Mobile/PDA About Us Advertise here
User User name Password  
  Not registered yet? Register here.
Lost your password? Click here. 		 
  Home   News   Guides   Downloads   Glossary   Hardware   Profiles   Forums   v4  
 Advertise at AfterDawn.com     Link to us!     Private messages     Compose a private message     List of all updated threads     Threads without replies     Search messages
Thursday 30.1.2025 / 17:29
Search AfterDawn Forums:        In English   Suomeksi   På svenska
afterdawn.com > forums > software, operating systems and more > windows - virus and spyware problems > do you have adware, spyware, virus/trojan or a browser hijacker?
Show topics
 
Forums
Forums
Do you have Adware, Spyware, Virus/Trojan or a Browser Hijacker?
  Jump to:
 
Posted Message
Page:< Previous12345678... Next >Last >>
eLeCTR0n
Member
_ 		4. May 2005 @ 03:14 _ Link to this message    Send private message to this user   
@camstuf
Quote:
Last time I used FireFox, none of my bookmarks/favorites worked anymore. And my WIFI would not work on my laptop.
When you install Firefox the first time you open it, it will ask you if want to import your bookmarks from Internet Explorer or other browsers. You can even use the importing wizard to import them later if you don't import them the first time you run it. If you don't import your bookmarks then they obviously wouldn't be there.

Now Firefox is only a web browsing software. It has nothing to do with network connections whether it's a LAN, WAN, Internet, or WiFi. Firefox only uses the connection to communicate with servers nothing more. So Firefox had nothing to do with your WiFi problem.

[ + quote]

This message has been edited since posting. Last time this message was edited on 5. May 2005 @ 03:22
Advertisement
_ 		__
camstuf
Suspended permanently
_ 		5. May 2005 @ 02:57 _ Link to this message    Send private message to this user   
@eLeCTR0n, Thanks for the great info, I may try it.
[ + quote]


Emachines: T2865/AMD Athlon? XP 2800+ Processor (2.083 GHz)
NVIDIA® nForce?2/160 GB HDD/512 MB DDR (PC 2700)
DVD +/- RW Drive CD-ROM Drive; 3.5" 1.44MB FDD;
8-in-1 Media Reader/
rx29
Junior Member
_ 		15. May 2005 @ 10:54 _ Link to this message    Send private message to this user   
hi! two nights ago, everything,(and I mean EVERYTHING), deleted off my computer in less than 15 seconds. I couldn't exit, all system programs, files and registry were sucked down the vortex. I rebooted with the manufacturers disc. However, since that time I can't get on the internet for half of the time, and applications freeze, end program doesn't work. I scaned with every program I could get my hands on, all are clear, no spyware found,virus,cookies, temp files, all compatable. I use gateway 505 with windows XP. Tried avast,sygate,adaware,spybot search and destroy,peerguardian,nod,mru blocker,ect..any ideas, other than "boy, are you screwed!?"
[ + quote]
eLeCTR0n
Member
_ 		15. May 2005 @ 15:06 _ Link to this message    Send private message to this user   
rx29

Since everything got deleted already, you should just do a fresh install and reinstall everything. Boot with Windows XP cd or the cd that came with your computer then choose New/Fresh install and format you harddrive with NTFS (not quick), Your computer will go back to how it was when you first bought it. Afterwards, make sure this doesn't happen again by doing the following:

1) don't go online with an administrator account, create a restricted/normal user and use that for the Internet
2) always have an antivirus running and check housecall.trendmicro.com regularly to check for malicious software
3) have at least 1 firewall enabled if you don't have any 3rd party firewalls just turn on the windows xp firewall
4) update windows at least weekly or turn on auto-updates
5) use Firefox and never use IE unless you must
6) delete temp files, cookies and web files regularly
7) use an anti-spyware/adware program like Webroot spysweeper
8) never run an executable (.exe) program u get in an email or from internet unless you exactly what it is and what it's going to do

These are just some things i can think of right now.
let me know what happens with you
[ + quote]

This message has been edited since posting. Last time this message was edited on 16. May 2005 @ 19:54
ddp
Moderator
_ 		15. May 2005 @ 15:30 _ Link to this message    Send private message to this user   
[ + quote]
rx29
Junior Member
_ 		18. May 2005 @ 20:38 _ Link to this message    Send private message to this user   
Thanks- I rebooted- I didn't know about administrater account; I lost the internet again! It said it couldn't find a server code; strangely, I deleted my ups program and it is back. I got an external memory unit-so if it's screwed I don't have to totally panic. Computers are so touchy! Hey, have you heard of a program that makes a ghost image of one's system- does it work, is it safe? Any way to be completely invisable? Have a good night!
[ + quote]
eLeCTR0n
Member
_ 		18. May 2005 @ 20:53 _ Link to this message    Send private message to this user   
Yes, the best 2 programs known for this are:

- Acronis True Image
more info here:
http://www.acronis.com/homecomputing/products/trueimage

- Norton Ghost
more here:
http://www.symantec.com/sabu/ghost/ghost_personal

[ + quote]
dipset121
Member
_ 		19. May 2005 @ 20:21 _ Link to this message    Send private message to this user   
this is my hijack log file what do i have to take out???

Logfile of HijackThis v1.99.1
Scan saved at 12:15:28 AM, on 5/20/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\ASUS\Probe\AsusProb.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\Ahead\NEROPH~1\data\xtras\mssysmgr.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\Tonya\LOCALS~1\Temp\Rar$EX00.828\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://free.aol.com/tryaolfree/index.adp?promo=564240&service=aol
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {C370527A-24A7-4583-BE01-72E59000EB17} - C:\WINDOWS\system32\n.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [C:\WINDOWS\VCMnet11.exe] C:\WINDOWS\VCMnet11.exe
O4 - HKLM\..\Run: [Sysnet] C:\WINDOWS\System32\snuninst.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [4F3f3pj] danrrenu.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [checkrun] C:\windows\system32\eliteyca32.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Ahead\NEROPH~1\data\xtras\mssysmgr.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [LospRfH9V] wpaprop2.exe
O4 - HKCU\..\Run: [qkmi] C:\PROGRA~1\COMMON~1\qkmi\qkmim.exe
O4 - Global Startup: AdwareFilter Background Protection.lnk = C:\Program Files\AdwareFilter\adwarefilter.exe
O4 - Global Startup: WinZIP Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 - DPF: {47CD99DF-8BCF-4B9B-94EF-02E51B2F79DA} - http://www.alwaysupdatednews.com/install/aun_0027.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x8...
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicr...
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: InCD Helper (read only) (InCDsrvR) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe (file missing)
[ + quote]
eLeCTR0n
Member
_ 		19. May 2005 @ 23:00 _ Link to this message    Send private message to this user   
@ dipset121

Have you thought about doing what has been told to other people on the thread?


[ + quote]
dipset121
Member
_ 		19. May 2005 @ 23:55 _ Link to this message    Send private message to this user   
@eLeCTR0n

yea i tried everything i dont no how but its not sending me there any more i just cant look at pictures on websites now it keeps saying **page not found or something about changing my browser settings with netscape, internet explorer and FireFox none of them will let me view pictures or animation can u tell me how i can fix that problem so that i can view that content again??
[ + quote]
eLeCTR0n
Member
_ 		20. May 2005 @ 00:46 _ Link to this message    Send private message to this user   
ok i am not sure i get what you're saying. Your IE web browser doesnt show any pictures? and you tried different browsers like netscape and firefox and still you cant see any pictures with any browser?

or do you get the page not found error and cant go to any site?

[ + quote]

This message has been edited since posting. Last time this message was edited on 20. May 2005 @ 00:47
CJC
Senior Member
_ 		20. May 2005 @ 02:21 _ Link to this message    Send private message to this user   
Hi
Sorry have been real busy lately, so if anybody i have missed, just let me know.

@dipset121

Put a tick in, and remove the following:

O2 - BHO: (no name) - {C370527A-24A7-4583-BE01-72E59000EB17} - C:\WINDOWS\system32\n.dll
O4 - HKLM\..\Run: [C:\WINDOWS\VCMnet11.exe] C:\WINDOWS\VCMnet11.exe
O4 - HKLM\..\Run: [Sysnet] C:\WINDOWS\System32\snuninst.exe
O4 - HKLM\..\Run: [4F3f3pj] danrrenu.exe
O4 - HKLM\..\Run: [checkrun] C:\windows\system32\eliteyca32.exe
O4 - HKCU\..\Run: [LospRfH9V] wpaprop2.exe
O4 - HKCU\..\Run: [qkmi] C:\PROGRA~1\COMMON~1\qkmi\qkmim.exe
O4 - Global Startup: AdwareFilter Background Protection.lnk = C:\Program Files\AdwareFilter\adwarefilter.exe
O16 - DPF: {47CD99DF-8BCF-4B9B-94EF-02E51B2F79DA} - http://www.alwaysupdatednews.com/install/aun_0027.exe
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe (file missing)

CJC
[ + quote]
brandonb
Member
_ 		25. May 2005 @ 21:14 _ Link to this message    Send private message to this user   
i didn't exactly know where to post this but i figure this is the best spot i could find. when i first bought my computer i had it connected to insightbb which is cable internet. i had no problems with pop up ads when i switched from using internet explorer as my default browser to FireFox because of its built in pop up blocker. but since then i moved back in with my mom and she has zoomtown broadband internet through her telephone company. i use ad aware se personal and spybot search and destroy frequently, i did have the norton that came with my comp but it expired a month before i moved. i hate pop ups and i dont understand why they are popping up like before when i used internet explorer. it just really urks me, if anyone has any advice on how to keep these pop ups from just popping up like this please inform me. also, all the pop up windows are named aurora no matter what the content of the window is. i also keep getting a message box titled internet explorer script error popping up saying an error has occured in the script on this page and i dont even use internet explorer. line: 104 char: 9 error: syntax error code: 0 url: http//img.gotomypc.com/tr/ss/G2Pers/anthing? target=mm/g25secure4lp.tmpl
[ + quote]
eLeCTR0n
Member
_ 		26. May 2005 @ 01:12 _ Link to this message    Send private message to this user   
@brandonb

make sure you are running the latest FireFox version. Try uninstalling FireFox then install the newest version.

[ + quote]
alan84
Newbie
_ 		26. May 2005 @ 03:41 _ Link to this message    Send private message to this user   
hi all.... can anyone please help with this hijack logfile?
much appreciated

Logfile of HijackThis v1.99.1
Scan saved at 12:32:35, on 26/05/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\S3hotkey.exe
C:\WINDOWS\system32\S3tray2.exe
C:\WINDOWS\system32\pctspk.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
C:\Program Files\Mzfgm\Owpta.exe
C:\WINDOWS\system32\nsvsvc\nsvsvc.exe
C:\WINDOWS\system32\picsvr\picsvr.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Program Files\Messenger\msmsgs.exe
c:\windows\system32\efpxjyl.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Alan\Desktop\HJT\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://line-plus.com/search/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.couldnotfind.com/search_page.html?&account_id=153510
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.couldnotfind.com/search_page.html?&account_id=153510
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.timesupport.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ipdjyg.t.muxa.cc/s.php?aid=581 (obfuscated)
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ipdjyg.t.muxa.cc/h.php?aid=581 (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.couldnotfind.com/search_page.html?&account_id=153510
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = http://ipdjyg.t.muxa.cc/h.php?aid=581 (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = http://ipdjyg.t.muxa.cc/h.php?aid=581 (obfuscated)
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O1 - Hosts: 69.20.16.183 auto.search.msn.com
O1 - Hosts: 69.20.16.183 search.netscape.com
O1 - Hosts: 69.20.16.183 ieautosearch
O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\nem220.dll (file missing)
O2 - BHO: BHObj Class - {8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} - C:\WINDOWS\wsem303.dll (file missing)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: CWebDirObj Object - {C003C49F-53E4-4A72-B7D6-0B2B9997392F} - C:\WINDOWS\webdir.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [S3hotkey] S3hotkey.exe
O4 - HKLM\..\Run: [S3TRAY2] S3tray2.exe
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [ESB] C:\WINDOWS\System32\ESB.exe
O4 - HKLM\..\Run: [Supastatus] C:\Program Files\Internet Explorer\Connection Wizard\status.exe
O4 - HKLM\..\Run: [EPSON Stylus C42 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C42 Series" /O6 "USB001" /M "Stylus C42"
O4 - HKLM\..\Run: [Openwares LiveUpdate] C:\Program Files\LiveUpdate\LiveUpdate.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [Vusdu] C:\Program Files\Mzfgm\Owpta.exe
O4 - HKLM\..\Run: [motoin] C:\WINDOWS\mm15201518.Stub.exe
O4 - HKLM\..\Run: [Nsv] C:\WINDOWS\system32\nsvsvc\nsvsvc.exe
O4 - HKLM\..\Run: [picsvr] C:\WINDOWS\system32\picsvr\picsvr.exe
O4 - HKLM\..\Run: [ASDPLUGIN] C:\WINDOWS\system32\dsldbaccess.exe -N
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [szctvvc] c:\windows\system32\efpxjyl.exe
O4 - HKCU\..\Run: [EPSON Stylus C42 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /A "C:\WINDOWS\system32\E_S5F.tmp"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Corel Network monitor worker - {1AA145B5-2BC2-452A-A331-1AA7C80B904F} - C:\WINDOWS\System32\intlmain.dll
O9 - Extra button: Corel Network monitor worker - {8A02B6AC-5826-4FF8-8D3F-F1D036CE6BAF} - C:\WINDOWS\System32\intlmain.dll
O9 - Extra 'Tools' menuitem: Corel Network monitor worker - {8A02B6AC-5826-4FF8-8D3F-F1D036CE6BAF} - C:\WINDOWS\System32\intlmain.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Corel Network monitor worker - {1AA145B5-2BC2-452A-A331-1AA7C80B904F} - (no file) (HKCU)
O9 - Extra button: Corel Network monitor worker - {8A02B6AC-5826-4FF8-8D3F-F1D036CE6BAF} - C:\WINDOWS\System32\intlmain.dll (HKCU)
O9 - Extra 'Tools' menuitem: Corel Network monitor worker - {8A02B6AC-5826-4FF8-8D3F-F1D036CE6BAF} - C:\WINDOWS\System32\intlmain.dll (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.timesupport.com
O15 - Trusted Zone: *.media-motor.net
O15 - Trusted Zone: *.popuppers.com
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/DownloadAccess/ie/bridge-c10.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCent...
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {30CE93AE-4987-483C-9ABE-F2BD5301AB70} - http://64.158.165.49/output/100039/uk/dbgames/dsldbaccess.exe
O16 - DPF: {7149E79C-DC19-4C5E-A53C-A54DDF75EEE9} (IObjSafety.DemoCtl) - http://cabs.media-motor.net/cabs/diamond.cab
O16 - DPF: {FFFF0003-0001-101A-A3C9-08002B23E0CC} - http://direct.data-line.us/gbn263.exe
O16 - DPF: {FFFF0003-0001-101A-A3C9-08002B23E0CD} - http://direct.data-line.us/gbn263.exe
O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
[ + quote]
eLeCTR0n
Member
_ 		26. May 2005 @ 04:11 _ Link to this message    Send private message to this user   
remove

O4 - HKLM\..\Run: [ESB] C:\WINDOWS\System32\ESB.exe
O4 - HKLM\..\Run: [Supastatus] C:\Program Files\Internet Explorer\Connection Wizard\status.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [motoin] C:\WINDOWS\mm15201518.Stub.exe
O4 - HKLM\..\Run: [Nsv] C:\WINDOWS\system32\nsvsvc\nsvsvc.exe
O4 - HKLM\..\Run: [picsvr] C:\WINDOWS\system32\picsvr\picsvr.exe
O4 - HKLM\..\Run: [szctvvc] c:\windows\system32\efpxjyl.exe

also make sure you follow the insructions told to other people like using: http://housecall.trendmicro.com and FireFox and keep up with windows updates.
[ + quote]
alan84
Newbie
_ 		26. May 2005 @ 08:59 _ Link to this message    Send private message to this user   
okey dokey - cheers for that....
i still have a virus - ied_s7 which norton cant seem to remove???

heres the hijack logfile after removing the stuff previously

cheers

Logfile of HijackThis v1.99.1
Scan saved at 17:55:05, on 26/05/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\S3hotkey.exe
C:\WINDOWS\system32\S3tray2.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
C:\Program Files\Mzfgm\Owpta.exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Alan\Desktop\HJT\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://line-plus.com/search/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.couldnotfind.com/search_page.html?&account_id=153510
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.couldnotfind.com/search_page.html?&account_id=153510
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.timesupport.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ipdjyg.t.muxa.cc/s.php?aid=581 (obfuscated)
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ipdjyg.t.muxa.cc/h.php?aid=581 (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.couldnotfind.com/search_page.html?&account_id=153510
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = http://ipdjyg.t.muxa.cc/h.php?aid=581 (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = http://ipdjyg.t.muxa.cc/h.php?aid=581 (obfuscated)
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O1 - Hosts: 69.20.16.183 auto.search.msn.com
O1 - Hosts: 69.20.16.183 search.netscape.com
O1 - Hosts: 69.20.16.183 ieautosearch
O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\nem220.dll (file missing)
O2 - BHO: BHObj Class - {8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} - C:\WINDOWS\wsem303.dll (file missing)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: CWebDirObj Object - {C003C49F-53E4-4A72-B7D6-0B2B9997392F} - C:\WINDOWS\webdir.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [S3hotkey] S3hotkey.exe
O4 - HKLM\..\Run: [S3TRAY2] S3tray2.exe
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [EPSON Stylus C42 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C42 Series" /O6 "USB001" /M "Stylus C42"
O4 - HKLM\..\Run: [Openwares LiveUpdate] C:\Program Files\LiveUpdate\LiveUpdate.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [Vusdu] C:\Program Files\Mzfgm\Owpta.exe
O4 - HKLM\..\Run: [ASDPLUGIN] C:\WINDOWS\system32\dsldbaccess.exe -N
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [htjduse] c:\windows\system32\urfvfj.exe
O4 - HKCU\..\Run: [EPSON Stylus C42 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /A "C:\WINDOWS\system32\E_S5F.tmp"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: Corel Network monitor worker - {1AA145B5-2BC2-452A-A331-1AA7C80B904F} - C:\WINDOWS\System32\intlmain.dll
O9 - Extra button: Corel Network monitor worker - {8A02B6AC-5826-4FF8-8D3F-F1D036CE6BAF} - C:\WINDOWS\System32\intlmain.dll
O9 - Extra 'Tools' menuitem: Corel Network monitor worker - {8A02B6AC-5826-4FF8-8D3F-F1D036CE6BAF} - C:\WINDOWS\System32\intlmain.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Corel Network monitor worker - {1AA145B5-2BC2-452A-A331-1AA7C80B904F} - (no file) (HKCU)
O9 - Extra button: Corel Network monitor worker - {8A02B6AC-5826-4FF8-8D3F-F1D036CE6BAF} - C:\WINDOWS\System32\intlmain.dll (HKCU)
O9 - Extra 'Tools' menuitem: Corel Network monitor worker - {8A02B6AC-5826-4FF8-8D3F-F1D036CE6BAF} - C:\WINDOWS\System32\intlmain.dll (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.timesupport.com
O15 - Trusted Zone: *.media-motor.net
O15 - Trusted Zone: *.popuppers.com
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/DownloadAccess/ie/bridge-c10.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCent...
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {30CE93AE-4987-483C-9ABE-F2BD5301AB70} - http://64.158.165.49/output/100039/uk/dbgames/dsldbaccess.exe
O16 - DPF: {7149E79C-DC19-4C5E-A53C-A54DDF75EEE9} (IObjSafety.DemoCtl) - http://cabs.media-motor.net/cabs/diamond.cab
O16 - DPF: {FFFF0003-0001-101A-A3C9-08002B23E0CC} - http://direct.data-line.us/gbn263.exe
O16 - DPF: {FFFF0003-0001-101A-A3C9-08002B23E0CD} - http://direct.data-line.us/gbn263.exe
O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
[ + quote]
CJC
Senior Member
_ 		26. May 2005 @ 13:45 _ Link to this message    Send private message to this user   
@alan84

Put a tick in, and remove the following:

C:\Program Files\Mzfgm\Owpta.exe
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://line-plus.com/search/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.couldnotfind.com/search_page.html?&account_id=153510
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.couldnotfind.com/search_page.html?&account_id=153510
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.timesupport.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ipdjyg.t.muxa.cc/s.php?aid=581 (obfuscated)
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ipdjyg.t.muxa.cc/h.php?aid=581 (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.couldnotfind.com/search_page.html?&account_id=153510
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = http://ipdjyg.t.muxa.cc/h.php?aid=581 (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = http://ipdjyg.t.muxa.cc/h.php?aid=581 (obfuscated)
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O1 - Hosts: 69.20.16.183 auto.search.msn.com
O1 - Hosts: 69.20.16.183 search.netscape.com
O1 - Hosts: 69.20.16.183 ieautosearch
O2 - BHO: CWebDirObj Object - {C003C49F-53E4-4A72-B7D6-0B2B9997392F} - C:\WINDOWS\webdir.dll
O4 - HKLM\..\Run: [Vusdu] C:\Program Files\Mzfgm\Owpta.exe
O4 - HKLM\..\Run: [ASDPLUGIN] C:\WINDOWS\system32\dsldbaccess.exe -N
O4 - HKLM\..\Run: [htjduse] c:\windows\system32\urfvfj.exe
O15 - Trusted Zone: *.media-motor.net
O15 - Trusted Zone: *.popuppers.com
O16 - DPF: {30CE93AE-4987-483C-9ABE-F2BD5301AB70} - http://64.158.165.49/output/100039/uk/dbgames/dsldbaccess.exe
O16 - DPF: {FFFF0003-0001-101A-A3C9-08002B23E0CC} - http://direct.data-line.us/gbn263.exe
O16 - DPF: {FFFF0003-0001-101A-A3C9-08002B23E0CD} - http://direct.data-line.us/gbn263.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe

CJC
[ + quote]
duraglo
Suspended due to non-functional email address
_ 		28. May 2005 @ 05:28 _ Link to this message    Send private message to this user   
Okay,i just downloaded ad aware sepersonal and it automatically scan itself.After that,i went to the next page and quarantine itself,some was highly infected.My question is should i delete all those been quarantined files??
Also,which is better,Privacy mantra or ccleaner??
[ + quote]
rx29
Junior Member
_ 		28. May 2005 @ 07:39 _ Link to this message    Send private message to this user   
Hi! I wouldn't delete just yet. Quarantine, backup your files then delete if you want to. Good luck!
[ + quote]
eLeCTR0n
Member
_ 		28. May 2005 @ 10:32 _ Link to this message    Send private message to this user   
if you're not missing anything and everything still works fine after you quarantined the files, it should be safe to delete them.

[ + quote]
brandonb
Member
_ 		29. May 2005 @ 11:30 _ Link to this message    Send private message to this user   
*electron
i uninstalled mozilla FireFox and shut down my computer and next time i started it up i installed it. i don't understand where the hell all these pop ups are comming from, they're relentless. i run ad aware se personal, spybot s&d, and spyware blaster almost every time i get on my computer.
[ + quote]
DopeFreak
Member
_ 		29. May 2005 @ 11:33 _ Link to this message    Send private message to this user   
Get mcaffe antispyware it gets rid of major spyware unlike adaware se and all those other ones.
[ + quote]
Butterfly
itarroso
Newbie
_ 		31. May 2005 @ 10:24 _ Link to this message    Send private message to this user   
can someone help me with this?
Spybot found some registry keys and values related to backweb lite. It couldn't remove them all, so I removed the remaining 2 by myself. I don't think it's solved yet, so here is my hijackthis log:

Logfile of HijackThis v1.99.0
Scan saved at 19:16:26, on 31-05-2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programas\Ficheiros comuns\EPSON\EBAPI\eEBSVC.exe
C:\Programas\Alwil Software\Avast4\aswUpdSv.exe
C:\Programas\Alwil Software\Avast4\ashServ.exe
C:\Programas\Cisco Systems\VPN Client\cvpnd.exe
C:\Programas\Ficheiros comuns\EPSON\EBAPI\SAgent2.exe
C:\Programas\Ficheiros comuns\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\Programas\Virtual CD v4 SDK\system\vcssecs.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\4mtcsb.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programas\Ficheiros comuns\Real\Update_OB\realsched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Programas\MSN Messenger\msnmsgr.exe
C:\Programas\Sitecom\Sitecom WLAN\WLANUTL.exe
C:\Programas\Alwil Software\Avast4\ashWebSv.exe
C:\Programas\Cisco Systems\VPN Client\vpngui.exe
C:\Programas\eMule\Incoming\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://proxy.uminho.pt/proxy.pac
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [ESB] C:\WINDOWS\system32\ESB.exe
O4 - HKLM\..\Run: [4mtcsb] C:\WINDOWS\system32\4mtcsb.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Programas\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programas\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Programas\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Programas\F-Secure\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [VCSPlayer] "C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Programas\Ficheiros comuns\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programas\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Programas\Creative\Shared Files\CAMTRAY.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [EPSON Stylus CX3200] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P19 "EPSON Stylus CX3200" /O6 "USB001" /M "Stylus CX3200"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Programas\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programas\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Sitecom WLAN Client Utility.lnk = ?
O4 - Global Startup: VPN Client.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://www.lizardtech.com/download/files/win/djvuplugin/en_US/DjV...
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{18E8E64D-1446-4676-8945-E157DD142E0E}: NameServer = 194.100.224.2,194.100.224.4
O17 - HKLM\System\CCS\Services\Tcpip\..\{775B801D-F9F2-444B-BD42-A6EED89C13F9}: NameServer = 193.137.17.6,193.137.17.46
O17 - HKLM\System\CS1\Services\Tcpip\..\{18E8E64D-1446-4676-8945-E157DD142E0E}: NameServer = 194.100.224.2,194.100.224.4
O17 - HKLM\System\CS2\Services\Tcpip\..\{18E8E64D-1446-4676-8945-E157DD142E0E}: NameServer = 194.100.224.2,194.100.224.4
O23 - Service: avast! iAVS4 Control Service - Unknown - C:\Programas\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - Unknown - C:\Programas\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programas\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programas\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Cisco Systems, Inc. VPN Service - Cisco Systems, Inc. - C:\Programas\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: EpsonBidirectionalService - Unknown - C:\Programas\Ficheiros comuns\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 - SEIKO EPSON CORPORATION - C:\Programas\Ficheiros comuns\EPSON\EBAPI\SAgent2.exe
O23 - Service: F-Secure Network Request Broker - Unknown - C:\Programas\F-Secure\Common\FNRB32.EXE (file missing)
O23 - Service: F-Secure Management Agent - Unknown - C:\Programas\F-Secure\Common\FSMA32.EXE (file missing)
O23 - Service: SmartLinkService - Unknown - slserv.exe (file missing)
O23 - Service: Virtual CD v4 Security service (SDK - Version) - H+H Software GmbH - C:\Programas\Virtual CD v4 SDK\system\vcssecs.exe

Thanks for any help!
[ + quote]
Advertisement
_ 		__
 
_
JP1357
Suspended due to non-functional email address
_ 		31. May 2005 @ 14:48 _ Link to this message    Send private message to this user   
CounterSpy had the highest detection rate in our tests. The most effective scanner--CounterSpy--was also the fastest, taking only a minute to perform a complete scan of a system with 2.7GB of data. Sunbelt Software's CounterSpy proved the most capable of the bunch, finding and stopping 93 percent of all the running processes created by our 45 test programs."
? PCWorld, April 2005 and they offer a 15 day trial period. It's only $20.00 for a year and you get a 15 day money back guarantee! Check it out at www.sunbelt.com
[ + quote]
 
Page:< Previous12345678... Next >Last >>
afterdawn.com > forums > software, operating systems and more > windows - virus and spyware problems > do you have adware, spyware, virus/trojan or a browser hijacker?
 

Digital video: AfterDawn.com | AfterDawn Forums
Music: MP3Lizard.com
Gaming: Blasteroids.com | Blasteroids Forums | Compare game prices
Software: Software downloads
Blogs: User profile pages
RSS feeds: AfterDawn.com News | Software updates | AfterDawn Forums
International: AfterDawn in Finnish | AfterDawn in Swedish | AfterDawn in Norwegian | download.fi
Navigate: Search | Site map
About us: About AfterDawn Ltd | Advertise on our sites | Rules, Restrictions, Legal disclaimer & Privacy policy
Contact us: Send feedback | Contact our media sales team
 
  © 1999-2025 by AfterDawn Ltd.

  IDG TechNetwork