Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Help me! [RESOLVED]

Started by Fl4m3 , Mar 23 2006 08:39 PM

  • This topic is locked This topic is locked

#16
Trevuren
Posted 28 March 2006 - 07:41 PM

Trevuren

    Old Dog

  • Retired Staff
  • 18,699 posts
A. Please update your Panda definitions. If you don't, Panda will refuse to let you use this fix.


B. 1. Please download Ewido Anti-Malware
  • Install ewido anti-malware
  • Launch ewido, there should be an icon on your desktop, double-click it.
  • The program will now open to the main screen.
  • When you run ewido for the first time, you may get a warning "Database could not be found!". Click OK. We will fix this in a moment.

    You will need to update ewido to the latest definition files.
    • On the left hand side of the main screen click update.
    • Then click on Start Update.
  • The update will start and a progress bar will show the updates being installed.
    (the status bar at the bottom will display ("Update successful")
  • Exit Ewido, do not run the scan yet!
If you are having problems with the updater, you can use this link to manually update ewido.
ewido manual updates

2. Please download Brute Force Uninstaller to your desktop.
  • Right click the BFU folder on your desktop, and choose Extract All
  • Click "Next"
  • In the box to choose where to extract the files to,
  • Click "Browse"
  • Click on the + sign next to "My Computer"
  • Click on "Local Disk (C:) or whatever your primary drive is
  • Click "Make New Folder"
  • Type in BFU
  • Click "Next", and Uncheck the "Show Extracted Files" box and then click "Finish".
3. RIGHT-CLICK HERE and choose "Save As" (in IE it's "Save Target As") in order to download Alcra PLUS Remover.
Save it in the same folder you made earlier (c:\BFU).

Do not do anything with these yet!

Reboot your computer into Safe Mode. You can do this by restarting your computer and continually tapping F8 until a menu appears. Highlight Safe Mode and hit enter.

4. Once in Safe Mode, Open Ewido:
  • Click on scanner
  • Click on Complete System Scan and the scan will begin.
  • You will be prompted to clean the first infection.
  • Select "Perform action on all infections", then proceed.
  • Once the scan has completed, there will be a button located on the bottom of the screen named Save report
  • Click Save report.
  • Save the report .txt file to your desktop or a location where you can find it easily.
Close ewido anti-malware.

5. Then, please go to Start > My Computer and navigate to the C:\BFU folder.
  • Start the Brute Force Uninstaller by doubleclicking BFU.exe
  • In the scriptline to execute field type or paste c:\bfu\alcanshorty.bfu
  • Press Execute and let it do it’s job. (You ought to see a progress bar if you did this correctly.)
  • Wait for the complete script execution box to pop up and press OK.
  • Press exit to terminate the BFU program.
Reboot into normal windows and post the contents of Ewido text report that you saved and a new HiJackThis log.


Regards,

Trevuren
  • 0

Advertisements

#17
Fl4m3
Posted 29 March 2006 - 07:21 PM

Fl4m3

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Ewido Text Report:

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 5:09:59 PM, 3/29/2006
+ Report-Checksum: 35827160

+ Scan result:

:mozilla.60:C:\Documents and Settings\Daniel Zhang\Application Data\Mozilla\Firefox\Profiles\nv0de0ir.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup
:mozilla.61:C:\Documents and Settings\Daniel Zhang\Application Data\Mozilla\Firefox\Profiles\nv0de0ir.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup
:mozilla.62:C:\Documents and Settings\Daniel Zhang\Application Data\Mozilla\Firefox\Profiles\nv0de0ir.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup
:mozilla.63:C:\Documents and Settings\Daniel Zhang\Application Data\Mozilla\Firefox\Profiles\nv0de0ir.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup
:mozilla.82:C:\Documents and Settings\Daniel Zhang\Application Data\Mozilla\Firefox\Profiles\nv0de0ir.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.83:C:\Documents and Settings\Daniel Zhang\Application Data\Mozilla\Firefox\Profiles\nv0de0ir.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.84:C:\Documents and Settings\Daniel Zhang\Application Data\Mozilla\Firefox\Profiles\nv0de0ir.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.85:C:\Documents and Settings\Daniel Zhang\Application Data\Mozilla\Firefox\Profiles\nv0de0ir.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.86:C:\Documents and Settings\Daniel Zhang\Application Data\Mozilla\Firefox\Profiles\nv0de0ir.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.114:C:\Documents and Settings\Daniel Zhang\Application Data\Mozilla\Firefox\Profiles\nv0de0ir.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.127:C:\Documents and Settings\Daniel Zhang\Application Data\Mozilla\Firefox\Profiles\nv0de0ir.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.135:C:\Documents and Settings\Daniel Zhang\Application Data\Mozilla\Firefox\Profiles\nv0de0ir.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup
:mozilla.136:C:\Documents and Settings\Daniel Zhang\Application Data\Mozilla\Firefox\Profiles\nv0de0ir.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup
:mozilla.137:C:\Documents and Settings\Daniel Zhang\Application Data\Mozilla\Firefox\Profiles\nv0de0ir.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup
:mozilla.138:C:\Documents and Settings\Daniel Zhang\Application Data\Mozilla\Firefox\Profiles\nv0de0ir.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup
:mozilla.141:C:\Documents and Settings\Daniel Zhang\Application Data\Mozilla\Firefox\Profiles\nv0de0ir.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup
:mozilla.142:C:\Documents and Settings\Daniel Zhang\Application Data\Mozilla\Firefox\Profiles\nv0de0ir.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup
:mozilla.149:C:\Documents and Settings\Daniel Zhang\Application Data\Mozilla\Firefox\Profiles\nv0de0ir.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.167:C:\Documents and Settings\Daniel Zhang\Application Data\Mozilla\Firefox\Profiles\nv0de0ir.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned with backup
:mozilla.168:C:\Documents and Settings\Daniel Zhang\Application Data\Mozilla\Firefox\Profiles\nv0de0ir.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned with backup
:mozilla.197:C:\Documents and Settings\Daniel Zhang\Application Data\Mozilla\Firefox\Profiles\nv0de0ir.default\cookies.txt -> TrackingCookie.Tracking101 : Cleaned with backup
:mozilla.212:C:\Documents and Settings\Daniel Zhang\Application Data\Mozilla\Firefox\Profiles\nv0de0ir.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.213:C:\Documents and Settings\Daniel Zhang\Application Data\Mozilla\Firefox\Profiles\nv0de0ir.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.221:C:\Documents and Settings\Daniel Zhang\Application Data\Mozilla\Firefox\Profiles\nv0de0ir.default\cookies.txt -> TrackingCookie.Trafic : Cleaned with backup
:mozilla.269:C:\Documents and Settings\Daniel Zhang\Application Data\Mozilla\Firefox\Profiles\nv0de0ir.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.270:C:\Documents and Settings\Daniel Zhang\Application Data\Mozilla\Firefox\Profiles\nv0de0ir.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.280:C:\Documents and Settings\Daniel Zhang\Application Data\Mozilla\Firefox\Profiles\nv0de0ir.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.283:C:\Documents and Settings\Daniel Zhang\Application Data\Mozilla\Firefox\Profiles\nv0de0ir.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.299:C:\Documents and Settings\Daniel Zhang\Application Data\Mozilla\Firefox\Profiles\nv0de0ir.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.307:C:\Documents and Settings\Daniel Zhang\Application Data\Mozilla\Firefox\Profiles\nv0de0ir.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.337:C:\Documents and Settings\Daniel Zhang\Application Data\Mozilla\Firefox\Profiles\nv0de0ir.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.338:C:\Documents and Settings\Daniel Zhang\Application Data\Mozilla\Firefox\Profiles\nv0de0ir.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.339:C:\Documents and Settings\Daniel Zhang\Application Data\Mozilla\Firefox\Profiles\nv0de0ir.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.340:C:\Documents and Settings\Daniel Zhang\Application Data\Mozilla\Firefox\Profiles\nv0de0ir.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.341:C:\Documents and Settings\Daniel Zhang\Application Data\Mozilla\Firefox\Profiles\nv0de0ir.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.342:C:\Documents and Settings\Daniel Zhang\Application Data\Mozilla\Firefox\Profiles\nv0de0ir.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.343:C:\Documents and Settings\Daniel Zhang\Application Data\Mozilla\Firefox\Profiles\nv0de0ir.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.344:C:\Documents and Settings\Daniel Zhang\Application Data\Mozilla\Firefox\Profiles\nv0de0ir.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.378:C:\Documents and Settings\Daniel Zhang\Application Data\Mozilla\Firefox\Profiles\nv0de0ir.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.383:C:\Documents and Settings\Daniel Zhang\Application Data\Mozilla\Firefox\Profiles\nv0de0ir.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup
:mozilla.384:C:\Documents and Settings\Daniel Zhang\Application Data\Mozilla\Firefox\Profiles\nv0de0ir.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup
:mozilla.385:C:\Documents and Settings\Daniel Zhang\Application Data\Mozilla\Firefox\Profiles\nv0de0ir.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup
:mozilla.388:C:\Documents and Settings\Daniel Zhang\Application Data\Mozilla\Firefox\Profiles\nv0de0ir.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.414:C:\Documents and Settings\Daniel Zhang\Application Data\Mozilla\Firefox\Profiles\nv0de0ir.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.426:C:\Documents and Settings\Daniel Zhang\Application Data\Mozilla\Firefox\Profiles\nv0de0ir.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.427:C:\Documents and Settings\Daniel Zhang\Application Data\Mozilla\Firefox\Profiles\nv0de0ir.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.428:C:\Documents and Settings\Daniel Zhang\Application Data\Mozilla\Firefox\Profiles\nv0de0ir.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.429:C:\Documents and Settings\Daniel Zhang\Application Data\Mozilla\Firefox\Profiles\nv0de0ir.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.431:C:\Documents and Settings\Daniel Zhang\Application Data\Mozilla\Firefox\Profiles\nv0de0ir.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup
:mozilla.433:C:\Documents and Settings\Daniel Zhang\Application Data\Mozilla\Firefox\Profiles\nv0de0ir.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup
:mozilla.435:C:\Documents and Settings\Daniel Zhang\Application Data\Mozilla\Firefox\Profiles\nv0de0ir.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup
C:\Documents and Settings\Daniel Zhang\Cookies\daniel [email protected][2].txt -> TrackingCookie.Euroclick : Cleaned with backup
C:\Documents and Settings\Daniel Zhang\Cookies\daniel [email protected][1].txt -> TrackingCookie.Specificclick : Cleaned with backup
C:\Documents and Settings\Daniel Zhang\Cookies\daniel [email protected][1].txt -> TrackingCookie.Realcastmedia : Cleaned with backup
C:\Documents and Settings\Daniel Zhang\Cookies\daniel [email protected][1].txt -> TrackingCookie.Tacoda : Cleaned with backup
C:\Documents and Settings\Daniel Zhang\Cookies\daniel zhang@atdmt[1].txt -> TrackingCookie.Atdmt : Cleaned with backup
C:\Documents and Settings\Daniel Zhang\Cookies\daniel [email protected][1].txt -> TrackingCookie.Casalemedia : Cleaned with backup
C:\Documents and Settings\Daniel Zhang\Cookies\daniel [email protected][2].txt -> TrackingCookie.Bridgetrack : Cleaned with backup
C:\Documents and Settings\Daniel Zhang\Cookies\daniel zhang@cpvfeed[1].txt -> TrackingCookie.Cpvfeed : Cleaned with backup
C:\Documents and Settings\Daniel Zhang\Cookies\daniel [email protected][1].txt -> TrackingCookie.Overture : Cleaned with backup
C:\Documents and Settings\Daniel Zhang\Cookies\daniel [email protected][2].txt -> TrackingCookie.Overture : Cleaned with backup
C:\Documents and Settings\Daniel Zhang\Cookies\daniel [email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Daniel Zhang\Cookies\daniel [email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Daniel Zhang\Cookies\daniel [email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Daniel Zhang\Cookies\daniel [email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Daniel Zhang\Cookies\daniel [email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Daniel Zhang\Cookies\daniel [email protected][1].txt -> TrackingCookie.Ru4 : Cleaned with backup
C:\Documents and Settings\Daniel Zhang\Cookies\daniel zhang@fastclick[1].txt -> TrackingCookie.Fastclick : Cleaned with backup
C:\Documents and Settings\Daniel Zhang\Cookies\daniel zhang@hypertracker[1].txt -> TrackingCookie.Hypertracker : Cleaned with backup
C:\Documents and Settings\Daniel Zhang\Cookies\daniel [email protected][1].txt -> TrackingCookie.Tracking101 : Cleaned with backup
C:\Documents and Settings\Daniel Zhang\Cookies\daniel [email protected][1].txt -> TrackingCookie.Top-banners : Cleaned with backup
C:\Documents and Settings\Daniel Zhang\Cookies\daniel [email protected][1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Daniel Zhang\Cookies\daniel [email protected][1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Daniel Zhang\Cookies\daniel [email protected][1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Daniel Zhang\Cookies\daniel [email protected][2].txt -> TrackingCookie.Adjuggler : Cleaned with backup
C:\Documents and Settings\Daniel Zhang\Cookies\daniel [email protected][1].txt -> TrackingCookie.Adbrite : Cleaned with backup
C:\Documents and Settings\Daniel Zhang\Cookies\daniel zhang@tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned with backup
C:\Documents and Settings\Daniel Zhang\Cookies\daniel zhang@yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Daniel Zhang\Local Settings\Temp\nsiB.tmp -> Downloader.IstBar : Cleaned with backup
C:\Documents and Settings\Daniel Zhang\Local Settings\Temp\nsk15.tmp -> Downloader.IstBar : Cleaned with backup
C:\Documents and Settings\Daniel Zhang\Local Settings\Temp\nst10.tmp -> Downloader.IstBar : Cleaned with backup


::Report End



HJT Log:

Logfile of HijackThis v1.99.1
Scan saved at 5:22:09 PM, on 3/29/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\program files\panda software\panda titanium 2006 antivirus + antispyware\firewall\PNMSRV.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PavFnSvr.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\pavsrv51.exe
C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\AVENGINE.EXE
C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PsImSvc.exe
C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\TPSrv.exe
C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbload.exe
C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\apvxdwin.exe
C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\WebProxy.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\taskmgr.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\APVXDWIN.EXE" /s
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Configuration Utility.lnk = C:\Program Files\MA311 PCI Adapter Configuration Utility\wlanutil.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.c...nst20040510.cab
O20 - Winlogon Notify: avldr - C:\WINDOWS\SYSTEM32\avldr.dll
O20 - Winlogon Notify: WB - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\fastload.dll
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software - C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PavFnSvr.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\pavsrv51.exe
O23 - Service: Panda Network Manager (PNMSRV) - Panda Software - c:\program files\panda software\panda titanium 2006 antivirus + antispyware\firewall\PNMSRV.EXE
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software Internacional - C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PsImSvc.exe
O23 - Service: Panda TPSrv (TPSrv) - Panda Software - C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\TPSrv.exe

Edited by Fl4m3, 29 March 2006 - 07:22 PM.

  • 0

#18
Trevuren
Posted 29 March 2006 - 08:39 PM

Trevuren

    Old Dog

  • Retired Staff
  • 18,699 posts
Your log looks good. If you have no more malware-related problems that you are aware of, just give me the OK and we can start the final but essential cleanup procedures and recommendations.

Trevuren
  • 0

#19
Fl4m3
Posted 29 March 2006 - 10:49 PM

Fl4m3

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Ok, where do we start? The only thing that's bothering me right now is that when I double-click an icon it takes several seconds for the program to load.

Edited by Fl4m3, 29 March 2006 - 10:49 PM.

  • 0

#20
Trevuren
Posted 29 March 2006 - 10:55 PM

Trevuren

    Old Dog

  • Retired Staff
  • 18,699 posts
I don't believe that that problem is malware related. I will close this topic and I suggest that you open a new one in our Windows forum where someone will be able to assist you with this problem.

Congratulations, your log shows that your SYSTEM IS CLEAN

There are a few things you must do once you are completely clean:

1. Re-hide your System Files and Folders to prevent any future accidents.

Reconfigure Windows XP to hide hidden files:
  • Click Start. Open My Computer.
  • Select the Tools menu and click Folder Options. Select the View Tab.
  • Under the Hidden files and folders heading deselect "Show hidden files and folders".
  • Check the "Hide protected operating system files (recommended)" option.
  • Click Yes to confirm. Click OK.
2. Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 onlyDouble-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

3. Reset and Re-enable your System Restore to remove bad files from the backup that Windows makes as no program is able to clean those files:

TO DISABLE SYSTEM RESTORE
  • Right-click "My Computer", and then left click "Properties".
  • Left click on "System Restore Tab"
  • Check box beside "Turn Off System Restore"
  • Left click on "Apply"
Reboot your System

TO ENABLE SYSTEM RESTORE
  • Remove check mark from "Turn Off System Restore"
  • Click on "Apply"
Here are some tips to reduce the potential for spyware infection in the future:

Make sure you keep your Windows OS current by visiting Windows update
regularly to download and install any critical updates and service packs. With out these you are leaving the backdoor open.

I strongly recommend installing the following applications:
  • Spywareblaster <= SpywareBlaster will prevent spyware from being installed.
  • Spywareguard <= SpywareGuard offers realtime protection from spyware installation attempts.
  • How to use Ad-Aware to remove Spyware <= If you suspect that you have spyware installed on your computer, here are instructions on how to download, install and then use Ad-Aware.
  • How to use Spybot to remove Spyware <= If you suspect that you have spyware installed on your computer, here are instructions on how to download, install and then use Spybot. Similar to Ad-Aware, I strongly recommend both to catch most spyware.
To protect yourself further:
  • Spyad <= IE/Spyad places over 4000 websites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites.
  • MVPS Hosts file <= The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your coputer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer
  • Google Toolbar <= Get the free google toolbar to help stop pop up windows.
And also see TonyKlein's good advice
So how did I get infected in the first place? (My Favorite)

Regards,

Trevuren
  • 0

#21
Trevuren
Posted 29 March 2006 - 10:55 PM

Trevuren

    Old Dog

  • Retired Staff
  • 18,699 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :whistling:

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP