Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Browser setting changes


  • This topic is locked This topic is locked
8 replies to this topic

#1 Viking

Viking

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:58 AM

Posted 16 August 2005 - 05:55 PM

Hello forum members,

I have had the unpleasant experience of Home Search Assistant on my computer and after reading all I could on the various forums etc. attempted to remove it.
I have been running multiple scans with my virus checker (Avast), Adaware, Spybot, Hitman Pro 2 (repeating the spyware scans), then BHO Deamon 2.0, About Buster and HS remove. I also ran Ewido scans (all clean) and installed the MS Antispyware Beta version. The latter indicates that every time I start IE an attempt is made to change the browser setting to trusted sites like eblv.com , ebky.com etc. which I block. I have set in Microsoft Antispyware the current and restore browser settings to my standard browser page (Startpagina.nl - indeed, I am a "cloggy").

I have the impression I have some control over what this remaining part of HSA is doing on my computer but I am desperately in need of expert advice to get rid of it completely. Please help.

Following is my latest HijackThis log:

Logfile of HijackThis v1.99.1
Scan saved at 0:19:14, on 17-8-2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\PurgeIE\PurgeIE_Service.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\system32\UStorSrv.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\mHotkey.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.startpagina.nl
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.startpagina.nl
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKCU\..\Run: [PurgeIE] "C:\PROGRA~1\PURGEIE\PURGEIE.EXE" BOOT
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} (Anonymizer Anti-Spyware Scanner) - http://download.zonelabs.com/bin/promotion...ctor/WebAAS.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: PurgeIE XP Service (PurgeIEservice) - Assistance & Resources for Computing, Inc. - C:\Program Files\PurgeIE\PurgeIE_Service.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: UStorage Server Service - OTi - C:\WINDOWS\system32\UStorSrv.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

BC AdBot (Login to Remove)

 


#2 JG427

JG427

  • Members
  • 241 posts
  • OFFLINE
  •  
  • Local time:04:58 AM

Posted 19 August 2005 - 09:03 PM

Hi, Viking.

It appears that Home Search Assistant is no longer active on your system.
The sites you mentioned, eblv.com and ebky.com are lop sites..

I don't see any lop entries in your log, but Lop sometimes leaves entries set to run in task scheduler. The following batch file will find and list all scheduled tasks.

Download and unzip to one folder:
http://metallica.geekstogo.com/findlop.zip

Inside the folder find findlop.bat
Doubleclick it and it will create the file C:\findlop.txt
Find that file and copy the content into your next post.

If you prefer, you can check for the scheduled tasks manually.
Navigate to C:\WINDOWS\Tasks and open the tasks folder.
Check for and delete any lop jobs found, several could be listed similar to
randomlopname123.job
randomlopname456.job
randomlopname789.job

Have any bad entries returned since you posted the hijackthis log?
Scan with hijackthis and post a fresh log for another look.
Posted Image

#3 JG427

JG427

  • Members
  • 241 posts
  • OFFLINE
  •  
  • Local time:04:58 AM

Posted 13 September 2005 - 09:34 AM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team
a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
Posted Image

#4 JG427

JG427

  • Members
  • 241 posts
  • OFFLINE
  •  
  • Local time:04:58 AM

Posted 03 April 2006 - 07:17 PM

Topic reopened by Vikings request.

Viking, I will post the contents of your request to reopen the topic here for access to your latest information in this thread.

Dear JG,
This is a request to re-open the topic of the above title, dated 13 Sept 2005 to member Viking. The last addressed issues were LOP problems about which I now have some feedback.

I have been on the move from Copenhagen to Holland since early September 2005 and the computer with the reported problem has been in storage until Feb 2006.
After setting the computer up again, all programme updates were carried out and a series of scans were carried out. AdAware, Spybot Search and Destroy, Spyware doctor, MS AntiSpyware Beta version, Ewido, Avast, Hitman Pro2, etc, all gave a report that the computer war clean. However, every time I restarted the computer MS AntiSpyware gave the warning that a trusted site requested permission to obtain a reduced security level. These were the LOP sites as listed at, for example, www.spyany.com/program/article_spy_rm_Lop.html. It just ran down the series as listed at that site. Obviously I blocked them each time this occurred at re-boot.

At long last It dawned on me that somehow the register played a role here and through regedit I made made a register search for one of these LOP site names, in this event iddh.com. The result was amazing.
At the location HKEY_USERS\DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet settings\ZoneMap\Domains I found all the LOP site addresses as at the website mentioned above, including several HUNDREDS more, e.g. roulette.net, x-google.net, gator.com, LOP.com and numerous XXX sites.
The same list was found at HKEY_LOCAL_MACHINE\.....\Internet Settings\P3P\History. Once more in HKEY_USERS etc at multiple locations.

I deleted the folders holding these listings until all were gone and the searches come out clean. I was desperate enough to take the risk to wreck the register.

The good news is that I have not seen any warnings from MS AntiSpyware since (one week ago and many re-boots). The bad news is that I just noticed that all the rubbish is back again in the register.

I am desperately in need of some good advice and instructions and I am seriously puzzled why the collective spyware programmes do not pick this up in a register as pest invested as mine.

Looking forward to hear some wise words,
Best regards,
Viking.
Posted Image

#5 JG427

JG427

  • Members
  • 241 posts
  • OFFLINE
  •  
  • Local time:04:58 AM

Posted 03 April 2006 - 07:53 PM

Hello again, Viking.

At the location HKEY_USERS\DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet settings\ZoneMap\Domains I found all the LOP site addresses as at the website mentioned above, including several HUNDREDS more, e.g. roulette.net, x-google.net, gator.com, LOP.com and numerous XXX sites.


I have those sites listed in my registry as well. They were probably add by a protection program such as spyware blaster or spybot.
The REG_DWORD value determines which are good or bad entries. The data value of 0X0000004 means the site listed will be placed in the restricted zone of internet explorer.
Your security settings will be increased when you visit such a site. You should notice the small red restricted icon in the lower right corner of internet explorer at these sites.

The same list was found at HKEY_LOCAL_MACHINE\.....\Internet Settings\P3P\History.


This is similar to the restricted sites, except it prevents ad/tracking cookies if the dword value listed on the right is set to 5.
I think that the immunize function in spybot search and destroy sets both of these in your registry.
Open spybot and click immunize, then check the dword values at the registry keys.

More information is listed at this microsoft site.
Description of Internet Explorer security zones registry entries


We didn't finish checking for lop on your sytem.
Click here to download fl.zip to check for any remaining lop files.
Unzip then double click fl.bat to run it.
Copy the contents of findlop.txt that will open, then post it herein your next reply.

Also, scan with hijackthis and post a fresh log.
Posted Image

#6 Viking

Viking
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:58 AM

Posted 04 April 2006 - 06:00 PM

JG,

Thank you for reopening this topic.
Indeed you were completely right, the register listings were the result of the imunize action in Spybot S&D, and the register values indeed indicate values of 4 and 5, so blocking these sites. That is great news as I did see the same on my other computers with W98SE.

Back to the LOP sites action. Here are the logs of findlop.txt and hijackthis. I see it also shows my XP version is in the Dutch language. I take it you can easily crack that.

De volumenaam van station C is BOOT
Het volumenummer is 08AC-1C85

Map van C:\Documents and Settings\Administrator\Application Data

22-02-2006 13:04 <DIR> .
22-02-2006 13:04 <DIR> ..
15-02-2004 17:32 <DIR> Adobe
13-02-2004 18:19 <DIR> Ahead
23-02-2004 10:52 <DIR> Cyberlink
13-02-2004 15:23 <DIR> Help
14-02-2004 00:48 <DIR> Identities
23-02-2004 20:20 <DIR> InterTrust
15-02-2004 16:38 <DIR> Macromedia
22-02-2006 13:04 <DIR> Mozilla
22-02-2006 12:38 <DIR> PC Tools
22-02-2006 13:37 <DIR> PurgeIE
23-02-2004 13:33 <DIR> Real
0 bestand(en) 0 bytes
13 map(pen) 37.612.474.368 bytes beschikbaar
De volumenaam van station C is BOOT
Het volumenummer is 08AC-1C85

Map van C:\Documents and Settings\All Users\Application Data

13-01-2006 18:42 <DIR> .
13-01-2006 18:42 <DIR> ..
03-02-2006 21:29 <DIR> Adobe
13-02-2004 18:17 <DIR> Ahead
22-02-2004 17:19 <DIR> CyberLink
30-05-2004 15:26 <DIR> MSN6
13-02-2004 18:22 <DIR> muvee Technologies
13-01-2006 18:42 <DIR> My Pictures
13-01-2006 18:42 <DIR> Sony Ericsson
05-04-2006 00:30 <DIR> Spybot - Search & Destroy
11-01-2006 15:26 <DIR> Windows Genuine Advantage
0 bestand(en) 0 bytes
11 map(pen) 37.612.474.368 bytes beschikbaar
De volumenaam van station C is BOOT
Het volumenummer is 08AC-1C85

Map van C:\Documents and Settings\Default User\Application Data

23-02-2004 20:20 <DIR> .
23-02-2004 20:20 <DIR> ..
15-02-2004 17:32 <DIR> Adobe
13-02-2004 18:19 <DIR> Ahead
23-02-2004 10:52 <DIR> Cyberlink
13-02-2004 15:23 <DIR> Help
14-02-2004 00:48 <DIR> Identities
23-02-2004 20:20 <DIR> InterTrust
15-02-2004 16:38 <DIR> Macromedia
23-02-2004 13:33 <DIR> Real
0 bestand(en) 0 bytes
10 map(pen) 37.612.474.368 bytes beschikbaar
De volumenaam van station C is BOOT
Het volumenummer is 08AC-1C85

Map van C:\Documents and Settings\Eigenaar\Application Data

10-06-2004 21:11 <DIR> .
10-06-2004 21:11 <DIR> ..
10-06-2004 21:11 <DIR> Real
0 bestand(en) 0 bytes
3 map(pen) 37.612.474.368 bytes beschikbaar
De volumenaam van station C is BOOT
Het volumenummer is 08AC-1C85

Map van C:\Documents and Settings\Fred\Application Data

04-04-2006 21:47 <DIR> .
04-04-2006 21:47 <DIR> ..
24-06-2005 18:48 <DIR> Adobe
05-09-2005 17:46 <DIR> AdobeUM
12-02-2005 16:53 <DIR> Ahead
23-02-2004 10:52 <DIR> Cyberlink
08-07-2005 18:09 <DIR> Google
21-08-2004 00:09 <DIR> Help
14-02-2004 00:48 <DIR> Identities
23-02-2004 20:20 <DIR> InterTrust
31-03-2006 11:41 <DIR> Lavasoft
24-06-2005 19:13 <DIR> Leadertech
15-02-2004 16:38 <DIR> Macromedia
01-08-2005 23:13 <DIR> Mozilla
21-02-2006 21:22 <DIR> PC Tools
17-10-2004 15:17 <DIR> PurgeIE
23-02-2004 13:33 <DIR> Real
13-10-2004 17:45 <DIR> Steinberg
15-10-2004 23:53 <DIR> Sun
04-04-2006 21:47 5.752 wklnhst.dat
1 bestand(en) 5.752 bytes
19 map(pen) 37.612.474.368 bytes beschikbaar
De volumenaam van station C is BOOT
Het volumenummer is 08AC-1C85

Map van C:\Documents and Settings\Jose\Application Data

11-03-2006 00:50 <DIR> .
11-03-2006 00:50 <DIR> ..
15-02-2004 17:32 <DIR> Adobe
12-07-2005 20:40 <DIR> AdobeUM
13-02-2004 18:19 <DIR> Ahead
23-02-2004 10:52 <DIR> Cyberlink
13-02-2004 15:23 <DIR> Help
14-02-2004 00:48 <DIR> Identities
23-02-2004 20:20 <DIR> InterTrust
18-07-2005 09:24 <DIR> Lavasoft
15-02-2004 16:38 <DIR> Macromedia
02-08-2005 21:25 <DIR> Mozilla
19-05-2005 21:38 <DIR> MSN6
11-03-2006 00:28 <DIR> PC Tools
03-03-2005 22:09 <DIR> PurgeIE
23-02-2004 13:33 <DIR> Real
02-03-2005 18:58 <DIR> Sun
14-08-2005 22:51 0 wklnhst.dat
1 bestand(en) 0 bytes
17 map(pen) 37.612.470.272 bytes beschikbaar
De volumenaam van station C is BOOT
Het volumenummer is 08AC-1C85

Map van C:\Documents and Settings\LocalService\Application Data

De volumenaam van station C is BOOT
Het volumenummer is 08AC-1C85

Map van C:\Documents and Settings\NetworkService\Application Data

[TRACE] Enumerating jobs and queues


Logfile of HijackThis v1.99.1
Scan saved at 0:45:14, on 5-4-2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\PurgeIE\PurgeIE_Service.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\PROGRA~1\TRISNA~1\SSI\SYSENF~1.EXE
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\UStorSrv.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\mHotkey.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sony Ericsson\Mobile\File Manager\fmgrsrv.exe
C:\PROGRA~1\SONYER~1\Mobile\MOBILE~1\EPMWOR~1.EXE
C:\Program Files\Sony Ericsson\Mobile\File Manager\fmobxsrv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Fred\Mijn documenten\Downloads\Beveiliging\hijackthis_199\HijackThis.exe

O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~2\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - Global Startup: eEye JScript Patch Checker.lnk = C:\Program Files\eEye Digital Security\Jscript Patch\jscriptpatchchecker.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} (Anonymizer Anti-Spyware Scanner) - http://download.zonelabs.com/bin/promotion...ctor/WebAAS.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: PurgeIE XP Service (PurgeIEservice) - Assistance & Resources for Computing, Inc. - C:\Program Files\PurgeIE\PurgeIE_Service.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: SysEnforce - Unknown owner - C:\PROGRA~1\TRISNA~1\SSI\SYSENF~1.EXE
O23 - Service: UStorage Server Service - OTi - C:\WINDOWS\system32\UStorSrv.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

#7 JG427

JG427

  • Members
  • 241 posts
  • OFFLINE
  •  
  • Local time:04:58 AM

Posted 04 April 2006 - 09:21 PM

Your logs are clean. :thumbsup:
The only thing I noticed is your version of Java should be updated.

Click on the start button on the taskbar
Click control panel, then the Java coffee cup icon
Click the update tab and update now.

MS AntiSpyware gave the warning that a trusted site requested permission to obtain a reduced security level


Your hijackthis log does not show any trusted sites listed.
Are you still getting this warning?
Posted Image

#8 Viking

Viking
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:58 AM

Posted 05 April 2006 - 03:32 AM

JG,

Thank you for you good news and scruteny of the system.
I have updated the Java program to the latest version. The automatic update was set at once per month. I have changed that to once per week now.

The good news of no MS Antispyware warnings as mentioned in my previous log has continued and by the look of it it seems to be gone. I have no idea what has done the job (my register delete actions?) but I am glad to be a happy computer user again.

Thank you once more for your support and excellent advice, that is much appreciated.

Best regards,
Viking.

#9 JG427

JG427

  • Members
  • 241 posts
  • OFFLINE
  •  
  • Local time:04:58 AM

Posted 05 April 2006 - 02:24 PM

Glad we could help. :thumbsup:

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread.
This applies only to the original topic starter. Everyone else please begin a New Topic.
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users