkey2000\eDonkey2000.exe -t
O4 - HKLM\..\Run: [avast!] F:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [CreateCD50] F:\PROGRA~1\COMMON~1\ADAPTE~1\CreateCD\CREATE~1.EXE -r
O4 - HKCU\..\Run: [MSMSGS] "F:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] F:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = F:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = F:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = F:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = F:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &AIM Search - res://F:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Google Search - res://f:\windows\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://f:\windows\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://f:\windows\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://f:\windows\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://f:\windows\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\WINDOWS\System32\msjava.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - F:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnote...ad/mnviewer.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {8EDAD21C-3584-4E66-A8AB-EB0E5584767D} - http://toolbar.googl...gleActivate.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/...aploader_v5.cab
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalci...illama/ampx.cab
O23 - Service: avast! iAVS4 Control Service - Unknown - F:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown - F:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - F:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: Symantec Event Manager - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: GhostStartService - Symantec Corporation - F:\PROGRA~1\NORTON~1\NORTON~2\GHOSTS~2.EXE
O23 - Service: iPod Service - Apple Computer, Inc - F:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service - Symantec Corporation - F:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection - Symantec Corporation - F:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: ScriptBlocking Service - Symantec Corporation - F:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Speed Disk service - Symantec Corporation - F:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
  • 0

#4
LineOFire

LineOFire

    Malware Expert

  • Retired Staff
  • 235 posts
Everything looks good on this end too. Great job! :tazz:

Here are some tips, in order to reduce the potential for future malware infections. ;)
  • Secure Internet Explorer - The most common reason that malware installs itself is that your Internet Explorer security settings are set too low.
    • Open Internet Explorer.
    • Click on the "Tools" menu and select "Internet Options...".
    • If not already selected, select the "Security" tab.
    • Click on "Internet" so that it becomes highlighted and then click "Custom Level...".
    • In the "Reset to:" drop-down menu select "Medium".
    • Click "Reset" and choose "Yes" at the prompt to reset the security settings.
    • Click "OK" to return to the Security menu.
    • Repeat the same steps for "Local intranet", "Trusted sites", "Restricted sites" with these security settings:
      • "Local intranet" - "Medium-low"
      • "Trusted sites" - "Low"
      • "Restricted sites" - "High"
    • Finally, click "Apply" and then "OK" to apply the settings that you set.
  • Windows Update - It is absolutely imperative that you stay on top of all updates to your operating system and browser. Malware authors and hackers make use of the many loopholes found in Microsoft's code. Keeping your system up to date is one of the most important steps in preventing infection.
  • Spybot - Search & Destroy - Spybot - Search & Destroy is an excellent general anti-malware tool. It has the ability to scan your system for all kinds of malware and even offers TeaTimer and SDHelper in order to provide real-time protection from malware.
  • Ad-Aware SE - Ad-Aware SE, like Spybot - Search & Destroy, is another general anti-malware solution which offers scanning. Both programs will often catch something the other cannot. It is best to use both of these wonderful programs in tandem so that you maximize the detection capabilities.
  • SpywareBlaster - SpywareBlaster offers real-time protection against malicious ActiveX controls. This will stop most of the drive-by malware installations that have been very common recently. The best part is, this program does not need to run in the background, so it uses no resources!
  • IE-SpyAd - IE-SpyAd attempts to stop malware infections by placing a huge list of known malicious sites into Internet Explorer's Restricted Sites list. If you accidentally come upon a harmful site, the Restricted Sites zone will hinder its maliciousness.
  • HOSTS - The HOSTS file is the Windows solution to malware prevention. By placing harmful sites in the HOSTS file, you are effectively denying your computer access to the site, and denying the site access to your computer.
  • Update Programs Regularly - Just as with your operating system and browser, the five aforementioned utlitlies are in need of constant updating. Malware changes everyday and is critical to be prepared at all times.
  • Get A New Browser - The recent outburst of malware that has taken the Internet and the world by storm. More and more people are realizing that Internet Explorer is a terribly insecure browser. Since then, several great browsers have been developed to dull the blow of malware. Besides offering improved security, alternate browers supply many new features. These are the browsers I currently recommend: Mozilla Firefox and Opera.
I encourage you to at least consider following some of these steps. It is important that everyone learn how to combat these evil creations.

Edited by LineOFire, 17 January 2005 - 03:27 PM.

  • 0

#5
sliknick105

sliknick105

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Thank you so much. I have many of the programs you listed and will be getting the rest soon!
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP