
what to do?
#1
Posted 14 October 2007 - 10:29 AM
Register to Remove
#2
Posted 15 October 2007 - 10:10 AM
Scanned about 2 weeks ago. Than - when somebody named Rosty wanted to help me -my PC cracked, motherboard burned.
So I lost password, etc, but not to much data.After repair, I put back the data, but possibly the malware too.
So, We start all over again.
What to do?
Scan with HiJack this, and than what??
Skater.
Hi skater,
please do a scan with HijackThis and post the log here in this topic. Then I take another look for you.
Regards,
Rosty.
Edited by Rosty, 15 October 2007 - 10:11 AM.
Thank you for considering a Donation to What the Tech!
#3
Posted 15 October 2007 - 12:54 PM
Logfile of HijackThis v1.99.1Scanned about 2 weeks ago. Than - when somebody named Rosty wanted to help me -my PC cracked, motherboard burned.
So I lost password, etc, but not to much data.After repair, I put back the data, but possibly the malware too.
So, We start all over again.
What to do?
Scan with HiJack this, and than what??
Skater.
Hi skater,
please do a scan with HijackThis and post the log here in this topic. Then I take another look for you.
Regards,
Rosty.
Hi Rosty.
Nice to have found you again.
Had forgotten my password, had to mak an new account.
I'm - as you probebly know already - the same as speedskater.
I've send a mail, but didn't gort my old password back yet.
Last time, just when I was about to respond - was it saturday evening?- some hard ware cracked.
Took a whole new main-board - ( is that the right word?- to get the system working again.
Lost some data, but most of it was in a back-up.( a weekly routine) so I han't lost to much.
But....It takes day's of work to get back the system working as you want it.
Well, that's history now.
But..it sseems .by the time you've put back some older data, some older infections as well get alive again!!
here's the result of the last scan.
I'll wait for an answer.
By the way, I'd like to have an e-mail when there's response
It seems to be I currently receve them, but haven't seen one for your reply.
Do I have to change some setting??
Scan saved at 20:39:57, on 15-10-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0F2.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Microsoft Office\Office10\OUTLOOK.EXE
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Program Files\Hijackthis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [EPSON Stylus Photo R300 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0F2.EXE /P30 "EPSON Stylus Photo R300 Series" /O6 "USB001" /M "Stylus Photo R300"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: Microsoft Outlook.lnk = ?
O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = D:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
#4
Posted 15 October 2007 - 01:12 PM
I had a feeling about that.I'm - as you probebly know already - the same as speedskater.

Do you see this under your post when you are replying to me:By the way, I'd like to have an e-mail when there's response
It seems to be I currently receve them, but haven't seen one for your reply.
Do I have to change some setting??
?Post Options
Enable emoticons?
Enable signature?
You are currently receiving email notification of replies
Your log looks clean to me.

The only thing I'm missing in your log is a FireWall. Do you use one?
But lets take a look if you have reinstalled some bad stuff.
Please download DrWeb-CureIt & save it to your desktop.
Scan with DrWeb-CureIt as follows:
- Double-click on drweb-cureit.exe to start the program. An "Express Scan of your PC" notice will appear.
- Under "Start the Express Scan Now", Click "OK" to start. This is a short scan that will scan the files currently running in memory and when something is found, click the Yes button when it asks you if you want to cure it.
- Once the short scan has finished, Click Options > Change settings
- Choose the "Scan tab" and UNcheck "Heuristic analysis"
- Back at the main window, click "Select drives" (a red dot will show which drives have been chosen)
- Then click the "Start/Stop Scanning" button (green arrow on the right) and the scan will start.
- When done, a message will be displayed at the bottom advising if any viruses were found.
- Click "Yes to all" if it asks if you want to cure/move the file.
- When the scan has finished, look if you can see the icon next to the files found. If so, click it, then click the next icon right below and select "Move incurable".
(This will move it to the C:\Documents and Settings\userprofile\DoctorWeb\Quarantine folder if it can't be cured) - Next, in the Dr.Web CureIt menu on top, click file and choose save report list.
- Save the DrWeb.csv report to your desktop.
- Exit Dr.Web Cureit when done.
- Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.
- After reboot, post the contents of the log from Dr.Web in your next reply. (You can use Notepad to open the DrWeb.cvs report)
Thank you for considering a Donation to What the Tech!
#5
Posted 15 October 2007 - 02:38 PM
Hi (speed)skater,
I had a feeling about that.I'm - as you probebly know already - the same as speedskater.
![]()
Do you see this under your post when you are replying to me:By the way, I'd like to have an e-mail when there's response
It seems to be I currently receve them, but haven't seen one for your reply.
Do I have to change some setting??
?Post Options
Enable emoticons?
Enable signature?
You are currently receiving email notification of replies
Your log looks clean to me.![]()
The only thing I'm missing in your log is a FireWall. Do you use one?
But lets take a look if you have reinstalled some bad stuff.
Please download DrWeb-CureIt & save it to your desktop.
Scan with DrWeb-CureIt as follows:and a new HijackThis log.
- Double-click on drweb-cureit.exe to start the program. An "Express Scan of your PC" notice will appear.
- Under "Start the Express Scan Now", Click "OK" to start. This is a short scan that will scan the files currently running in memory and when something is found, click the Yes button when it asks you if you want to cure it.
- Once the short scan has finished, Click Options > Change settings
- Choose the "Scan tab" and UNcheck "Heuristic analysis"
- Back at the main window, click "Select drives" (a red dot will show which drives have been chosen)
- Then click the "Start/Stop Scanning" button (green arrow on the right) and the scan will start.
- When done, a message will be displayed at the bottom advising if any viruses were found.
- Click "Yes to all" if it asks if you want to cure/move the file.
- When the scan has finished, look if you can see the icon next to the files found. If so, click it, then click the next icon right below and select "Move incurable".
(This will move it to the C:\Documents and Settings\userprofile\DoctorWeb\Quarantine folder if it can't be cured)- Next, in the Dr.Web CureIt menu on top, click file and choose save report list.
- Save the DrWeb.csv report to your desktop.
- Exit Dr.Web Cureit when done.
- Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.
- After reboot, post the contents of the log from Dr.Web in your next reply. (You can use Notepad to open the DrWeb.cvs report)
Rosty.
Yes there's a Firewall.
Eset- NOD 32, realtime updated.
Or is this only an antivirus??
Is there a difference between the two.
OK. it's 22.36, late in the evening.
If you don't mind, i'll download Drweb tomorrow and than follow your instructions.
Talk to you tomorrow evening CETime.
#6
Posted 16 October 2007 - 02:34 AM
Rosty.
Yes there's a Firewall.
Eset- NOD 32, realtime updated.
Or is this only an antivirus??
Is there a difference between the two.
OK. it's 22.36, late in the evening.
If you don't mind, i'll download Drweb tomorrow and than follow your instructions.
Talk to you tomorrow evening CETime.
Hi skater,
please use the add reply button instead of the quote button if you reply. You can quote some things but its not neccesary to quote the whole post.
NOD32 is only a virusscanner!! The difference between a Firewall and an AntiVirus is: An antivirusscanner scans file's and other things you receiving in e-mails and an FireWall protects you from attacks from other computers and so.
I'll see your post this evening.
Without a firewall your computer is susceptible to being hacked and taken over:
Kerio Personal Firewall OR ZoneAlarm are good FREE firewalls.
Read Understanding and using firewalls to learn more about using firewalls
VERY IMPORTANT: Never install more than ONE firewall on your system! Several together can give problems and decrease their reliability and effectiveness!
Thank you for considering a Donation to What the Tech!
#7
Posted 16 October 2007 - 11:57 AM
Here are the results of 2 scan's.
1st DrWeb,
2nd Hijackthis.
PTUGW1BA.NQF C:\Program Files\ESET\infected Adware.Zango Incurable.Moved.
PTUGW1BA.NQF D:\Program Files\ESET\infected Adware.Zango Incurable.Moved.
NPMyWebS.dll D:\Program Files\Mozilla Firefox\plugins Adware.Websearch Incurable.Moved.
riched20.dll D:\Program Files\MSN Messenger Adware.Msearch Incurable.Moved.
F3HISTSW.DLL D:\Program Files\MyWebSearch\bar\1.bin Adware.Msearch Incurable.Moved.
F3HTMLMU.DLL D:\Program Files\MyWebSearch\bar\1.bin Adware.Websearch Incurable.Moved.
F3HTTPCT.DLL D:\Program Files\MyWebSearch\bar\1.bin Trojan.Isbar.438 Deleted.
F3POPSWT.DLL D:\Program Files\MyWebSearch\bar\1.bin Adware.Funweb Incurable.Moved.
F3PSSAVR.SCR D:\Program Files\MyWebSearch\bar\1.bin Adware.Msearch Incurable.Moved.
F3RESTUB.DLL D:\Program Files\MyWebSearch\bar\1.bin Adware.Msearch Incurable.Moved.
F3SCRCTR.DLL D:\Program Files\MyWebSearch\bar\1.bin Trojan.DownLoader.7028 Deleted.
F3WPHOOK.DLL D:\Program Files\MyWebSearch\bar\1.bin Adware.Msearch Incurable.Moved.
M3IDLE.DLL D:\Program Files\MyWebSearch\bar\1.bin Adware.MWS Incurable.Moved.
M3OUTLCN.DLL D:\Program Files\MyWebSearch\bar\1.bin Adware.Msearch Incurable.Moved.
M3PLUGIN.DLL D:\Program Files\MyWebSearch\bar\1.bin Adware.Msearch.origin Incurable.Moved.
MWSBAR.DLL D:\Program Files\MyWebSearch\bar\1.bin Adware.Websearch Incurable.Moved.
MWSOEMON.EXE D:\Program Files\MyWebSearch\bar\1.bin Adware.Websearch Incurable.Moved.
MWSOEPLG.DLL D:\Program Files\MyWebSearch\bar\1.bin Adware.Websearch Incurable.Moved.
MWSOESTB.DLL D:\Program Files\MyWebSearch\bar\1.bin Adware.MWS Incurable.Moved.
NPMYWEBS.DLL D:\Program Files\MyWebSearch\bar\1.bin Adware.Websearch Incurable.Moved.
MWSSRCAS.DLL D:\Program Files\MyWebSearch\SrchAstt\1.bin Adware.Websearch Incurable.Moved.
A0013053.DLL D:\System Volume Information\_restore{EDAB4DD4-B2D7-40D3-B56B-6DD2BD08B7B5}\RP61 Trojan.Isbar.438 Deleted.
A0013054.DLL D:\System Volume Information\_restore{EDAB4DD4-B2D7-40D3-B56B-6DD2BD08B7B5}\RP61 Trojan.DownLoader.7028 Deleted.
f3PSSavr.scr D:\WINDOWS\system32 Adware.Msearch Incurable.Moved.
Logfile of HijackThis v1.99.1
Scan saved at 19:44:38, on 16-10-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0F2.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Microsoft Office\Office10\OUTLOOK.EXE
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Hijackthis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [EPSON Stylus Photo R300 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0F2.EXE /P30 "EPSON Stylus Photo R300 Series" /O6 "USB001" /M "Stylus Photo R300"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: Microsoft Outlook.lnk = ?
O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = D:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
Have switched on Windows Firewall, is that a sufficient one, or do I better install an other one.
By the way, just read that Kerio and Eset have a joined venture now and probably will come with one package for antivirus and firewall soon.
Yes I do see "You are currently receiving' etc, but none have appeared yet.
Also send a message to What the tech for retreiving my password for the other profile, had no response yet.
So what's next?
Skater
#8
Posted 16 October 2007 - 12:13 PM
you're log looks clean.

How are things running?
For me thats ok, but I prefer one like kerio or ZoneAlarm.Have switched on Windows Firewall, is that a sufficient one, or do I better install an other one.
I read that too, but I'll don't like the all in one products!!By the way, just read that Kerio and Eset have a joined venture now and probably will come with one package for antivirus and firewall soon.
I'll ask on the admine's what they can do about it.Yes I do see "You are currently receiving' etc, but none have appeared yet.Also send a message to What the tech for retreiving my password for the other profile, had no response yet.
So what's next?
Disable and Enable System Restore. - You should disable and enable system restore to make sure there are no infected files found in a restore point.
You can find instructions on how to enable and re-enable system restore here:
Windows XP System Restore Guide.
Edited by Rosty, 16 October 2007 - 12:14 PM.
Thank you for considering a Donation to What the Tech!
#9
Posted 16 October 2007 - 01:17 PM
#10
Posted 16 October 2007 - 02:48 PM
Please take the time to tell us what you would like to be done about the people who are behind all the problems you have had. We can only get something done about this if the people that we help, like you, are prepared to complain. We have a dedicated forum for collecting these complaints Malware Complaints, you need to be registered to post as unfortunately we were hit with too many spam posting to allow guest posting to continue just find your country room and register your complaint.
Below are some steps to follow in order to dramatically lower the chances of reinfection
You may have already implemented some of the steps below, however you should follow any steps that you have not already implemented
[*]Make sure that you keep your antivirus updated
New viruses come out every minute, so it is essential that you have the latest signatures for your antivirus program to provide you with the best possible protection from malicious software
Note: You should only have one antivirus installed at a time. Having more than one antivirus program installed at once is likely to cause conflicts and may well decrease your overall protection as well as impairing the performance of your PC.
[*]Make sure you install all the security updates for Windows, Internet explorer & Microsoft Office
Whenever a security problem in its software is found, Microsoft will usually create a patch for it to that after the patch is installed, attackers can't use the vulnerability to install malicious software on your PC, so keeping up with these patches will help to prevent malicious software being installed on your PC
Go here to check for & install updates to Microsoft applications
Note: The update process uses activex, so you will need to use internet explorer for it, and allow the activex control that it wants to install
[*]Keep your non-Microsoft applications updated as well
Microsoft isn't the only company whose products can contain security vulnerabilities, to check for other vulnerable programs running on your PC that are in need of an update, you can use the Secunia Software Inspector - I suggest that you run it at least once a month
[*]Make Internet Explorer more secure
Click Start > Run
Type Inetcpl.cpl & click OK
Click on the Security tab
Click Reset all zones to default level
Make sure the Internet Zone is selected & Click Custom level
In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
Next Click OK, then Apply button and then OK to exit the Internet Properties page.
[*]Install SpywareBlaster & make sure to update it regularly
SpywareBlaster sets killbits in the registry to prevent known malicious activex controls from installing themselves on your computer.
If you don't know what activex controls are, see here
You can download SpywareBlaster from here
[*]Install and use Spybot Search & Destroy
Instructions are located here
Make sure you update, reimmunize & scan regularly
[*]Make use of the HOSTS file included with Spybot Search & Destroy
Every version of windows includes a hosts file as part of them. A hosts file is a bit like a phone book, it points to the actual numeric address (i.e. the IP address) from the human friendly name of a website. This feature can be used to block malicious websites
Spybot Search & Destroy has a good HOSTS file built in, to enable the HOSTS file in Spybot Search & Destroy
- Run Spybot Search & Destroy
- Click on Mode, and then place a tick next to Advanced mode
- Click Yes
- In the left hand pane of Spybot Search & Destroy, click on Tools, and then on Hosts File
- Click on Add Spybot-S&D hosts list
- Click Start > Run
- Type services.msc & click OK
- In the list, find the service called DNS Client & double click on it.
- On the dropdown box, change the setting from automatic to manual.
- Click OK & then close the Services window
[*]Install a-squared Free & update and scan with it regularly
a-squared free is a product from Emsi Software provided free for private use that can detect and remove a variety of malicious software. You can get it here
Note: If you have a dialup internet connection, you may also like to install a-squared Anti-Dialer which provides some real time protection against premium rate dialers
[*]Finally I am trying to make one point very clear. It is absolutely essential to keep all of your security programs up to date
[/list]
Edited by Rosty, 16 October 2007 - 02:49 PM.
Thank you for considering a Donation to What the Tech!
#11
Posted 17 October 2007 - 08:10 AM
#12
Posted 17 October 2007 - 08:33 AM
I've asked LDTate what to do about your issues with e-mail notification and an new pasword for "speedskater".
Thats what LDTatae told me:
I haven't seen any request from this user to change his/her password. Both accounts look OK to me so maybe it's getting blocked by his email account.
Glad we could be of assistance. This topic is now closed. If you wish it reopened, please send us an email (Click for address) with a link to your thread.
Do not bother contacting us if you are not the topic starter. A valid, working link to the closed topic is required along with the user name used. If the user name does not match the one in the thread linked, the email will be deleted.
Make sure you use proper prevention to keep from having problems occur to your computer in the future.
Coyote's Installed programs for prevention:
http://forums.tomcoy...showtopic=31418
The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online.
Visit the CoyoteStore http://TomCoyote.org/coyotestore.php
Thank you for considering a Donation to What the Tech!
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users