Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

more spyware stuff :( [RESOLVED]

Started by zoloft , Nov 29 2005 07:30 PM

  • This topic is locked This topic is locked

#1
zoloft
Posted 29 November 2005 - 07:30 PM

zoloft

    Member

  • Member
  • PipPip
  • 55 posts
yea...you guys helped me out before so i thank you guys again
but the spyware got to me again....such as aurora. Heres the Hijack log

Logfile of HijackThis v1.99.1
Scan saved at 8:29:22 PM, on 11/29/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\nvraidservice.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Gigabyte\Gigabyte Windows Utility Manager\gwum.exe
C:\WINDOWS\System32\wbem\unsecapp.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Gary\Desktop\POPUPS\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.netian.com
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\System32\nvraidservice.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Microsoft Windows DLL Services Configuration] windir32.exe
O4 - HKLM\..\RunServices: [Microsoft Windows DLL Services Configuration] windir32.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SureCleanProfessional] "C:\PROGRA~1\PANICW~1\SURECL~1\SRClean.exe"
O4 - HKCU\..\Run: [Microsoft Windows DLL Services Configuration] windir32.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Event Reminder.lnk = C:\Program Files\Broderbund\PrintMaster\PMREMIND.EXE
O4 - Global Startup: gwum.lnk = C:\Program Files\Gigabyte\Gigabyte Windows Utility Manager\gwum.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .htm: C:\Program Files\Netscape\Netscape Browser\PLUGINS\npTrident.dll
O12 - Plugin for .mpg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.netian.com
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.c...nst20040510.cab
O16 - DPF: {494E48CF-30BE-4B8C-8157-136ADE419966} (MemberTree5.CokeApp) - http://www.kissporta.../MemberTree.CAB
O16 - DPF: {58D72A60-6695-4952-97DC-2464E958E3C7} (KTree Control) - http://www.kissporta...rol/apptree.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1072944298638
O16 - DPF: {6FC8738C-1723-4990-BD6E-5633AD3BC6E8} - http://down.c-zero.c...1/CZInstall.CAB
O16 - DPF: {98489242-50AA-4297-8EB9-9EC58BDE8C0E} (NamoWeCtl 5.0 for lgchem_Notes_Maum) - http://www.kissporta...amo/NamoWec.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft...free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {C4B1A999-DE7F-4717-9456-6958458B65FD} (BellWaveMailTree23.CokeApp) - http://www.kissporta...aveMailTree.CAB
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} - http://ax.phobos.app.../ITDetector.cab
O16 - DPF: {F340450F-B4E4-47D2-91EE-A9B28B6C734B} (BellWaveEmpTree9.CokeEmp) - http://www.kissporta...WaveEmpTree.CAB
O17 - HKLM\System\CCS\Services\Tcpip\..\{46BAA3FD-D53B-4FCC-AB3B-AA1CEFC1272E}: NameServer = 192.168.1.1
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
  • 0

Advertisements

#2
John McKenna
Posted 02 December 2005 - 08:37 AM

John McKenna

    Visiting Staff

  • Member
  • PipPipPip
  • 230 posts
Hi Zoloft and welcome back to Geeks. :tazz:


I'm not seeing Aurora but you do have an Rbot worm.

See here: http://www.trendmicr...BOT.BRQ&VSect=P



Step 1

Configure Windows to Show all hidden files & folders and ensure you're familiar with rebooting into Safe Mode.

Download and install System Security Suite.


Step 2

Run HJT again and checkmark the boxes next to the following:-

O4 - HKLM\..\Run: [Microsoft Windows DLL Services Configuration] windir32.exe
O4 - HKLM\..\RunServices: [Microsoft Windows DLL Services Configuration] windir32.exe
O4 - HKCU\..\Run: [Microsoft Windows DLL Services Configuration] windir32.exe

Close ALL OPEN WINDOWS/BROWSERS and click Fix Checked


Step 3

Reboot into Safe Mode and use Windows Explorer to locate and delete this file in bold:

C:\Windows\System32\windir32.exe


Step 4

Close ALL other windows and open System Security Suite.
  • On the Items to Clear tab select Cookies & Temporary Files under Internet Explorer.
  • Select Temporary Files & Recycle Bin under My Computer.
  • Press the Clear Selected Items button.
  • Restart the machine when prompted.

Step 5

Then run the following online virus scan with Internet Explorer (saving the scan report when complete):

Panda ActiveScan
  • Once on the Panda site click the Scan your PC button and then the Check Now button on the nex screen.
  • Enter your details in the required fields.
  • Then click the big Scan Now button.
  • Allow the Active X component to install and download the necessary files. (Note: It may take a couple of minutes)
  • When the download is complete, click on Local Disks to start the scan.
  • Upon scan completion, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location.

Step 6

Then post a fresh HJT log with the online scan results please. :)


Keeping Track of Your Topic
  • Please subscribe to this thread by clicking 'Track this topic' at the top of the thread.
  • Enable email notification to subscribed threads via the My Controls link above.
  • Keep ALL future replies in this thread please.

  • 0

#3
zoloft
Posted 02 December 2005 - 10:50 PM

zoloft

    Member

  • Topic Starter
  • Member
  • PipPip
  • 55 posts
thanks a lot this is the virus scan log

Incident Status Location

Adware:Adware/Look2Me Not disinfected C:\Documents and Settings\Gary\Desktop\POPUPS\l2mfix\backup.zip[awpmgmts.dll]
Adware:Adware/Look2Me Not disinfected C:\Documents and Settings\Gary\Desktop\POPUPS\l2mfix\backup.zip[azau0cf9ef2.dll]
Adware:Adware/Look2Me Not disinfected C:\Documents and Settings\Gary\Desktop\POPUPS\l2mfix\backup.zip[d6j02g1mg6.dll]
Adware:Adware/Look2Me Not disinfected C:\Documents and Settings\Gary\Desktop\POPUPS\l2mfix\backup.zip[dtmodemx.dll]
Adware:Adware/Look2Me Not disinfected C:\Documents and Settings\Gary\Desktop\POPUPS\l2mfix\backup.zip[fp6003jme.dll]
Adware:Adware/Look2Me Not disinfected C:\Documents and Settings\Gary\Desktop\POPUPS\l2mfix\backup.zip[fpr0039me.dll]
Adware:Adware/Look2Me Not disinfected C:\Documents and Settings\Gary\Desktop\POPUPS\l2mfix\backup.zip[g2jo0c13ef.dll]
Adware:Adware/Look2Me Not disinfected C:\Documents and Settings\Gary\Desktop\POPUPS\l2mfix\backup.zip[g6402ghmg64a2.dll]
Adware:Adware/Look2Me Not disinfected C:\Documents and Settings\Gary\Desktop\POPUPS\l2mfix\backup.zip[i6jqlg1516.dll]
Adware:Adware/Look2Me Not disinfected C:\Documents and Settings\Gary\Desktop\POPUPS\l2mfix\backup.zip[irl2l53o1.dll]
Adware:Adware/Look2Me Not disinfected C:\Documents and Settings\Gary\Desktop\POPUPS\l2mfix\backup.zip[l2j80c1uef.dll]
Adware:Adware/Look2Me Not disinfected C:\Documents and Settings\Gary\Desktop\POPUPS\l2mfix\backup.zip[lv2809fue.dll]
Adware:Adware/Look2Me Not disinfected C:\Documents and Settings\Gary\Desktop\POPUPS\l2mfix\backup.zip[miir3jp.dll]
Adware:Adware/Look2Me Not disinfected C:\Documents and Settings\Gary\Desktop\POPUPS\l2mfix\backup.zip[mmltus40.dll]
Adware:Adware/Look2Me Not disinfected C:\Documents and Settings\Gary\Desktop\POPUPS\l2mfix\backup.zip[mpgsys.dll]
Adware:Adware/Look2Me Not disinfected C:\Documents and Settings\Gary\Desktop\POPUPS\l2mfix\backup.zip[mwxex.dll]
Adware:Adware/Look2Me Not disinfected C:\Documents and Settings\Gary\Desktop\POPUPS\l2mfix\backup.zip[mximsg.dll]
Adware:Adware/Look2Me Not disinfected C:\Documents and Settings\Gary\Desktop\POPUPS\l2mfix\backup.zip[okmanage.dll]
Adware:Adware/Look2Me Not disinfected C:\Documents and Settings\Gary\Desktop\POPUPS\l2mfix\backup.zip[ozbcp32r.dll]
Adware:Adware/Look2Me Not disinfected C:\Documents and Settings\Gary\Desktop\POPUPS\l2mfix\backup.zip[p08qlal51dq.dll]
Adware:Adware/Look2Me Not disinfected C:\Documents and Settings\Gary\Desktop\POPUPS\l2mfix\backup.zip[q6860glse6q60.dll]
Adware:Adware/Look2Me Not disinfected C:\Documents and Settings\Gary\Desktop\POPUPS\l2mfix\backup.zip[q8860ilse8q60.dll]
Adware:Adware/Look2Me Not disinfected C:\Documents and Settings\Gary\Desktop\POPUPS\l2mfix\backup.zip[r6p80g7ue6.dll]
Adware:Adware/Look2Me Not disinfected C:\Documents and Settings\Gary\Desktop\POPUPS\l2mfix\backup.zip[srbrccsp.dll]
Adware:Adware/Imibar Not disinfected C:\Program Files\Sunbelt Software\CounterSpy Client\Quarantine\FA778513-1093-4984-8C46-88A408\0224FD81-E0CC-4F6F-ADF1-55F2AC
Adware:Adware/eZula Not disinfected C:\Program Files\Sunbelt Software\CounterSpy Client\Quarantine\FA778513-1093-4984-8C46-88A408\3948E506-3EDD-42AD-AAD2-7FF073
Adware:Adware/eZula Not disinfected C:\Program Files\Sunbelt Software\CounterSpy Client\Quarantine\FA778513-1093-4984-8C46-88A408\396F4437-4FCE-44C5-B413-419A57
Adware:Adware/eZula Not disinfected C:\Program Files\Sunbelt Software\CounterSpy Client\Quarantine\FA778513-1093-4984-8C46-88A408\6808347A-1622-4FFC-9317-4BC4E0
Adware:Adware/BroadcastPC Not disinfected C:\Program Files\tvs\tvs_clean.exe


and here is the hj this log

Logfile of HijackThis v1.99.1
Scan saved at 12:30:58 AM, on 12/3/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\nvraidservice.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Gigabyte\Gigabyte Windows Utility Manager\gwum.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\wbem\unsecapp.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Gary\Desktop\POPUPS\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.netian.com
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\System32\nvraidservice.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SureCleanProfessional] "C:\PROGRA~1\PANICW~1\SURECL~1\SRClean.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Event Reminder.lnk = C:\Program Files\Broderbund\PrintMaster\PMREMIND.EXE
O4 - Global Startup: gwum.lnk = C:\Program Files\Gigabyte\Gigabyte Windows Utility Manager\gwum.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .htm: C:\Program Files\Netscape\Netscape Browser\PLUGINS\npTrident.dll
O12 - Plugin for .mpg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.netian.com
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.c...nst20040510.cab
O16 - DPF: {494E48CF-30BE-4B8C-8157-136ADE419966} (MemberTree5.CokeApp) - http://www.kissporta.../MemberTree.CAB
O16 - DPF: {58D72A60-6695-4952-97DC-2464E958E3C7} (KTree Control) - http://www.kissporta...rol/apptree.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1072944298638
O16 - DPF: {6FC8738C-1723-4990-BD6E-5633AD3BC6E8} - http://down.c-zero.c...1/CZInstall.CAB
O16 - DPF: {98489242-50AA-4297-8EB9-9EC58BDE8C0E} (NamoWeCtl 5.0 for lgchem_Notes_Maum) - http://www.kissporta...amo/NamoWec.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {C4B1A999-DE7F-4717-9456-6958458B65FD} (BellWaveMailTree23.CokeApp) - http://www.kissporta...aveMailTree.CAB
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} - http://ax.phobos.app.../ITDetector.cab
O16 - DPF: {F340450F-B4E4-47D2-91EE-A9B28B6C734B} (BellWaveEmpTree9.CokeEmp) - http://www.kissporta...WaveEmpTree.CAB
O17 - HKLM\System\CCS\Services\Tcpip\..\{46BAA3FD-D53B-4FCC-AB3B-AA1CEFC1272E}: NameServer = 192.168.1.1
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe

Edited by zoloft, 02 December 2005 - 11:31 PM.

  • 0

#4
John McKenna
Posted 03 December 2005 - 03:35 AM

John McKenna

    Visiting Staff

  • Member
  • PipPipPip
  • 230 posts
Your HijackThis log is clean now. :tazz:

How's the machine running now?
  • 0

#5
zoloft
Posted 03 December 2005 - 05:05 PM

zoloft

    Member

  • Topic Starter
  • Member
  • PipPip
  • 55 posts
its fine thanks a lot :tazz: i love you guys hahaha
seruiously thanks again :)
  • 0

#6
John McKenna
Posted 03 December 2005 - 06:31 PM

John McKenna

    Visiting Staff

  • Member
  • PipPipPip
  • 230 posts
Glad to hear it. :)

Everything appears to be in order so I guess we can wrap things up for the time being.

Let me know if the problems return.

Now that you're clean again, please follow these simple steps to keep yourself safe and secure in the future.

Disable and Re-enable System Restore to Flush Infected Restore Points

If you are using Windows ME or XP, you should disable and re-enable system restore to make sure there are no infected files found in your restore points.

You can find instructions on how to disable and re-enable system restore here:

Windows XP System Restore Guide

or

Managing Windows Millenium System Restore

Re-enable System Restore with instructions from the tutorial above and create a new Restore point.


Block Access to Untrustworthy Sites

You can prevent your computer from visiting a myriad of untrustworthy sites and ad-servers by installing a customised hosts file. One of the best available is the MVPS Hosts File. Simply follow the instructions to install the file in the correct location. This will not only make surfing safer but will improve website load times and block popups from many of the large ad-servers.


Clean out ALL Temp Files

This process will clean out your Temp files and your Temporary Internet Files. Please do both steps:

Step 1: Delete Temp Files
To clean out your temp files, click on Start > Run, and type %temp% and press ok.

This should open up the temp directory that your machine uses. Please delete all files in this directory. If you get an error when deleting a file, skip that file and delete the rest. If you had trouble deleting a file, reboot into Safe Mode and follow this step again. You should now be able to delete all the files.

Step 2: Delete Temporary Internet Files
Now I want you to open up Internet Explorer, click on the Tools menu and then Internet Options. At the General tab, which should be the first tab you are currently on, click on the 'Delete Files' button and put a checkmark in 'Delete Offline Content'. Then press the OK button. This may take quite a while!

Finally, and definitely the MOST IMPORTANT step, click on the following tutorial and follow each step listed there:

Simple and easy ways to keep your computer safe and secure on the Internet



Safe Surfing

JM :tazz:
  • 0

#7
John McKenna
Posted 03 December 2005 - 06:31 PM

John McKenna

    Visiting Staff

  • Member
  • PipPipPip
  • 230 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :tazz:

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP