Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HJT - firey


  • This topic is locked This topic is locked
7 replies to this topic

#1 firey

firey

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:11:12 AM

Posted 20 December 2004 - 07:39 PM

I posted this before but got no help. I really need some advice to get rid of these search bars etc

Have run spybot and ad-aware

regards

firey



Logfile of HijackThis v1.99.0
Scan saved at 9:33:06 AM, on 21/12/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\CCProxy\CCProxy.exe
C:\Program Files\Messenger Plus! 3\MsgPlus.exe
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Free Download Manager\fdm.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\LightSurf\Common\IconMgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Pinnacle\Shared Files\Programs\Scheduler\PCLEScheduler.exe
C:\Program Files\LightSurf\Colorific\hgcctl95.exe
C:\Program Files\LightSurf\Color Indicator\TICIcon.exe
C:\WINDOWS\twain_32\AVISION\AV260C\SCANER32.EXE
c:\progra~1\intern~1\iexplore.exe
C:\WINDOWS\System32\CTSvcCDA.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Panda Software\Panda Antivirus Platinum\Firewall\PavFires.exe
C:\Program Files\Panda Software\Panda Antivirus Platinum\pavsrv51.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Panda Software\Panda Antivirus Platinum\AVENGINE.EXE
C:\Program Files\Panda Software\Panda Antivirus Platinum\apvxdwin.exe
C:\Program Files\Panda Software\Panda Antivirus Platinum\pavProxy.exe
C:\hijack this\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.eymqvilxgqrzironoha.net/utFe1kh...B93zoMvJ3w8.asp
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: vphclilfgwddtedztubv - {5b70dab2-3128-4b25-826d-c6f49ace75b7} - C:\DOCUME~1\Paul\APPLIC~1\frglozprvly.dll (file missing)
O2 - BHO: (no name) - {7D44E82F-C81C-034D-617B-254FD42E3722} - C:\DOCUME~1\Paul\APPLIC~1\ELSESO~1\inside rect.exe
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: (no name) - {8B8D750B-3555-4891-BDF4-9316CA0796F7} - (no file)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [CCProxy] C:\CCProxy\CCProxy.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [AdminDogNameOwns] C:\Documents and Settings\All Users\Application Data\load style admin dog\playpure.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LoadWatcher] Test
O4 - HKCU\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe -autorun
O4 - HKCU\..\Run: [Firefly] "C:\Program Files\Firefly\Firefly.exe"
O4 - HKCU\..\Run: [heck name] C:\DOCUME~1\Paul\APPLIC~1\JUGSNU~1\setup chin.exe
O4 - Startup: Avision Scanner Utility.lnk = C:\WINDOWS\twain_32\AVISION\AV260C\SCANER32.EXE
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: LightSurf.lnk = C:\Program Files\LightSurf\Common\IconMgr.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Pinnacle Scheduler.lnk = ?
O4 - Global Startup: Printkey2000.lnk = C:\Program Files\PrintKey2000\Printkey2000.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZN
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Download all by Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download by Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Download selected by Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download web site by Free Download Manager - file://C:\Program Files\Free Download Manager\dlpage.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Researcher - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Encarta Researcher\EROPROJ.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by10fd.bay10.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1093219495250
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = homekk
O17 - HKLM\Software\..\Telephony: DomainName = homekk
O17 - HKLM\System\CCS\Services\Tcpip\..\{AFAA4582-670A-41C2-834A-C525D8193B43}: NameServer = 203.12.160.35 203.12.160.36
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = homekk
O18 - Filter: text/html - {4F7681E5-6CAF-478D-9CB8-4CA593BEE7FB} - (no file)
O23 - Service: Adobe LM Service - Unknown - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTSvcCDA.exe
O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Panda Firewall Service - Unknown - C:\Program Files\Panda Software\Panda Antivirus Platinum\Firewall\PavFires.exe
O23 - Service: Panda anti-virus service - Unknown - C:\Program Files\Panda Software\Panda Antivirus Platinum\pavsrv51.exe

BC AdBot (Login to Remove)

 


#2 phawgg

phawgg

    Learning Daily


  • Members
  • 4,543 posts
  • OFFLINE
  •  
  • Location:Washington State, USA
  • Local time:08:12 AM

Posted 20 December 2004 - 11:25 PM

I'll check your log(s). Please post replies to this one only, and it takes me longer than you might expect, firey. Figure 24 hours or so. You might use the "track this topic" feature.
patiently patrolling, plenty of persisant pests n' problems ...

#3 phawgg

phawgg

    Learning Daily


  • Members
  • 4,543 posts
  • OFFLINE
  •  
  • Location:Washington State, USA
  • Local time:08:12 AM

Posted 22 December 2004 - 07:54 PM

firey,
you will lose your Internet connection temporarily during the fix procedure.
Online activity should be done before you follow the steps of the fix itself.
Copy/paste these instructions to a notepad or copy/print the page to your PC so you have them to refer to.
Please read the information provided at the download & "info only" links, also.

Do you use the CCProxy program ? [ http://www.youngzsoft.com/ ]

Messenger Plus! has been known to cause problems.
"Third party MSN Messenger extension that hides banner ads and adds archiving and other useful features.
Appears not to work unless checked, but may be activated after startup.
Not recommended as it includes Lop.com."

It is a plug-in that has included lop.com in the past. Info. It's likely it still does.

The Free Download Manager applications [ http://www.freshdevices.com/ ]
I'd say to uninstall them now, at least until you get a clean log. Then you can try them again.
I will include them in the sequence of steps, but if you want to keep them, simply don't delete them.
Note: I've used the products from this company myself, and didn't much care for the effect they had on my PC.
Those included below are known to cause problems, deletion of them would be a good thing to do.

You need a couple tools. Click the links to download:
System Security Suite Install this program, look it over, read about it, but don't run it quite yet.

You will also need to install Ad-Aware SE Personal 1.05, unless you already have this version.
You should uninstall an older version before installing this.

Run Ad-Aware and immediately check for updates. Exit after updating.
Next, install VX2 varient add-on to your Ad-Aware. download location VX2 varient add-on.
Select "Add-ons from the menu on the left.
At new page, select VX2 cleaner on the right.
Download to your desktop, close all open browsers and windows.
Just the install wizard open, please.
Follow the prompts to install, it will locate the proper location for you. Exit, we will run it again later.

Set your PC to: show hidden files.
This time Start-->MyComputer-->Tools-->Options-->View Tab-->Show Hidden Files & Folders (system-wide)

Start-->Add or Remove Programs-->Uninstall any instances of Free Download Manager or Messenger Plus!
(if found, and as applicable in your case).

Reboot your computer into Safe Mode by tapping F8 until
the DOS screen appears. Yes. Use the up arrow to choose safe mode. Hit enter. OK.

Open your C:\HJT folder and double-click the icon. Close everything except HijackThis, nothing else on your desktop.

Run Hijackthis: click Scan, and put a checkmark next to each of the following objects.

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.eymqvilxgqrzironoha.net/utFe1kh...B93zoMvJ3w8.asp
O2 - BHO: vphclilfgwddtedztubv - {5b70dab2-3128-4b25-826d-c6f49ace75b7} - C:\DOCUME~1\Paul\APPLIC~1\frglozprvly.dll (file missing)
O2 - BHO: (no name) - {7D44E82F-C81C-034D-617B-254FD42E3722} - C:\DOCUME~1\Paul\APPLIC~1\ELSESO~1\inside rect.exe
O3 - Toolbar: (no name) - {8B8D750B-3555-4891-BDF4-9316CA0796F7} - (no file)
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"optional
O4 - HKLM\..\Run: [AdminDogNameOwns] C:\Documents and Settings\All Users\Application Data\load style admin dog\playpure.exe
O4 - HKCU\..\Run: [LoadWatcher] Test
O4 - HKCU\..\Run: [heck name] C:\DOCUME~1\Paul\APPLIC~1\JUGSNU~1\setup chin.exe
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZN
O8 - Extra context menu item: Download all by Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
optional
O8 - Extra context menu item: Download by Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
optional
O8 - Extra context menu item: Download selected by Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
optional
O8 - Extra context menu item: Download web site by Free Download Manager - file://C:\Program Files\Free Download Manager\dlpage.htm
optional
O18 - Filter: text/html - {4F7681E5-6CAF-478D-9CB8-4CA593BEE7FB} - (no file)

When you're sure that files marked for deletion are correct, click the Fix button.

Search for, locate and delete these files or folders
(Do not be concerned if they do not exist, the previous steps may have eliminated them.)
Do not delete the main folders C:\WINDOWS or C:\Program Files.
One way to find them is to use: Start-->Search-->select "all files & folders"-->select "more advanced options"-->check search "system folders", "hidden files & folders" & "sub-folders".
You may also navigate to the appropriate folder, right-click-->delete individual files.
Delete manualy.

C:\DOCUME~1\Paul\APPLIC~1\JUGSNU~1\setup chin.exe<--search for the file name and when found delete it and the folder it was in.
C:\DOCUME~1\Paul\APPLIC~1\ELSESO~1\inside rect.exe<--search for the file name and when found delete it and the folder it was in.
C:\DOCUME~1\Paul\APPLIC~1\frglozprvly.dll<--search for the file name and when found delete it and the folder it was in.
C:\Documents and Settings\All Users\Application Data\load style admin dog\playpure.exe<--search for the file name and when found delete it and the folder it was in.

C:\Program Files\Free Download Manager<--this folder & contents only optional
C:\Program Files\Messenger Plus! 3<--this folder & contents only optional

Run Ad-Aware, press the "Start" button, uncheck "Scan for negligible risk entries", select "Perform full system scan" and press "Next".
Let Ad-Aware remove anything it finds. Next, select "Add-ons"-->select & highlight VX2-->Run tool-->OK-->close.

Run System Security Suite. (All windows and browsers closed) To clean out Temp and Temporary Internet Files, In the "Items to Clear" tab click:
1. Internet Explorer (left pane): Cookies & Temporary files
2. My Computer (right pane): Temporary files & Recycle Bin
Click the "Clear Selected Items" button. Close.

Open Internet Explorer, and click on the Tools menu and then Internet Options. At the General tab, which should be the first tab you are currently on, click on the Delete Files button and put a checkmark in Delete offline content. Then press the OK button.

Reboot your computer to go back to normal mode.

Run Hijackthis click Scan, then save log.
Post the new HJT log as a reply here, please. Include comments. Is it running better? Any problems?

Edited by phawgg, 22 December 2004 - 07:57 PM.

patiently patrolling, plenty of persisant pests n' problems ...

#4 firey

firey
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:11:12 AM

Posted 23 December 2004 - 12:22 AM

Wow that was a bit of a marathon!
But thanks, everything seems OK. I have my clean IE back with my own startpage and no restrictions. A lot of the items yoiu told me to check had disappeared after using uninstall.
I really do appreciate the effort and time.
Here is my latest log....

Logfile of HijackThis v1.99.0
Scan saved at 3:45:15 PM, on 23/12/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\CCProxy\CCProxy.exe
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\LightSurf\Common\IconMgr.exe
C:\Program Files\LightSurf\Colorific\hgcctl95.exe
C:\Program Files\Pinnacle\Shared Files\Programs\Scheduler\PCLEScheduler.exe
C:\Program Files\LightSurf\Color Indicator\TICIcon.exe
C:\WINDOWS\System32\CTSvcCDA.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Panda Software\Panda Antivirus Platinum\Firewall\PavFires.exe
C:\Program Files\Panda Software\Panda Antivirus Platinum\pavsrv51.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Panda Software\Panda Antivirus Platinum\AVENGINE.EXE
C:\Program Files\Panda Software\Panda Antivirus Platinum\apvxdwin.exe
C:\Program Files\Panda Software\Panda Antivirus Platinum\pavProxy.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\hijack this\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [CCProxy] C:\CCProxy\CCProxy.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Firefly] "C:\Program Files\Firefly\Firefly.exe"
O4 - Startup: Avision Scanner Utility.lnk = C:\WINDOWS\twain_32\AVISION\AV260C\SCANER32.EXE
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: LightSurf.lnk = C:\Program Files\LightSurf\Common\IconMgr.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Pinnacle Scheduler.lnk = ?
O4 - Global Startup: Printkey2000.lnk = C:\Program Files\PrintKey2000\Printkey2000.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Researcher - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Encarta Researcher\EROPROJ.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = homekk
O17 - HKLM\Software\..\Telephony: DomainName = homekk
O17 - HKLM\System\CCS\Services\Tcpip\..\{AFAA4582-670A-41C2-834A-C525D8193B43}: NameServer = 203.12.160.35 203.12.160.36
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = homekk
O23 - Service: Adobe LM Service - Unknown - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTSvcCDA.exe
O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Panda Firewall Service - Unknown - C:\Program Files\Panda Software\Panda Antivirus Platinum\Firewall\PavFires.exe
O23 - Service: Panda anti-virus service - Unknown - C:\Program Files\Panda Software\Panda Antivirus Platinum\pavsrv51.exe

#5 phawgg

phawgg

    Learning Daily


  • Members
  • 4,543 posts
  • OFFLINE
  •  
  • Location:Washington State, USA
  • Local time:08:12 AM

Posted 25 December 2004 - 04:14 PM

firey The marathon run was worth it. You have a clean log :flowers:
Now you should disable & re-enable your System Restore to set a new restore point.
This insures that there are no infected files found in a restore point left over from what we have just cleaned.
Additional information & instructions are here.

A lot of the items yoiu told me to check had disappeared after using uninstall.

Sometimes they do uninstall fairly cleanly. We like to make sure.

Some other steps to be taken are:

1. Use secure Internet Explorer settings
  • Open IE and check tools-->internet options-->security-->click internet icon-->(default is medium).
    Click custom and check that these settings are:
  • Download unsigned ActiveX controls - prompt
  • Initialize and script ActiveX controls not marked as safe - disable
  • Installation of desktop items - prompt
  • Launching programs and files in IFRAME - prompt
  • Navigate sub-frames across different domains - prompt
2. Use AntiVirus Software & Update Frequently. It's best to use only one.
  • An excellent free program is AVG, if you need an option.
    This program can be set to automatically scan & either auto-update or
    you may choose to do that yourself.
    Virus definition updates with this program occur frequently, which is very good.
3. Use a Firewall, but use only one. If you install your own, disable the built-in winXP firewall.
  • Excellent free programs available include:
  • Sygate
  • Kerio
  • (others are also available)
  • Choose one (if you do not already use a firewall). Keep your Firewall up & monitor it's configurations
  • (fully understanding it's operation may require some thought & a little practice,
    but it helps greatly to have it installed and functioning)
4. Use Microsoft Windows Updates Frequently
  • SP2 is the most recent Service Pack available.
  • More updates have already been to it, so remain current in regards to security issues in particular.
5. Use Spybot S&D & Update
  • Install and use this program with its TeaTimer option.
  • This will provide realtime spyware & hijacker protection on your computer alongside your virus protection.
  • You should also scan your computer with this program on a regular basis, just as you would an antivirus software.
  • Check for updates when you do. A tutorial is available here.
7. Use SpywareBlaster & Update
  • Install and use this program
  • Adding a large list of sites/programs into your Browser settings, it protects you from
    running or downloading known malicious programs.
  • You may customize it if required to accomodate your individual needs,
    and updates are also frequently issued with new definitions added
  • Make it a habit to run and update on a regular basis.
7. Use Ad-Aware & Update
  • Install, configure and use this program with the others.
  • It is very well thought of in it's effectiveness, it complements the actions of the others.
  • It provides for additional plug-in specialty tools as well as an upgrade if you choose them.
  • Updates are frequent, so I suggest that you do both that and run the program regularly.
8. Use an alternative Browser Frequently. You may use several if you like.
  • Consider using Firefox as an alternative to IE
    for fundamental security reasons.
  • You can have both easily. Doing so will provide you with several benefits and options.
  • Other alternative browsers are also available at no charge
  • They do not have inherent vulnerabilities to the extent that IE does.
  • They are not subject to the same attention by malware creators as IE, which is much more commonly used.
All of these recommendations will provide a valuable service to you,
and no conflicts exist when operating them together on your PC [winXP].

Please enact them for your own sake at that of the Internet itself.

9. Use BleepingComputer Tutorials & Resources Frequently. "and check for updates...:thumbsup:"
  • While cleaning your PC important tutorials were offered to explain what was being done.
  • Urgency to accomplish the task may have compromised your full understanding of what all was involved.
  • There is always room for improvement when using a personal computer.
  • Resources are available here and improving all the time.
    Some that deal with these recommendations & other topics include:
Tutorials available for more in-depth considerations.
Switching from Internet Explorer to Firefox
Four Simple Steps for removing Spyware, Hijackers, Viruses, and other Malware
Simple and easy ways to keep your computer safe and secure on the Internet
Using Spybot - Search & Destroy to remove Spyware from Your Computer
Using Ad-Aware SE to remove Spyware & Hijackers from Your Computer
Using SpywareBlaster to protect your computer from Spyware, Hijackers, and Malware
Guide to Windows XP Recovery Features
Steps to take when connecting a new computer to the Internet
patiently patrolling, plenty of persisant pests n' problems ...

#6 firey

firey
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:11:12 AM

Posted 25 December 2004 - 07:03 PM

Thank you.

I have added and installed those programs. I use Panda anti virus but will consider AVG
when my licence runs out.

Have a Happy New Yearjava script:emoticon(':cold:')
smilie

Regards

Firey

#7 phawgg

phawgg

    Learning Daily


  • Members
  • 4,543 posts
  • OFFLINE
  •  
  • Location:Washington State, USA
  • Local time:08:12 AM

Posted 25 December 2004 - 11:37 PM

Happy New Year to you as well, firey. I think you'll find the programs you've added will give you much satisfaction as you learn each's potential. They really are an awesome combination, especially considering the price. :thumbsup:

Edited by phawgg, 25 December 2004 - 11:42 PM.

patiently patrolling, plenty of persisant pests n' problems ...

#8 phawgg

phawgg

    Learning Daily


  • Members
  • 4,543 posts
  • OFFLINE
  •  
  • Location:Washington State, USA
  • Local time:08:12 AM

Posted 31 December 2004 - 07:30 PM

Closed. The topics in this thread appear to have been resolved.

If referring to this thread you may:
Right-click Posted. Choose Copy Link Location. Paste with comments to a New Topic.

You may also contact a HJT Team Member, and reference the link location address. Happy New Year. :thumbsup: :flowers:
patiently patrolling, plenty of persisant pests n' problems ...




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users