Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93099 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

What's wrong with my computer?


  • This topic is locked This topic is locked
7 replies to this topic

#1 mk7956

mk7956

    New Member

  • New Member
  • Pip
  • 4 posts

Posted 27 March 2006 - 11:41 PM

I'm quite annoyed. A couple of days ago I started getting pop-ups for "WinAntiVirusPRO", "Winfixer" and adult friend finder. The WinAntiVirusPRO and the Winfixer keep asking me to download their software (I did not) to fix a supposed vulnerability to the "Beagle Virus" and "Blackworm Virus" and a few others. I do have the completely up-to-date Norton Antivirus 2006 that I've run several times with no success. I haven't tried downloading any other software to correct this as I'm not sure what would work. I've seen some things on the internet about a "HijackThis" scan but I'm not sure what that is. Is there a procedure for removing this nasty stuff from my computer? :scratch: I appreciate any help you can offer. Thanks in advance!

    Advertisements

Register to Remove


#2 shelf life

shelf life

    SuperMember

  • Visiting Fellow
  • PipPipPipPipPip
  • 3,191 posts

Posted 28 March 2006 - 05:03 PM

hi mk7956,

we have a self-help section for certain things here:

only for w2k or xp

http://forums.tomcoy...showtopic=57816
-----------------------
follow that or if you want download hjt, do a scan with it, then post the hjt log back here and i will take a look at it.

shelf life
How Can I Reduce My Risk?

#3 mk7956

mk7956

    New Member

  • New Member
  • Pip
  • 4 posts

Posted 28 March 2006 - 10:36 PM

Hi shelf life,

Here is my hjt log. I hope it's revealing.

Thanks again!

Logfile of HijackThis v1.99.1
Scan saved at 10:23:35 PM, on 3/28/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\atiptaxx.exe
C:\Program Files\Sony\HotKey Utility\HKserv.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Creative\8xxx\bbui.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb06.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\Sony\JOGDIA~1\JogServ2.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\PowerPanel\Program\PcfMgr.exe
C:\Program Files\Second Nature\Snsicon.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\hijackthis\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.sony.com/vaiopeople
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: DosSpecFolder Object - {3E1BEA96-02D9-4992-B508-9B51819D9D86} - C:\WINDOWS\System32\rqoon.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [HKSERV.EXE] C:\Program Files\Sony\HotKey Utility\HKserv.exe
O4 - HKLM\..\Run: [ZTgServerSwitch] c:\program files\support.com\client\bin\tgcmd.exe /server
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [bbui] C:\Program Files\Creative\8xxx\bbui.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb06.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] "C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: PowerPanel.lnk = ?
O4 - Global Startup: Snsicon.lnk = C:\Program Files\Second Nature\Snsicon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O20 - Winlogon Notify: rqoon - C:\WINDOWS\System32\rqoon.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

#4 shelf life

shelf life

    SuperMember

  • Visiting Fellow
  • PipPipPipPipPip
  • 3,191 posts

Posted 29 March 2006 - 05:09 PM

hi mk7956

ok lets do this;

Download VundoFix.exe to your desktop.

http://www.atribune..../click.php?id=4

1. Double-click VundoFix.exe to run it.
2. Click the Scan for Vundo button.
3. Once it's done scanning, click the Remove Vundo button.
4. You will receive a prompt asking if you want to remove the files, click YES.
5. Once you click yes, your desktop will go blank as it starts removing Vundo.
6. When completed, it will prompt that it will shutdown your computer, click OK.
7. Turn your computer back on.

The ewido security suite is now known as ewido anti-malware.

1. Please download and install ewido anti-malware v3.5.

http://www.ewido.net/en/download/

If ewido finds something that you KNOW is legitimate (watch for alerts that have the word "Heuristic" in them - these may actually be false positives) select "none" as the action. DO NOT check "Perform action with all infections." If you are unsure of an entry, select "none" for the time being.
2. When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
3. Launch ewido by double-clicking the "e" icon on your desktop.
4. The program will now go to the main screen.
5. You will need to update ewido to the latest definition files.
1. On the left hand side of the main screen click "Update".
2. Then click on "Start Update".
3. The update will begin and a progress bar will show the updates being installed. If you are having problems with the updater, click Update ewido.
4. After the update finishes, the status bar at the bottom will display "Update successful".
6. After the updates are installed, click on Scanner and select "Settings".
1. Under the bottom section "What to Scan?" select "Scan every file".
2. Select "OK" and you will return to scanning options.
7. Click on "Complete System Scan". This can take a while to complete so please be patient.
8. While the scan is in progress, you will be prompted to clean the first infected file it finds. Choose "clean", then CHECK or UNCHECK "Perform action on all infections" and click "OK". Note: You will have to watch the scan all the way through and delete items manually.
9. After the scan has completed, ewido will create a report.
10. There will be a button located on the bottom of the screen named "Save report". Click "Save report" [to your desktop].
11. Exit ewido anti-malware when done.
12. Note: ewido is a free trial product for 14 days. Since ewido is a trial version, the realtime guard and automatic update will stop functioning after 14 days (which is the reason we uncheck them during installation). You can use ewido as an on-demand scanner (recommended) but you will have to manually update the definition file each time you scan by clicking on “Update” and “Start Update”.

Please post the contents of C:\vundofix.txt, the ewido anti-malware log and a new HijackThis log.
How Can I Reduce My Risk?

#5 mk7956

mk7956

    New Member

  • New Member
  • Pip
  • 4 posts

Posted 30 March 2006 - 03:18 PM

Hello again shelf life,

Here are my new logs:



VundoFix V4.2.42

Checking Java version...

Sun Java not detected
Scan started at 1:51:25 PM 3/30/2006

Listing files found while scanning....

C:\WINDOWS\System32\rqoon.dll
C:\WINDOWS\System32\nooqr.ini
C:\WINDOWS\System32\nooqr.bak1
C:\WINDOWS\System32\nooqr.bak2
C:\WINDOWS\System32\nooqr.ini2
C:\WINDOWS\System32\nooqr.tmp

C:\WINDOWS\system32\nooqr.bak1
C:\WINDOWS\system32\nooqr.bak2
C:\WINDOWS\system32\nooqr.tmp
C:\WINDOWS\system32\nooqr.ini
C:\WINDOWS\system32\nooqr.ini2
C:\WINDOWS\system32\rqoon.dll
C:\WINDOWS\system32\nooqr.ini2
C:\WINDOWS\system32\nooqr.bak2
C:\WINDOWS\system32\nooqr.tmp
C:\WINDOWS\system32\nooqr.ini
C:\WINDOWS\system32\nooqr.ini2
C:\WINDOWS\system32\rqoon.dll
Attempting to delete C:\WINDOWS\System32\rqoon.dll
C:\WINDOWS\System32\rqoon.dll Has been deleted!

Attempting to delete C:\WINDOWS\System32\nooqr.ini
C:\WINDOWS\System32\nooqr.ini Has been deleted!

Attempting to delete C:\WINDOWS\System32\nooqr.bak1
C:\WINDOWS\System32\nooqr.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\System32\nooqr.bak2
C:\WINDOWS\System32\nooqr.bak2 Has been deleted!

Attempting to delete C:\WINDOWS\System32\nooqr.ini2
C:\WINDOWS\System32\nooqr.ini2 Has been deleted!

Attempting to delete C:\WINDOWS\System32\nooqr.tmp
C:\WINDOWS\System32\nooqr.tmp Has been deleted!

Performing Repairs to the registry.
Done!


---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 2:43:33 PM, 3/30/2006
+ Report-Checksum: A4BA78BB

+ Scan result:

C:\Documents and Settings\max\Cookies\max@journalregistercompany.122.2o7[1].txt -> TrackingCookie.2o7 : Ignored
C:\Documents and Settings\max\Cookies\max@247realmedia[2].txt -> TrackingCookie.247realmedia : Cleaned with backup
C:\Documents and Settings\max\Cookies\max@2o7[2].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\max\Cookies\max@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\max\Cookies\max@adopt.euroclick[1].txt -> TrackingCookie.Euroclick : Cleaned with backup
C:\Documents and Settings\max\Cookies\max@adopt.specificclick[1].txt -> TrackingCookie.Specificclick : Cleaned with backup
C:\Documents and Settings\max\Cookies\max@adrevolver[3].txt -> TrackingCookie.Adrevolver : Cleaned with backup
C:\Documents and Settings\max\Cookies\max@ads.addynamix[1].txt -> TrackingCookie.Addynamix : Cleaned with backup
C:\Documents and Settings\max\Cookies\max@ads.pointroll[2].txt -> TrackingCookie.Pointroll : Cleaned with backup
C:\Documents and Settings\max\Cookies\max@ads.specificpop[1].txt -> TrackingCookie.Specificpop : Cleaned with backup
C:\Documents and Settings\max\Cookies\max@adtech[2].txt -> TrackingCookie.Adtech : Cleaned with backup
C:\Documents and Settings\max\Cookies\max@advertising[1].txt -> TrackingCookie.Advertising : Cleaned with backup
C:\Documents and Settings\max\Cookies\max@adviva[2].txt -> TrackingCookie.Adviva : Cleaned with backup
C:\Documents and Settings\max\Cookies\max@as-us.falkag[1].txt -> TrackingCookie.Falkag : Cleaned with backup
C:\Documents and Settings\max\Cookies\max@atdmt[1].txt -> TrackingCookie.Atdmt : Cleaned with backup
C:\Documents and Settings\max\Cookies\max@bfast[1].txt -> TrackingCookie.Bfast : Cleaned with backup
C:\Documents and Settings\max\Cookies\max@bluestreak[1].txt -> TrackingCookie.Bluestreak : Cleaned with backup
C:\Documents and Settings\max\Cookies\max@bs.serving-sys[1].txt -> TrackingCookie.Serving-sys : Cleaned with backup
C:\Documents and Settings\max\Cookies\max@burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned with backup
C:\Documents and Settings\max\Cookies\max@casalemedia[1].txt -> TrackingCookie.Casalemedia : Cleaned with backup
C:\Documents and Settings\max\Cookies\max@centrport[2].txt -> TrackingCookie.Centrport : Cleaned with backup
C:\Documents and Settings\max\Cookies\max@chicagosuntimes.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\max\Cookies\max@citi.bridgetrack[2].txt -> TrackingCookie.Bridgetrack : Cleaned with backup
C:\Documents and Settings\max\Cookies\max@cnn.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\max\Cookies\max@com[2].txt -> TrackingCookie.Com : Cleaned with backup
C:\Documents and Settings\max\Cookies\max@counter.hitslink[2].txt -> TrackingCookie.Hitslink : Cleaned with backup
C:\Documents and Settings\max\Cookies\max@cpvfeed[1].txt -> TrackingCookie.Cpvfeed : Cleaned with backup
C:\Documents and Settings\max\Cookies\max@data.coremetrics[1].txt -> TrackingCookie.Coremetrics : Cleaned with backup
C:\Documents and Settings\max\Cookies\max@data3.perf.overture[1].txt -> TrackingCookie.Overture : Cleaned with backup
C:\Documents and Settings\max\Cookies\max@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\max\Cookies\max@e-2dj6wfkospczcap.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\max\Cookies\max@e-2dj6wfmiwiczalp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\max\Cookies\max@e-2dj6wjkokhc5sbp.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\max\Cookies\max@e-2dj6wjnyggdjceq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\max\Cookies\max@e-2dj6wjnygodzefo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\max\Cookies\max@e-2dj6wjnyohcpakp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\max\Cookies\max@edge.ru4[2].txt -> TrackingCookie.Ru4 : Cleaned with backup
C:\Documents and Settings\max\Cookies\max@ehg-bestbuy.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\max\Cookies\max@ehg-bizjournals.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\max\Cookies\max@ehg-brooksbrothers.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\max\Cookies\max@ehg-cbs.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\max\Cookies\max@ehg-chicos.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\max\Cookies\max@ehg-chrysler.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\max\Cookies\max@ehg-comcast.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\max\Cookies\max@ehg-continueded.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\max\Cookies\max@ehg-dig.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\max\Cookies\max@ehg-harleydavidson.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\max\Cookies\max@ehg-inforspaceinc.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\max\Cookies\max@ehg-kohls.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\max\Cookies\max@ehg-sonylearning.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\max\Cookies\max@ehg-sonyvaio.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\max\Cookies\max@ehg-talbots.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\max\Cookies\max@ehg-win2000mag.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\max\Cookies\max@ehg.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\max\Cookies\max@fastclick[1].txt -> TrackingCookie.Fastclick : Cleaned with backup
C:\Documents and Settings\max\Cookies\max@gator[2].txt -> TrackingCookie.Gator : Cleaned with backup
C:\Documents and Settings\max\Cookies\max@hg1.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\max\Cookies\max@hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\max\Cookies\max@linksynergy[1].txt -> TrackingCookie.Linksynergy : Cleaned with backup
C:\Documents and Settings\max\Cookies\max@media.fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned with backup
C:\Documents and Settings\max\Cookies\max@mediaplex[2].txt -> TrackingCookie.Mediaplex : Cleaned with backup
C:\Documents and Settings\max\Cookies\max@microsofteup.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\max\Cookies\max@northwestairlines.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\max\Cookies\max@overture[2].txt -> TrackingCookie.Overture : Cleaned with backup
C:\Documents and Settings\max\Cookies\max@perf.overture[1].txt -> TrackingCookie.Overture : Cleaned with backup
C:\Documents and Settings\max\Cookies\max@phg.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\max\Cookies\max@pro-market[2].txt -> TrackingCookie.Pro-market : Cleaned with backup
C:\Documents and Settings\max\Cookies\max@qksrv[2].txt -> TrackingCookie.Qksrv : Cleaned with backup
C:\Documents and Settings\max\Cookies\max@questionmarket[2].txt -> TrackingCookie.Questionmarket : Cleaned with backup
C:\Documents and Settings\max\Cookies\max@rotator.adjuggler[1].txt -> TrackingCookie.Adjuggler : Cleaned with backup
C:\Documents and Settings\max\Cookies\max@sales.liveperson[2].txt -> TrackingCookie.Liveperson : Cleaned with backup
C:\Documents and Settings\max\Cookies\max@sel.as-us.falkag[2].txt -> TrackingCookie.Falkag : Cleaned with backup
C:\Documents and Settings\max\Cookies\max@servedby.advertising[1].txt -> TrackingCookie.Advertising : Cleaned with backup
C:\Documents and Settings\max\Cookies\max@server.iad.liveperson[2].txt -> TrackingCookie.Liveperson : Cleaned with backup
C:\Documents and Settings\max\Cookies\max@server1.web-stat[1].txt -> TrackingCookie.Web-stat : Cleaned with backup
C:\Documents and Settings\max\Cookies\max@serving-sys[1].txt -> TrackingCookie.Serving-sys : Cleaned with backup
C:\Documents and Settings\max\Cookies\max@specificpop[1].txt -> TrackingCookie.Specificpop : Cleaned with backup
C:\Documents and Settings\max\Cookies\max@statcounter[1].txt -> TrackingCookie.Statcounter : Cleaned with backup
C:\Documents and Settings\max\Cookies\max@stats1.reliablestats[1].txt -> TrackingCookie.Reliablestats : Cleaned with backup
C:\Documents and Settings\max\Cookies\max@statse.webtrendslive[2].txt -> TrackingCookie.Webtrendslive : Cleaned with backup
C:\Documents and Settings\max\Cookies\max@tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned with backup
C:\Documents and Settings\max\Cookies\max@tradedoubler[2].txt -> TrackingCookie.Tradedoubler : Cleaned with backup
C:\Documents and Settings\max\Cookies\max@trafficmp[2].txt -> TrackingCookie.Trafficmp : Cleaned with backup
C:\Documents and Settings\max\Cookies\max@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : Cleaned with backup
C:\Documents and Settings\max\Cookies\max@twci.coremetrics[1].txt -> TrackingCookie.Coremetrics : Cleaned with backup
C:\Documents and Settings\max\Cookies\max@valueclick[1].txt -> TrackingCookie.Valueclick : Cleaned with backup
C:\Documents and Settings\max\Cookies\max@www.burstbeacon[1].txt -> TrackingCookie.Burstbeacon : Cleaned with backup
C:\Documents and Settings\max\Cookies\max@z1.adserver[1].txt -> TrackingCookie.Adserver : Cleaned with backup
C:\Documents and Settings\max\Cookies\max@zedo[2].txt -> TrackingCookie.Zedo : Cleaned with backup
C:\Documents and Settings\max\Local Settings\Temporary Internet Files\Content.IE5\3V51L5PY\archive[1].jar/A.class -> Not-A-Virus.Exploit.Java.ByteVerify : Error during cleaning
C:\Documents and Settings\max\Local Settings\Temporary Internet Files\Content.IE5\3V51L5PY\archive[1].jar/Beyond.class -> Downloader.OpenStream.aa : Error during cleaning


::Report End



Logfile of HijackThis v1.99.1
Scan saved at 3:10:10 PM, on 3/30/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\atiptaxx.exe
C:\Program Files\Sony\HotKey Utility\HKserv.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Creative\8xxx\bbui.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb06.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\ctfmon.exe
C:\PROGRA~1\Sony\JOGDIA~1\JogServ2.exe
C:\Program Files\PowerPanel\Program\PcfMgr.exe
C:\Program Files\Second Nature\Snsicon.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\hijackthis\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.sony.com/vaiopeople
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [HKSERV.EXE] C:\Program Files\Sony\HotKey Utility\HKserv.exe
O4 - HKLM\..\Run: [ZTgServerSwitch] c:\program files\support.com\client\bin\tgcmd.exe /server
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [bbui] C:\Program Files\Creative\8xxx\bbui.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb06.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] "C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: PowerPanel.lnk = ?
O4 - Global Startup: Snsicon.lnk = C:\Program Files\Second Nature\Snsicon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

#6 shelf life

shelf life

    SuperMember

  • Visiting Fellow
  • PipPipPipPipPip
  • 3,191 posts

Posted 30 March 2006 - 05:33 PM

hi mk7956,

that last log looks good to me. heres some reference material for you:



Be careful of what you download, and where you download it from. Many programs come bundled with extra software.You may be installing more than you think. Make sure you understand what it is you will be downloading and installing to your computer. Visit the makers website, learn more about the program, Does the program you want come bundled with other "3rd party" programs? What do the 3rd party programs do? Will they deliver ads? Track your surfing habits?. Read the EULA agreement, you know, that paragraph of stuff you "agree to" before the software installs? If you search hard enough you can always find a "clean" alternative to any software. Stay away from warez and crack sites. Becarful what you download from file sharing networks. If you are not sure, scan it with your Antivirus app. A small file (in KB) is probably not what you think it is. DO YOU TRUST THE SOURCE?

Make sure you keep your Windows OS current by visiting Windows update
occasionaly to download and install any critical updates and service packs. With out these you are leaving the backdoor open.

Adjust your browser settings: Change your(active x) settings in IE. With IE open go to tools, internet options, security tab. Click on the internet globe, then custom level. Set the first option "download signed active x controls" to prompt, the next two to disable. Read more:
Internet Explorer Privacy & Security Settings
Working with Internet Explorer 6 Security
Many exploits are directed at Internet Explorer, you dont have to use it. Try a different browser.
Like Firefox,


Outlook Express with the default settings is not secure. It will run scripts, download images etc, just like a browser. You dont have to use it.
look here
and here
Or try Pegasus Mail, safer by default,no tweaking needed.

Make sure you have and keep updated Antivirus software
Free for home users:
avast! 4 Home Edition Download
AVG free version 7.0
AntiVir Personal Edition

Download one or two of these, install and update before using:(if these are constantly finding malware, then you need to make changes to your browser and or your habits)
CounterSpy Free trial version
Spybot Search and destroy
Ad-Aware SE Personal edition
Microsoft Windows Defender
Becarful with spyware "removers and scanners"-- there are many "rogue/suspect" programs that "claim to remove" spyware.Check here first.

AntiTrojan software to fill in the gap:
a2 free
Ewido Anti-Malware
Trojan Hunter (30 day trial version)
Tauscan trial version

Other programs to consider:
Process Guard stop events/processes with user intervention
SpywareBlaster add security to IE
IE-SPYAD adds adware peddlers sites/domains to IE restricted zone
CleanUp cleans out temps,history, autoforms etc

Learn More:
Browser Checkup
Parasite Free
Safe Hex
Shelf Lifes page
Home Computer Security
Wilders Security Advisors
How Can I Reduce My Risk?

#7 mk7956

mk7956

    New Member

  • New Member
  • Pip
  • 4 posts

Posted 06 April 2006 - 10:50 AM

Thanks a lot shelf life! My computer has been running much better without any of the pop-ups that were plaguing me. You guys do great work! I greatly appreciate you!

#8 shelf life

shelf life

    SuperMember

  • Visiting Fellow
  • PipPipPipPipPip
  • 3,191 posts

Posted 20 April 2006 - 07:04 PM

Glad we could be of assistance. This topic is now closed. If you wish it reopened, please send us an email (Click for address) with a link to your thread.

Do not bother contacting us if you are not the topic starter. A valid, working link to the closed topic is required along with the user name used. If the user name does not match the one in the thread linked, the email will be deleted.
Make sure you use proper prevention to keep from having problems occur to your computer in the future.

Coyote's Installed programs for prevention:

http://forums.tomcoy...showtopic=31418

The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online.

Visit the CoyoteStore http://TomCoyote.org/coyotestore.php
How Can I Reduce My Risk?

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users