The list includes:
norton antivirus recognising : bloodhound.packed, downloader trojan, w32.spybot.worm, IRC Trojan, trojan dropper, hacktool and backdoor, irc, ratsou.d
I believe these are mostly gone now as i used to have popup windows reminding me of them but they dont appera now.
I've also got the SAHagent golden retriever thing, search miracle popups, a serach bar on the side of my IE and a program called prjMensagem that runs on start up.
In add/remove programs i have these unfamiliar programs : adstatus service, elitebar, golden retriever and ISTsvc.
in my hard drive i have three suspicious files : asdf.txt, log, txt and ResumeOmgApDeliveryMgrCntrl_SonicStage_EmdDownloadObj.dmf
I have run spybot, adaware and still loads of the programs exist.
I would like some advice on what programs to help protect me.
I installed spyware blaster but only after the viruses. I've set all the proper settings for spyware blaster so will this protect me in the future? Any other programs you could recommend? I have my WSP2 firewall on as well.
for some reason when i go to windows update the page dosn't work and all i get is a blank screen. ?? Also in your guide i checked the adaware option "move deleted files to the recycle bin" and now theres some files in there that can't be deleted.
so anyway here is my hijack this log
thanks for any help you can give.
Logfile of HijackThis v1.98.2
Scan saved at 11:10:41, on 14/02/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\mipdp.exe
C:\WINDOWS\newpop63.exe
C:\WINDOWS\msnmsgq.exe
C:\WINDOWS\System32\gah95on6.exe
C:\WINDOWS\svchst.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ezSP_Px.exe
C:\Program Files\ISTsvc\istsvc.exe
C:\WINDOWS\system32\ctlmcoin_0_v9.exe
C:\Program Files\TGTSoft\StyleXP\StyleXP.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Hijack This\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://searchmiracle.com/sp.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchmiracle.com/sp.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchmiracle.com/sp.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.broadband.blueyonder.co.uk
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchmiracle.com/sp.php
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\Program Files\Outlook Express\msimn.exe"
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by blueyonder
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: &EliteBar - {28CAEFF3-0F18-4036-B504-51D73BD81ABC} - C:\WINDOWS\EliteToolBar\EliteToolBar.dll
O2 - BHO: &EliteSideBar - {ED103D9F-3070-4580-AB1E-E5C179C1AE41} - C:\WINDOWS\EliteSideBar\EliteSideBar 08.dll
O3 - Toolbar: &EliteBar - {825CF5BD-8862-4430-B771-0C15C5CA8DEF} - C:\WINDOWS\EliteToolBar\EliteToolBar.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [Norton Personal Firewall] jah.exe
O4 - HKLM\..\Run: [AdStatus Service] C:\Program Files\AdStatus Service\AdStatServ.exe
O4 - HKLM\..\Run: [1F9L4i] C:\WINDOWS\mipdp.exe
O4 - HKLM\..\Run: [antiware] C:\windows\system32\eliteuzf32.exe
O4 - HKLM\..\Run: [popuppers] C:\WINDOWS\newpop63.exe
O4 - HKLM\..\Run: [msnmsgq32] C:\WINDOWS\msnmsgq.exe
O4 - HKLM\..\Run: [Windows Compliant] gvnlcb.exe
O4 - HKLM\..\Run: [Microsofts MediaScope] winmedplay.exe
O4 - HKLM\..\Run: [sF6Q3se] diabvm50.exe
O4 - HKLM\..\Run: [gah95on6] C:\WINDOWS\System32\gah95on6.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [WinAmpAgent] C:\WINDOWS\svchst.exe /i
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [-
] C:\WINDOWS\mipdp.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exe
O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
O4 - HKLM\..\RunServices: [Norton Personal Firewall] jah.exe
O4 - HKLM\..\RunServices: [Windows Compliant] gvnlcb.exe
O4 - HKLM\..\RunServices: [Microsofts MediaScope] winmedplay.exe
O4 - HKCU\..\Run: [Norton Personal Firewall] jah.exe
O4 - HKCU\..\Run: [Windows Compliant] gvnlcb.exe
O4 - HKCU\..\Run: [dop4RiKFh] ctlmcoin_0_v9.exe
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: officejet 6100.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.broadband.blueyonder.co.uk
O15 - Trusted Zone: *.media-motor.net
O15 - Trusted Zone: *.popuppers.com
O16 - DPF: {30CE93AE-4987-483C-9ABE-F2BD5301AB70} - http://64.156.31.79/...ne/ringtone.exe
O16 - DPF: {9E98E84C-79E1-49C3-82EB-798FCD552EFB} - http://advnt01.com/d...ionale_ver4.CAB