Jump to content


Photo

My Hijack Log


  • Please log in to reply
16 replies to this topic

#1 darkerblue

darkerblue

    Member

  • Full Member
  • Pip
  • 9 posts

Posted 24 July 2004 - 06:04 PM

Would someone mind looking over this hjt log for me? I've tried to do some fixes, including AdAware, SpyBot S&D, TrojanHunter, CWShredder, Peper finder, VX2Finder. Nothing really seems to work. I'm getting Azoogleads and others like http://adv1.eblocs.c.../dmedi_002.html

If someone could offer me more advice, that would be great. THANKS! :)



Logfile of HijackThis v1.98.0
Scan saved at 5:57:06 PM, on 7/24/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Canon\BJCard\Bjmcmng.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Canon\BJPV\TVMon.exe
C:\Program Files\Canon\BJCard\BJLaunch.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
C:\Program Files\TrojanHunter 3.9\THGuard.exe
C:\Program Files\CursorXP\CursorXP.exe
C:\Program Files\Common Files\10-11 Web Alert\TrueWeather.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\WINDOWS\webshots.scr
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Avant Browser\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Bradley\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.weather.c...her/local/68528
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [BJPD HID Control] C:\Program Files\Canon\BJPV\TVMon.exe
O4 - HKLM\..\Run: [BJLaunchEXE] C:\Program Files\Canon\BJCard\BJLaunch.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 3.9\THGuard.exe"
O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: 10-11 Web Alert.lnk = C:\Program Files\Common Files\10-11 Web Alert\TrueWeather.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Add to AD Black List - C:\Program Files\Avant Browser\AddToADBlackList.htm
O8 - Extra context menu item: Block All Images from the Same Server - C:\Program Files\Avant Browser\AddAllToADBlackList.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Highlight - C:\Program Files\Avant Browser\Highlight.htm
O8 - Extra context menu item: Open All Links in This Page... - C:\Program Files\Avant Browser\OpenAllLinks.htm
O8 - Extra context menu item: Search - C:\Program Files\Avant Browser\Search.htm
O9 - Extra button: ICQ 4.0 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O10 - Unknown file in Winsock LSP: c:\windows\system32\lspak.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\lspak.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\lspak.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\lspak.dll

#2 darkerblue

darkerblue

    Member

  • Full Member
  • Pip
  • 9 posts

Posted 24 July 2004 - 06:32 PM

My adaware log:


Lavasoft Ad-aware Personal Build 6.181
Logfile created on :Saturday, July 24, 2004 6:13:03 PM
Created with Ad-aware Personal, free for private use.
Using reference-file :01R333 18.07.2004
______________________________________________________

Ad-aware Settings
=========================
Set : Activate in-depth scan (Recommended)
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file


7-24-2004 6:13:03 PM - Scan started. (Custom mode)

Listing running processes
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ

#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ThreadCreationTime : 7-24-2004 10:41:05 PM
BasePriority : Normal


#:2 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ThreadCreationTime : 7-24-2004 10:41:10 PM
BasePriority : High


#:3 [services.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 7-24-2004 10:41:11 PM
BasePriority : Normal
FileSize : 99 KB
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
OriginalFilename : services.exe
ProductName : Microsoft
Created on : 8/29/2002 10:00:00 AM
Last accessed : 7/24/2004 10:41:05 PM
Last modified : 8/29/2002 10:00:00 AM

#:4 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 7-24-2004 10:41:11 PM
BasePriority : Normal
FileSize : 11 KB
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
OriginalFilename : lsass.exe
ProductName : Microsoft
Created on : 8/29/2002 10:00:00 AM
Last accessed : 7/24/2004 10:41:05 PM
Last modified : 8/29/2002 10:00:00 AM

#:5 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 7-24-2004 10:41:11 PM
BasePriority : Normal
FileSize : 12 KB
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
OriginalFilename : svchost.exe
ProductName : Microsoft
Created on : 8/29/2002 10:00:00 AM
Last accessed : 7/24/2004 10:23:57 PM
Last modified : 8/29/2002 10:00:00 AM

#:6 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ThreadCreationTime : 7-24-2004 10:41:11 PM
BasePriority : Normal
FileSize : 12 KB
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
OriginalFilename : svchost.exe
ProductName : Microsoft
Created on : 8/29/2002 10:00:00 AM
Last accessed : 7/24/2004 10:23:57 PM
Last modified : 8/29/2002 10:00:00 AM

#:7 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 7-24-2004 10:41:14 PM
BasePriority : Normal
FileSize : 50 KB
FileVersion : 5.1.2600.0 (XPClient.010817-1148)
ProductVersion : 5.1.2600.0
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
OriginalFilename : spoolsv.exe
ProductName : Microsoft
Created on : 8/29/2002 10:00:00 AM
Last accessed : 7/24/2004 10:41:05 PM
Last modified : 8/29/2002 10:00:00 AM

#:8 [ccevtmgr.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\
ThreadCreationTime : 7-24-2004 10:41:14 PM
BasePriority : Normal
FileSize : 309 KB
FileVersion : 1.03.4
ProductVersion : 1.03.4
Copyright : Copyright © 2000-2002 Symantec Corporation. All rights reserved.
CompanyName : Symantec Corporation
FileDescription : Event Manager Service
InternalName : ccEvtMgr
OriginalFilename : ccEvtMgr.exe
ProductName : Event Manager
Created on : 10/31/2003 3:57:53 PM
Last accessed : 7/24/2004 10:41:05 PM
Last modified : 7/17/2003 5:16:38 PM

#:9 [bjmcmng.exe]
FilePath : C:\Program Files\Canon\BJCard\
ThreadCreationTime : 7-24-2004 10:41:15 PM
BasePriority : Normal
FileSize : 48 KB
FileVersion : 1.30
ProductVersion : 1.30
Copyright : Copyright CANON INC. 2000-2002 All Rights Reserved.
CompanyName : CANON INC.
FileDescription : Memory Card Manager
InternalName : Bjmcmng
OriginalFilename : Bjmcmng.exe
ProductName : Memory Card Utility
Created on : 10/15/2003 10:17:18 PM
Last accessed : 7/24/2004 10:41:05 PM
Last modified : 10/21/2002 3:36:50 PM

#:10 [navapsvc.exe]
FilePath : C:\Program Files\Norton SystemWorks\Norton AntiVirus\
ThreadCreationTime : 7-24-2004 10:41:15 PM
BasePriority : Normal
FileSize : 113 KB
FileVersion : 9.05.1015
ProductVersion : 9.05.1015
Copyright : Copyright © 2000-2002 Symantec Corporation. All rights reserved.
CompanyName : Symantec Corporation
FileDescription : Norton AntiVirus Auto-Protect Service
InternalName : NAVAPSVC
OriginalFilename : NAVAPSVC.EXE
ProductName : Norton AntiVirus
Created on : 10/31/2003 3:57:39 PM
Last accessed : 7/24/2004 10:39:38 PM
Last modified : 11/15/2002 1:41:26 AM

#:11 [nprotect.exe]
FilePath : C:\Program Files\Norton SystemWorks\Norton Utilities\
ThreadCreationTime : 7-24-2004 10:41:15 PM
BasePriority : Normal
FileSize : 132 KB
FileVersion : 16.00.0.22
ProductVersion : 16.00.0.22
Copyright : Copyright © 2003 Symantec Corporation
CompanyName : Symantec Corporation
FileDescription : Norton Protection Status
InternalName : NPROTECT
OriginalFilename : NPROTECT.EXE
ProductName : Norton Utilities
Created on : 10/31/2003 3:49:13 PM
Last accessed : 7/24/2004 10:41:05 PM
Last modified : 8/14/2002 12:03:00 PM

#:12 [nopdb.exe]
FilePath : C:\PROGRA~1\NORTON~1\SPEEDD~1\
ThreadCreationTime : 7-24-2004 10:41:15 PM
BasePriority : Normal
FileSize : 168 KB
FileVersion : 7.00.0.24
ProductVersion : 7.00.0.24
Copyright : Copyright © 2002
CompanyName : Symantec Corporation
FileDescription : NOPDB
InternalName : NOPDB
OriginalFilename : NOPDB.dll
ProductName : Norton Speed Disk
Created on : 10/31/2003 3:50:22 PM
Last accessed : 7/24/2004 10:41:05 PM
Last modified : 8/14/2002 12:00:00 PM

#:13 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ThreadCreationTime : 7-24-2004 10:41:15 PM
BasePriority : Normal
FileSize : 12 KB
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
OriginalFilename : svchost.exe
ProductName : Microsoft
Created on : 8/29/2002 10:00:00 AM
Last accessed : 7/24/2004 10:23:57 PM
Last modified : 8/29/2002 10:00:00 AM

#:14 [explorer.exe]
FilePath : C:\WINDOWS\
ThreadCreationTime : 7-24-2004 10:41:17 PM
BasePriority : Normal
FileSize : 980 KB
FileVersion : 6.00.2800.1106 (xpsp1.020828-1920)
ProductVersion : 6.00.2800.1106
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
OriginalFilename : EXPLORER.EXE
ProductName : Microsoft
Created on : 8/29/2002 10:00:00 AM
Last accessed : 7/24/2004 11:08:49 PM
Last modified : 8/29/2002 10:00:00 AM

#:15 [hkcmd.exe]
FilePath : C:\WINDOWS\System32\
ThreadCreationTime : 7-24-2004 10:41:22 PM
BasePriority : Normal
FileSize : 116 KB
FileVersion : 3.0.0.2285
ProductVersion : 7.0.0.2285
Copyright : Copyright 1999-2003, Intel Corporation
CompanyName : Intel Corporation
FileDescription : hkcmd Module
InternalName : HKCMD
OriginalFilename : HKCMD.EXE
ProductName : Intel® Common User Interface
Created on : 10/2/2003 7:19:44 PM
Last accessed : 7/24/2004 10:41:22 PM
Last modified : 10/2/2003 7:19:44 PM

#:16 [dsentry.exe]
FilePath : C:\WINDOWS\System32\
ThreadCreationTime : 7-24-2004 10:41:23 PM
BasePriority : Normal
FileSize : 28 KB
FileVersion : 1, 0, 2, 0
ProductVersion : 1, 0, 2, 0
Copyright : Copyright
CompanyName : Dell - Advanced Desktop Engineering
FileDescription : DVDSentry
InternalName : DVDSentry
OriginalFilename : DSentry.exe
ProductName : Dell - DVDSentry
Created on : 8/14/2002 11:22:52 PM
Last accessed : 7/24/2004 10:41:22 PM
Last modified : 8/14/2002 11:22:52 PM

#:17 [tvmon.exe]
FilePath : C:\Program Files\Canon\BJPV\
ThreadCreationTime : 7-24-2004 10:41:23 PM
BasePriority : Normal
FileSize : 44 KB
FileVersion : 1.00
ProductVersion : 1.00
Copyright : Copyright CANON INC. 2002 All Rights Reserved.
CompanyName : Canon Inc.
FileDescription : Canon Photo Viewer
InternalName : TVMon
OriginalFilename : TVMon.exe
ProductName : Canon Photo Viewer
Created on : 10/15/2003 10:16:44 PM
Last accessed : 7/24/2004 10:41:23 PM
Last modified : 1/21/2003 9:35:56 PM

#:18 [bjlaunch.exe]
FilePath : C:\Program Files\Canon\BJCard\
ThreadCreationTime : 7-24-2004 10:41:23 PM
BasePriority : Normal
FileSize : 700 KB
FileVersion : 1.30
ProductVersion : 1.30
Copyright : Copyright CANON INC. 2000-2002 All Rights Reserved.
CompanyName : CANON INC.
FileDescription : Memory Card Utility
InternalName : BJLaunch
OriginalFilename : BJLaunch.EXE
ProductName : Memory Card Utility
Created on : 10/15/2003 10:17:18 PM
Last accessed : 7/24/2004 10:41:23 PM
Last modified : 12/20/2002 7:26:04 PM

#:19 [ccapp.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\
ThreadCreationTime : 7-24-2004 10:41:24 PM
BasePriority : Normal
FileSize : 53 KB
FileVersion : 1.0.10.006
ProductVersion : 1.0.10.006
Copyright : Copyright © 2000-2002 Symantec Corporation. All rights reserved.
CompanyName : Symantec Corporation
FileDescription : Common Client CC App
InternalName : ccApp
OriginalFilename : ccApp.exe
ProductName : Common Client
Created on : 1/23/2004 4:02:33 PM
Last accessed : 7/24/2004 10:41:23 PM
Last modified : 12/2/2003 10:11:04 PM

#:20 [drgtodsc.exe]
FilePath : C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\
ThreadCreationTime : 7-24-2004 10:41:25 PM
BasePriority : Normal
FileSize : 740 KB
FileVersion : 6.0.0.171
ProductVersion : 6.0.0.171
Copyright : Copyright © 1999-2003 Roxio, Inc.
CompanyName : Roxio
FileDescription : Drag To Disc Application
InternalName : D2D
OriginalFilename : BurnCtrl.EXE
ProductName : Drag-to-Disc
Created on : 1/13/2003 4:19:26 PM
Last accessed : 7/24/2004 10:41:25 PM
Last modified : 1/13/2003 4:19:26 PM

#:21 [rxmon.exe]
FilePath : C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\
ThreadCreationTime : 7-24-2004 10:41:25 PM
BasePriority : Normal
FileSize : 248 KB
FileVersion : 1.0.100
ProductVersion : 1.0.100
Copyright : Copyright
CompanyName : Roxio, Inc.
FileDescription : Roxio AudioCentral Media Manager Tray App
InternalName : Roxio AudioCentral Media Manager Tray App
OriginalFilename : RxMon.exe
ProductName : AudioCentral Media Manager
Created on : 1/9/2003 3:21:26 PM
Last accessed : 7/24/2004 10:41:25 PM
Last modified : 1/9/2003 3:21:26 PM

#:22 [mm_tray.exe]
FilePath : C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\
ThreadCreationTime : 7-24-2004 10:41:26 PM
BasePriority : Normal
FileSize : 116 KB
FileVersion : 8.20.0107
ProductVersion : 8.20.0107
Copyright : Copyright
CompanyName : MUSICMATCH, Inc.
FileDescription : mm_tray
InternalName : mm_tray
OriginalFilename : mm_tray.exe
ProductName : MUSICMATCH JUKEBOX
Created on : 3/15/2004 5:34:03 PM
Last accessed : 7/24/2004 10:41:25 PM
Last modified : 1/26/2004 4:46:48 PM

#:23 [mmtask.exe]
FilePath : C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\
ThreadCreationTime : 7-24-2004 10:41:26 PM
BasePriority : Normal
FileSize : 52 KB
FileVersion : 1.0.0.1
ProductVersion : 1.0.0.1
Copyright : TODO: © <Company name>. All rights reserved.
CompanyName : TODO: <Company name>
FileDescription : TODO: <File description>
InternalName : mmtask.exe
OriginalFilename : mmtask.exe
ProductName : TODO: <Product name>
Created on : 3/15/2004 5:34:04 PM
Last accessed : 7/24/2004 10:41:26 PM
Last modified : 1/26/2004 4:46:48 PM

#:24 [ituneshelper.exe]
FilePath : C:\Program Files\iTunes\
ThreadCreationTime : 7-24-2004 10:41:27 PM
BasePriority : Normal
FileSize : 280 KB
FileVersion : 4.6.0.15
ProductVersion : 4.6.0.15
CompanyName : Apple Computer, Inc.
FileDescription : iTunesHelper Module
InternalName : iTunesHelper
OriginalFilename : iTunesHelper.exe
ProductName : iTunes
Created on : 6/4/2004 5:38:12 PM
Last accessed : 7/24/2004 10:41:26 PM
Last modified : 6/4/2004 5:38:12 PM

#:25 [realsched.exe]
FilePath : C:\Program Files\Common Files\Real\Update_OB\
ThreadCreationTime : 7-24-2004 10:41:27 PM
BasePriority : Normal
FileSize : 176 KB
FileVersion : 0.1.0.3034
ProductVersion : 0.1.0.3034
Copyright : Copyright
CompanyName : RealNetworks, Inc.
FileDescription : RealNetworks Scheduler
InternalName : schedapp
OriginalFilename : realsched.exe
ProductName : RealPlayer (32-bit)
Created on : 7/30/2003 7:17:26 AM
Last accessed : 7/24/2004 10:41:27 PM
Last modified : 7/10/2004 8:25:29 PM

#:26 [ipodservice.exe]
FilePath : C:\Program Files\iPod\bin\
ThreadCreationTime : 7-24-2004 10:41:28 PM
BasePriority : Normal
FileSize : 392 KB
FileVersion : 4.6.0.15
ProductVersion : 4.6.0.15
CompanyName : Apple Computer, Inc.
FileDescription : iPodService Module
InternalName : iPodService
OriginalFilename : iPodService.exe
ProductName : iTunes
Created on : 6/4/2004 5:37:56 PM
Last accessed : 7/24/2004 10:39:45 PM
Last modified : 6/4/2004 5:37:56 PM

#:27 [playlist.exe]
FilePath : C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\
ThreadCreationTime : 7-24-2004 10:41:29 PM
BasePriority : Normal
FileSize : 112 KB
FileVersion : 1.0.98
ProductVersion : 1.0.98
Copyright : Copyright
CompanyName : Roxio, Inc.
FileDescription : Roxio AudioCentral Media Manager Playlist
InternalName : Roxio AudioCentral Media Manager Playlist
OriginalFilename : PlayList.exe
ProductName : AudioCentral Media Manager
Created on : 1/9/2003 4:20:20 PM
Last accessed : 7/24/2004 10:41:05 PM
Last modified : 1/9/2003 4:20:20 PM

#:28 [thguard.exe]
FilePath : C:\Program Files\TrojanHunter 3.9\
ThreadCreationTime : 7-24-2004 10:41:34 PM
BasePriority : Normal
FileSize : 1042 KB
FileVersion : 3.8.0.272
ProductVersion : 1.0.0.0
Copyright : Mischel Internet Security
CompanyName : Mischel Internet Security
FileDescription : TrojanHunter Guard
OriginalFilename : THGuard.exe
ProductName : TrojanHunter Guard
Created on : 2/25/2004 6:40:08 AM
Last accessed : 7/24/2004 10:41:38 PM
Last modified : 2/25/2004 6:40:08 AM

#:29 [cursorxp.exe]
FilePath : C:\Program Files\CursorXP\
ThreadCreationTime : 7-24-2004 10:41:35 PM
BasePriority : High
FileSize : 122 KB
FileVersion : 1, 3, 0, 0
ProductVersion : 1, 3, 0, 0
Copyright : Copyright
FileDescription : CursorXP
InternalName : CursorXP
OriginalFilename : CursorXP.exe
ProductName : Stardock CursorXP
Created on : 11/22/2003 4:43:31 PM
Last accessed : 7/24/2004 10:41:35 PM
Last modified : 3/1/2003 10:40:20 PM

#:30 [trueweather.exe]
FilePath : C:\Program Files\Common Files\10-11 Web Alert\
ThreadCreationTime : 7-24-2004 10:41:39 PM
BasePriority : Normal
FileSize : 1226 KB
FileVersion : 1, 0, 0, 277
ProductVersion : 1, 0, 0, 277
Copyright : TrueWeather Copyright © 2001-2004
CompanyName : Digital Information Network
OriginalFilename : TrueWeather.exe
ProductName : TrueWeather
Created on : 5/17/2004 4:55:42 PM
Last accessed : 7/24/2004 10:41:56 PM
Last modified : 6/29/2004 9:10:07 PM

#:31 [sgmain.exe]
FilePath : C:\Program Files\SpywareGuard\
ThreadCreationTime : 7-24-2004 10:41:41 PM
BasePriority : Normal
FileSize : 352 KB
FileVersion : 2.02.0001
ProductVersion : 2.02.0001
Copyright : Copyright © 2002-2003 Javacool Software LLC
FileDescription : SpywareGuard
InternalName : sgmain
OriginalFilename : sgmain.exe
ProductName : SpywareGuard
Created on : 8/30/2003 12:05:35 AM
Last accessed : 7/24/2004 10:41:41 PM
Last modified : 8/30/2003 12:05:35 AM

#:32 [webshots.scr]
FilePath : C:\WINDOWS\
ThreadCreationTime : 7-24-2004 10:41:48 PM
BasePriority : Normal
FileSize : 1912 KB
FileVersion : 2.0.0.4324
ProductVersion : 2.0.0.4324
Copyright : Copyright © 2003
CompanyName : Webshots.com
FileDescription : Webshots Photo Manager
InternalName : Webshots2
OriginalFilename : Webshots2.EXE
ProductName : The Webshots Desktop
Created on : 11/22/2003 5:03:14 PM
Last accessed : 7/24/2004 10:41:05 PM
Last modified : 10/30/2003 7:51:20 PM

#:33 [sgbhp.exe]
FilePath : C:\Program Files\SpywareGuard\
ThreadCreationTime : 7-24-2004 10:41:59 PM
BasePriority : Normal
FileSize : 228 KB
FileVersion : 2.02.0001
ProductVersion : 2.02.0001
Copyright : Copyright © 2002-2003 Javacool Software LLC.
FileDescription : SG Browser Hijacking Protection
InternalName : sgbhp
OriginalFilename : sgbhp.exe
ProductName : SG Browser Hijacking Protection
Created on : 8/29/2003 4:14:56 PM
Last accessed : 7/24/2004 11:13:05 PM
Last modified : 8/29/2003 4:14:56 PM

#:34 [iexplore.exe]
FilePath : C:\Program Files\Avant Browser\
ThreadCreationTime : 7-24-2004 10:43:35 PM
BasePriority : Normal
FileSize : 675 KB
FileVersion : 9.0.2.33
ProductVersion : 9.0
CompanyName : Avant Browser
FileDescription : Avant Browser
ProductName : Avant Browser
Created on : 6/17/2004 7:21:38 AM
Last accessed : 7/24/2004 11:10:06 PM
Last modified : 6/17/2004 7:21:38 AM

#:35 [ad-aware.exe]
FilePath : C:\Program Files\Lavasoft\Ad-aware 6\
ThreadCreationTime : 7-24-2004 11:10:28 PM
BasePriority : Normal
FileSize : 668 KB
FileVersion : 6.0.1.181
ProductVersion : 6.0.0.0
Copyright : Copyright
CompanyName : Lavasoft Sweden
FileDescription : Ad-aware 6 core application
InternalName : Ad-aware.exe
OriginalFilename : Ad-aware.exe
ProductName : Lavasoft Ad-aware Plus
Created on : 4/10/2004 4:39:08 PM
Last accessed : 7/24/2004 11:10:28 PM
Last modified : 7/13/2003 3:00:20 AM

#:36 [msmsgs.exe]
FilePath : C:\Program Files\Messenger\
ThreadCreationTime : 7-24-2004 11:11:05 PM
BasePriority : Normal
FileSize : 1456 KB
FileVersion : 4.7.2009
ProductVersion : Version 4.7
Copyright : Copyright © Microsoft Corporation 1997-2003
CompanyName : Microsoft Corporation
FileDescription : Messenger
InternalName : msmsgs
OriginalFilename : msmsgs.exe
ProductName : Messenger
Created on : 4/15/2003 12:30:14 AM
Last accessed : 7/24/2004 11:09:02 PM
Last modified : 4/15/2003 12:30:14 AM

Memory scan result :
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
New objects : 0
Objects found so far: 0


Started registry scan
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ

Registry scan result :
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
New objects : 0
Objects found so far: 0


Started deep registry scan
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
Possible browser hijack attempt : Software\Microsoft\Internet Explorer\MainStart Pageabout:blank

Possible Browser Hijack attempt Object recognized!
Type : RegData
Data : "about:blank"
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Internet Explorer\Main
Value : Start Page
Data : "about:blank"


Deep registry scan result :
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
New objects : 1
Objects found so far: 1


Deep scanning and examining files (C:)
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ

VX2 Object recognized!
Type : File
Data : a0028302.dll
Object : C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP360\
FileSize : 313 KB
Created on : 7/24/2004 7:00:36 PM
Last accessed : 7/24/2004 11:25:40 PM
Last modified : 7/21/2004 2:33:49 PM



VX2 Object recognized!
Type : File
Data : a0028303.dll
Object : C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP360\
FileSize : 313 KB
Created on : 7/24/2004 6:03:16 PM
Last accessed : 7/24/2004 11:25:40 PM
Last modified : 7/21/2004 2:33:49 PM



VX2 Object recognized!
Type : File
Data : a0028314.dll
Object : C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP360\
FileSize : 313 KB
Created on : 7/24/2004 7:54:18 PM
Last accessed : 7/24/2004 11:25:40 PM
Last modified : 7/21/2004 2:33:49 PM



VX2 Object recognized!
Type : File
Data : 6fo4svc.dll
Object : C:\WINDOWS\SYSTEM32\
FileSize : 313 KB
Created on : 7/24/2004 10:41:14 PM
Last accessed : 7/24/2004 10:41:14 PM
Last modified : 7/21/2004 2:33:49 PM



VX2 Object recognized!
Type : File
Data : aeaamon.dll
Object : C:\WINDOWS\SYSTEM32\
FileSize : 313 KB
Created on : 7/24/2004 9:41:01 PM
Last accessed : 7/24/2004 11:27:31 PM
Last modified : 7/21/2004 2:33:49 PM



VX2 Object recognized!
Type : File
Data : agsldp.dll
Object : C:\WINDOWS\SYSTEM32\
FileSize : 313 KB
Created on : 7/24/2004 8:27:44 PM
Last accessed : 7/24/2004 11:27:31 PM
Last modified : 7/21/2004 2:33:49 PM



VX2 Object recognized!
Type : File
Data : atlui.dll
Object : C:\WINDOWS\SYSTEM32\
FileSize : 313 KB
Created on : 7/24/2004 9:50:36 PM
Last accessed : 7/24/2004 11:27:32 PM
Last modified : 7/21/2004 2:33:49 PM



VX2 Object recognized!
Type : File
Data : aylui.dll
Object : C:\WINDOWS\SYSTEM32\
FileSize : 313 KB
Created on : 7/24/2004 9:45:32 PM
Last accessed : 7/24/2004 11:27:33 PM
Last modified : 7/21/2004 2:33:49 PM



Disk scan result for C:\
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
New objects : 0
Objects found so far: 9


Scanning Hosts file(C:\WINDOWS\System32\drivers\etc\hosts)
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ

Hosts file scan result:
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
13 entries scanned.
New objects :0
Objects found so far: 9




Performing conditional scans..
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ

Conditional scan result:
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
New objects : 0
Objects found so far: 9


6:29:30 PM Scan complete

Summary of this scan
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
Total scanning time :00:16:26:610
Objects scanned :174077
Objects identified :9
Objects ignored :0
New objects :9

#3 12g

12g

    Forum Deity

  • Trusted Advisor
  • PipPipPipPipPip
  • 1,167 posts

Posted 25 July 2004 - 09:49 AM

Hi there,


Please do this;

Download LSPfix Here

Launch the application, and click the "I know what I'm doing" checkbox.

Check all instances of 'lspak.dll' (and nothing else), and move them to the "Remove" pane.
Then click Finish.


Next;

You are running hijackthis from your desktop, this is not a good idea because when we do a fix hijackthis will create backups and they will be spread all over your desktop. Can you please create a folder in My Documents and call it Hijack (or something similar) like this C:\HJT\HijackThis.exe. Then extract hijackthis into the folder you have created and run it from there. When you have done that, delete the copy of hijackthis that you have on your desktop.

Reboot, then post a fresh log

Edited by 12g, 25 July 2004 - 09:54 AM.


#4 darkerblue

darkerblue

    Member

  • Full Member
  • Pip
  • 9 posts

Posted 25 July 2004 - 10:54 AM

Popups seem to be gone (for now), but just making sure everything is checking out okay. Moved HJ and ran lspfix, deleted lspak.dll. New log:


Logfile of HijackThis v1.98.0
Scan saved at 10:51:03 AM, on 7/25/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Canon\BJCard\Bjmcmng.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Canon\BJPV\TVMon.exe
C:\Program Files\Canon\BJCard\BJLaunch.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\TrojanHunter 3.9\THGuard.exe
C:\Program Files\CursorXP\CursorXP.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
C:\Program Files\Common Files\10-11 Web Alert\TrueWeather.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\WINDOWS\webshots.scr
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.weather.c...her/local/68528
O1 - Hosts: 69.20.16.183 ieautosearch
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [BJPD HID Control] C:\Program Files\Canon\BJPV\TVMon.exe
O4 - HKLM\..\Run: [BJLaunchEXE] C:\Program Files\Canon\BJCard\BJLaunch.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 3.9\THGuard.exe"
O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: 10-11 Web Alert.lnk = C:\Program Files\Common Files\10-11 Web Alert\TrueWeather.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: ICQ 4.0 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE



thanks again. :wave:

#5 darkerblue

darkerblue

    Member

  • Full Member
  • Pip
  • 9 posts

Posted 25 July 2004 - 11:01 AM

deleted O1 - Hosts: 69.20.16.183 ieautosearch

#6 12g

12g

    Forum Deity

  • Trusted Advisor
  • PipPipPipPipPip
  • 1,167 posts

Posted 25 July 2004 - 11:07 AM

Hi there,

Ok apart from this optional fix, and are you happy being directed to Rackspace?, if so, your log is clean now. If you want me to do something about Rackspace let me know.

This is the optional fix;

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE<<<<These items are considered to be resource hogs that are not needed and it may be worthwhile to fix them with HJT. You will still be able to start them manually if you need them...

To provide future protection - I would advise you to download and install:

SpywareBlaster will block bad ActiveX and malevolent cookies. Download from Here

IE-SPYAD puts over 5000 sites in your restricted zone, if you use IE, so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all. Download
Here

Both are very small free programs that you run once, and then just weekly to check for updates.

And also see
So how did I get infected in the first place?

#7 darkerblue

darkerblue

    Member

  • Full Member
  • Pip
  • 9 posts

Posted 25 July 2004 - 01:11 PM

Ok apart from this optional fix, and are you happy being directed to Rackspace?

Still getting popups. :( Deleted O4 - Global Startup: Microsoft Office.lnk
= C:\Program Files\Microsoft Office\Office10\OSA.EXE. What do you mean by Rackspace?


Logfile of HijackThis v1.98.0
Scan saved at 1:10:06 PM, on 7/25/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Canon\BJCard\Bjmcmng.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Canon\BJPV\TVMon.exe
C:\Program Files\Canon\BJCard\BJLaunch.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\TrojanHunter 3.9\THGuard.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\CursorXP\CursorXP.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
C:\Program Files\Common Files\10-11 Web Alert\TrueWeather.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\WINDOWS\webshots.scr
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Avant Browser\iexplore.exe
C:\HJT\HijackThis.exe
C:\Program Files\Messenger\msmsgs.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.weather.c...her/local/68528
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [BJPD HID Control] C:\Program Files\Canon\BJPV\TVMon.exe
O4 - HKLM\..\Run: [BJLaunchEXE] C:\Program Files\Canon\BJCard\BJLaunch.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 3.9\THGuard.exe"
O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: 10-11 Web Alert.lnk = C:\Program Files\Common Files\10-11 Web Alert\TrueWeather.exe
O8 - Extra context menu item: Add to AD Black List - C:\Program Files\Avant Browser\AddToADBlackList.htm
O8 - Extra context menu item: Block All Images from the Same Server - C:\Program Files\Avant Browser\AddAllToADBlackList.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Highlight - C:\Program Files\Avant Browser\Highlight.htm
O8 - Extra context menu item: Open All Links in This Page... - C:\Program Files\Avant Browser\OpenAllLinks.htm
O8 - Extra context menu item: Search - C:\Program Files\Avant Browser\Search.htm
O9 - Extra button: ICQ 4.0 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

#8 12g

12g

    Forum Deity

  • Trusted Advisor
  • PipPipPipPipPip
  • 1,167 posts

Posted 25 July 2004 - 02:01 PM

Hi there,

Don't worry about Rackspace, that was the hosts file you deleted.

Ok I would like you to fix this one, unless you know of it.

Make sure all browsers and windows are closed except for hijackthis and put a check against the following and click 'fix checked';


O4 - Global Startup: 10-11 Web Alert.lnk = C:\Program Files\Common Files\10-11 Web Alert\TrueWeather.exe




Restart your computer in
Safe Mode Also make sure you show hidden files Then delete the following files or folders as indicated below if they still show:

Not all or any of these may still show,


C:\Program Files\Common Files\10-11 Web Alert\TrueWeather.exe<<<<Folder

Reboot, then post a fresh logfile so that I can check to see if it is clean.

#9 darkerblue

darkerblue

    Member

  • Full Member
  • Pip
  • 9 posts

Posted 25 July 2004 - 02:11 PM

that trueweather is actually a little weather alert thing i downloaded through the local weather station. i'm almost 100% positive it has no adware or anything. well, no more than weatherbug anyways. :rofl:

but i'm still getting ads like
http://ads1.revenue....id=1&r_num=4459

the ads are for spyware blocking software and stuff. kind of ironic.

i use avant browser. is that recommended??


Logfile of HijackThis v1.98.0
Scan saved at 2:09:35 PM, on 7/25/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Canon\BJCard\Bjmcmng.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Canon\BJPV\TVMon.exe
C:\Program Files\Canon\BJCard\BJLaunch.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\CursorXP\CursorXP.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
C:\Program Files\Common Files\10-11 Web Alert\TrueWeather.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\WINDOWS\webshots.scr
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.weather.c...her/local/68528
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [BJPD HID Control] C:\Program Files\Canon\BJPV\TVMon.exe
O4 - HKLM\..\Run: [BJLaunchEXE] C:\Program Files\Canon\BJCard\BJLaunch.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: 10-11 Web Alert.lnk = C:\Program Files\Common Files\10-11 Web Alert\TrueWeather.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: ICQ 4.0 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

#10 12g

12g

    Forum Deity

  • Trusted Advisor
  • PipPipPipPipPip
  • 1,167 posts

Posted 26 July 2004 - 08:20 AM

that trueweather is actually a little weather alert thing i downloaded through the local weather station.  i'm almost 100% positive it has no adware or anything.  well, no more than weatherbug anyways.  :rofl:

but i'm still getting ads like
http://ads1.revenue....id=1&r_num=4459

the ads are for spyware blocking software and stuff.  kind of ironic.

i use avant browser.  is that recommended??


Hi there,

Yes Avant is ok to use. Are you pasting the full log for me? you haven't let it ignore anything have you? I would also suggest that we fix that TrueWeather program, but then restore it. I will show you how to do that after you answer me about the log.

#11 12g

12g

    Forum Deity

  • Trusted Advisor
  • PipPipPipPipPip
  • 1,167 posts

Posted 26 July 2004 - 10:12 AM

Hi there,

From the last post leave trueweather at the moment, try this first;


Download this: http://www.downloads...g/VX2Finder.exe and run it

1-Click "Click To find Find VX2.Abetterinternet"

2-Delete all files found
You will get a message about "cannot delete this one" matching the same name in the Guardian Key.

3-Click "Open regedit" will take you right to the Guardian Key(no need to search for it)

4-Hilite "Guardian", RightClick and choose Security/permissions, you'll get another window with 'advanced'...
DE-select (uncheck) the lower box with "inheritable permissions"
Hit 'ok' and 'remove' on the following security prompts.

Restart computer.

5-On restart use VX2Finder again, select + delete the last file, click "User Agent$" will remove that entry from the registry.

6-Click "Open regedit" again, this time restoring the checkmark in "inheritable permissions"

7-Click "Guardian.reg" in VX2Finder Deletes the Guardian Key.

8-Use Find again should produce a clean log of blank values.

9-Click "Restore Policy" to restore the Debug policy altered in the look2Me installation.(requires reboot to apply,)

But do this first,

Sometimes, when a PC is infected a copy of the file is backed up in your System Restore (XP and ME). By default, Windows prevents System Restore from being modified by outside programs, which includes your AntiVirus program.

One of the best features of Windows XP is the System Restore option, however if a virus infects a computer with this operating system the virus can be backed up in the System Restore folder. Therefore, clearing the restore points is necessary after a virus removal.

To reset your restore points, please note that you will need to log into your computer with an account which has full administrator access. You will know if the account has administrator access because you will be able to see the System Restore tab. If the tab is missing, you are logged in under a limited account.

Disabling System Restore does not delete or remove any of your personal data from your computer. The only files removed are those that System Restore created in the _RESTORE folder, the restore points.

(winXP)

Turn off System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

Reboot.

Run Adaware again, then post the log here.

System restore can be turned back on after your Adaware log has been checked.

#12 darkerblue

darkerblue

    Member

  • Full Member
  • Pip
  • 9 posts

Posted 26 July 2004 - 10:57 AM

Turned of Restore, ran VX2, deleted files and ran other options as asked, ran adaware, found 1 regkey. Heres the adaware and HJT logs. Hopefully this works. THANKS SO MUCH FOR ALL THE HELP! :D



Lavasoft Ad-aware Personal Build 6.181
Logfile created on :Monday, July 26, 2004 10:37:35 AM
Created with Ad-aware Personal, free for private use.
Using reference-file :01R334 24.07.2004
______________________________________________________

Ad-aware Settings
=========================
Set : Activate in-depth scan (Recommended)
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file


7-26-2004 10:37:35 AM - Scan started. (Custom mode)

Listing running processes
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ

#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ThreadCreationTime : 7-26-2004 3:36:21 PM
BasePriority : Normal


#:2 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ThreadCreationTime : 7-26-2004 3:36:27 PM
BasePriority : High


#:3 [services.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 7-26-2004 3:36:27 PM
BasePriority : Normal
FileSize : 99 KB
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
OriginalFilename : services.exe
ProductName : Microsoft
Created on : 8/29/2002 10:00:00 AM
Last accessed : 7/26/2004 3:20:30 PM
Last modified : 8/29/2002 10:00:00 AM

#:4 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 7-26-2004 3:36:27 PM
BasePriority : Normal
FileSize : 11 KB
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
OriginalFilename : lsass.exe
ProductName : Microsoft
Created on : 8/29/2002 10:00:00 AM
Last accessed : 7/26/2004 3:20:30 PM
Last modified : 8/29/2002 10:00:00 AM

#:5 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 7-26-2004 3:36:27 PM
BasePriority : Normal
FileSize : 12 KB
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
OriginalFilename : svchost.exe
ProductName : Microsoft
Created on : 8/29/2002 10:00:00 AM
Last accessed : 7/26/2004 3:20:30 PM
Last modified : 8/29/2002 10:00:00 AM

#:6 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ThreadCreationTime : 7-26-2004 3:36:28 PM
BasePriority : Normal
FileSize : 12 KB
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
OriginalFilename : svchost.exe
ProductName : Microsoft
Created on : 8/29/2002 10:00:00 AM
Last accessed : 7/26/2004 3:20:30 PM
Last modified : 8/29/2002 10:00:00 AM

#:7 [explorer.exe]
FilePath : C:\WINDOWS\
ThreadCreationTime : 7-26-2004 3:36:30 PM
BasePriority : Normal
FileSize : 980 KB
FileVersion : 6.00.2800.1106 (xpsp1.020828-1920)
ProductVersion : 6.00.2800.1106
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
OriginalFilename : EXPLORER.EXE
ProductName : Microsoft
Created on : 8/29/2002 10:00:00 AM
Last accessed : 7/26/2004 3:36:30 PM
Last modified : 8/29/2002 10:00:00 AM

#:8 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 7-26-2004 3:36:30 PM
BasePriority : Normal
FileSize : 50 KB
FileVersion : 5.1.2600.0 (XPClient.010817-1148)
ProductVersion : 5.1.2600.0
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
OriginalFilename : spoolsv.exe
ProductName : Microsoft
Created on : 8/29/2002 10:00:00 AM
Last accessed : 7/26/2004 3:20:30 PM
Last modified : 8/29/2002 10:00:00 AM

#:9 [ccevtmgr.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\
ThreadCreationTime : 7-26-2004 3:36:30 PM
BasePriority : Normal
FileSize : 309 KB
FileVersion : 1.03.4
ProductVersion : 1.03.4
Copyright : Copyright © 2000-2002 Symantec Corporation. All rights reserved.
CompanyName : Symantec Corporation
FileDescription : Event Manager Service
InternalName : ccEvtMgr
OriginalFilename : ccEvtMgr.exe
ProductName : Event Manager
Created on : 10/31/2003 3:57:53 PM
Last accessed : 7/26/2004 3:20:30 PM
Last modified : 7/17/2003 5:16:38 PM

#:10 [bjmcmng.exe]
FilePath : C:\Program Files\Canon\BJCard\
ThreadCreationTime : 7-26-2004 3:36:31 PM
BasePriority : Normal
FileSize : 48 KB
FileVersion : 1.30
ProductVersion : 1.30
Copyright : Copyright CANON INC. 2000-2002 All Rights Reserved.
CompanyName : CANON INC.
FileDescription : Memory Card Manager
InternalName : Bjmcmng
OriginalFilename : Bjmcmng.exe
ProductName : Memory Card Utility
Created on : 10/15/2003 10:17:18 PM
Last accessed : 7/26/2004 3:20:30 PM
Last modified : 10/21/2002 3:36:50 PM

#:11 [navapsvc.exe]
FilePath : C:\Program Files\Norton SystemWorks\Norton AntiVirus\
ThreadCreationTime : 7-26-2004 3:36:31 PM
BasePriority : Normal
FileSize : 113 KB
FileVersion : 9.05.1015
ProductVersion : 9.05.1015
Copyright : Copyright © 2000-2002 Symantec Corporation. All rights reserved.
CompanyName : Symantec Corporation
FileDescription : Norton AntiVirus Auto-Protect Service
InternalName : NAVAPSVC
OriginalFilename : NAVAPSVC.EXE
ProductName : Norton AntiVirus
Created on : 10/31/2003 3:57:39 PM
Last accessed : 7/26/2004 3:19:24 PM
Last modified : 11/15/2002 1:41:26 AM

#:12 [nprotect.exe]
FilePath : C:\Program Files\Norton SystemWorks\Norton Utilities\
ThreadCreationTime : 7-26-2004 3:36:31 PM
BasePriority : Normal
FileSize : 132 KB
FileVersion : 16.00.0.22
ProductVersion : 16.00.0.22
Copyright : Copyright © 2003 Symantec Corporation
CompanyName : Symantec Corporation
FileDescription : Norton Protection Status
InternalName : NPROTECT
OriginalFilename : NPROTECT.EXE
ProductName : Norton Utilities
Created on : 10/31/2003 3:49:13 PM
Last accessed : 7/26/2004 3:20:30 PM
Last modified : 8/14/2002 12:03:00 PM

#:13 [nopdb.exe]
FilePath : C:\PROGRA~1\NORTON~1\SPEEDD~1\
ThreadCreationTime : 7-26-2004 3:36:31 PM
BasePriority : Normal
FileSize : 168 KB
FileVersion : 7.00.0.24
ProductVersion : 7.00.0.24
Copyright : Copyright © 2002
CompanyName : Symantec Corporation
FileDescription : NOPDB
InternalName : NOPDB
OriginalFilename : NOPDB.dll
ProductName : Norton Speed Disk
Created on : 10/31/2003 3:50:22 PM
Last accessed : 7/26/2004 3:20:30 PM
Last modified : 8/14/2002 12:00:00 PM

#:14 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ThreadCreationTime : 7-26-2004 3:36:31 PM
BasePriority : Normal
FileSize : 12 KB
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
OriginalFilename : svchost.exe
ProductName : Microsoft
Created on : 8/29/2002 10:00:00 AM
Last accessed : 7/26/2004 3:20:30 PM
Last modified : 8/29/2002 10:00:00 AM

#:15 [hkcmd.exe]
FilePath : C:\WINDOWS\System32\
ThreadCreationTime : 7-26-2004 3:36:34 PM
BasePriority : Normal
FileSize : 116 KB
FileVersion : 3.0.0.2285
ProductVersion : 7.0.0.2285
Copyright : Copyright 1999-2003, Intel Corporation
CompanyName : Intel Corporation
FileDescription : hkcmd Module
InternalName : HKCMD
OriginalFilename : HKCMD.EXE
ProductName : Intel® Common User Interface
Created on : 10/2/2003 7:19:44 PM
Last accessed : 7/26/2004 3:36:32 PM
Last modified : 10/2/2003 7:19:44 PM

#:16 [dsentry.exe]
FilePath : C:\WINDOWS\System32\
ThreadCreationTime : 7-26-2004 3:36:35 PM
BasePriority : Normal
FileSize : 28 KB
FileVersion : 1, 0, 2, 0
ProductVersion : 1, 0, 2, 0
Copyright : Copyright
CompanyName : Dell - Advanced Desktop Engineering
FileDescription : DVDSentry
InternalName : DVDSentry
OriginalFilename : DSentry.exe
ProductName : Dell - DVDSentry
Created on : 8/14/2002 11:22:52 PM
Last accessed : 7/26/2004 3:36:35 PM
Last modified : 8/14/2002 11:22:52 PM

#:17 [tvmon.exe]
FilePath : C:\Program Files\Canon\BJPV\
ThreadCreationTime : 7-26-2004 3:36:35 PM
BasePriority : Normal
FileSize : 44 KB
FileVersion : 1.00
ProductVersion : 1.00
Copyright : Copyright CANON INC. 2002 All Rights Reserved.
CompanyName : Canon Inc.
FileDescription : Canon Photo Viewer
InternalName : TVMon
OriginalFilename : TVMon.exe
ProductName : Canon Photo Viewer
Created on : 10/15/2003 10:16:44 PM
Last accessed : 7/26/2004 3:36:35 PM
Last modified : 1/21/2003 9:35:56 PM

#:18 [bjlaunch.exe]
FilePath : C:\Program Files\Canon\BJCard\
ThreadCreationTime : 7-26-2004 3:36:35 PM
BasePriority : Normal
FileSize : 700 KB
FileVersion : 1.30
ProductVersion : 1.30
Copyright : Copyright CANON INC. 2000-2002 All Rights Reserved.
CompanyName : CANON INC.
FileDescription : Memory Card Utility
InternalName : BJLaunch
OriginalFilename : BJLaunch.EXE
ProductName : Memory Card Utility
Created on : 10/15/2003 10:17:18 PM
Last accessed : 7/26/2004 3:36:35 PM
Last modified : 12/20/2002 7:26:04 PM

#:19 [ccapp.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\
ThreadCreationTime : 7-26-2004 3:36:36 PM
BasePriority : Normal
FileSize : 53 KB
FileVersion : 1.0.10.006
ProductVersion : 1.0.10.006
Copyright : Copyright © 2000-2002 Symantec Corporation. All rights reserved.
CompanyName : Symantec Corporation
FileDescription : Common Client CC App
InternalName : ccApp
OriginalFilename : ccApp.exe
ProductName : Common Client
Created on : 1/23/2004 4:02:33 PM
Last accessed : 7/26/2004 3:36:35 PM
Last modified : 12/2/2003 10:11:04 PM

#:20 [drgtodsc.exe]
FilePath : C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\
ThreadCreationTime : 7-26-2004 3:36:37 PM
BasePriority : Normal
FileSize : 740 KB
FileVersion : 6.0.0.171
ProductVersion : 6.0.0.171
Copyright : Copyright © 1999-2003 Roxio, Inc.
CompanyName : Roxio
FileDescription : Drag To Disc Application
InternalName : D2D
OriginalFilename : BurnCtrl.EXE
ProductName : Drag-to-Disc
Created on : 1/13/2003 4:19:26 PM
Last accessed : 7/26/2004 3:36:37 PM
Last modified : 1/13/2003 4:19:26 PM

#:21 [rxmon.exe]
FilePath : C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\
ThreadCreationTime : 7-26-2004 3:36:38 PM
BasePriority : Normal
FileSize : 248 KB
FileVersion : 1.0.100
ProductVersion : 1.0.100
Copyright : Copyright
CompanyName : Roxio, Inc.
FileDescription : Roxio AudioCentral Media Manager Tray App
InternalName : Roxio AudioCentral Media Manager Tray App
OriginalFilename : RxMon.exe
ProductName : AudioCentral Media Manager
Created on : 1/9/2003 3:21:26 PM
Last accessed : 7/26/2004 3:36:37 PM
Last modified : 1/9/2003 3:21:26 PM

#:22 [mm_tray.exe]
FilePath : C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\
ThreadCreationTime : 7-26-2004 3:36:38 PM
BasePriority : Normal
FileSize : 116 KB
FileVersion : 8.20.0107
ProductVersion : 8.20.0107
Copyright : Copyright
CompanyName : MUSICMATCH, Inc.
FileDescription : mm_tray
InternalName : mm_tray
OriginalFilename : mm_tray.exe
ProductName : MUSICMATCH JUKEBOX
Created on : 3/15/2004 5:34:03 PM
Last accessed : 7/26/2004 3:36:38 PM
Last modified : 1/26/2004 4:46:48 PM

#:23 [mmtask.exe]
FilePath : C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\
ThreadCreationTime : 7-26-2004 3:36:39 PM
BasePriority : Normal
FileSize : 52 KB
FileVersion : 1.0.0.1
ProductVersion : 1.0.0.1
Copyright : TODO: © <Company name>. All rights reserved.
CompanyName : TODO: <Company name>
FileDescription : TODO: <File description>
InternalName : mmtask.exe
OriginalFilename : mmtask.exe
ProductName : TODO: <Product name>
Created on : 3/15/2004 5:34:04 PM
Last accessed : 7/26/2004 3:36:38 PM
Last modified : 1/26/2004 4:46:48 PM

#:24 [ituneshelper.exe]
FilePath : C:\Program Files\iTunes\
ThreadCreationTime : 7-26-2004 3:36:40 PM
BasePriority : Normal
FileSize : 280 KB
FileVersion : 4.6.0.15
ProductVersion : 4.6.0.15
CompanyName : Apple Computer, Inc.
FileDescription : iTunesHelper Module
InternalName : iTunesHelper
OriginalFilename : iTunesHelper.exe
ProductName : iTunes
Created on : 6/4/2004 5:38:12 PM
Last accessed : 7/26/2004 3:36:39 PM
Last modified : 6/4/2004 5:38:12 PM

#:25 [realsched.exe]
FilePath : C:\Program Files\Common Files\Real\Update_OB\
ThreadCreationTime : 7-26-2004 3:36:40 PM
BasePriority : Normal
FileSize : 176 KB
FileVersion : 0.1.0.3034
ProductVersion : 0.1.0.3034
Copyright : Copyright
CompanyName : RealNetworks, Inc.
FileDescription : RealNetworks Scheduler
InternalName : schedapp
OriginalFilename : realsched.exe
ProductName : RealPlayer (32-bit)
Created on : 7/30/2003 7:17:26 AM
Last accessed : 7/26/2004 3:36:40 PM
Last modified : 7/10/2004 8:25:29 PM

#:26 [cursorxp.exe]
FilePath : C:\Program Files\CursorXP\
ThreadCreationTime : 7-26-2004 3:36:40 PM
BasePriority : High
FileSize : 122 KB
FileVersion : 1, 3, 0, 0
ProductVersion : 1, 3, 0, 0
Copyright : Copyright
FileDescription : CursorXP
InternalName : CursorXP
OriginalFilename : CursorXP.exe
ProductName : Stardock CursorXP
Created on : 11/22/2003 4:43:31 PM
Last accessed : 7/26/2004 3:36:40 PM
Last modified : 3/1/2003 10:40:20 PM

#:27 [msmsgs.exe]
FilePath : C:\Program Files\Messenger\
ThreadCreationTime : 7-26-2004 3:36:42 PM
BasePriority : Normal
FileSize : 1456 KB
FileVersion : 4.7.2009
ProductVersion : Version 4.7
Copyright : Copyright © Microsoft Corporation 1997-2003
CompanyName : Microsoft Corporation
FileDescription : Messenger
InternalName : msmsgs
OriginalFilename : msmsgs.exe
ProductName : Messenger
Created on : 4/15/2003 12:30:14 AM
Last accessed : 7/26/2004 3:15:52 PM
Last modified : 4/15/2003 12:30:14 AM

#:28 [playlist.exe]
FilePath : C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\
ThreadCreationTime : 7-26-2004 3:36:42 PM
BasePriority : Normal
FileSize : 112 KB
FileVersion : 1.0.98
ProductVersion : 1.0.98
Copyright : Copyright
CompanyName : Roxio, Inc.
FileDescription : Roxio AudioCentral Media Manager Playlist
InternalName : Roxio AudioCentral Media Manager Playlist
OriginalFilename : PlayList.exe
ProductName : AudioCentral Media Manager
Created on : 1/9/2003 4:20:20 PM
Last accessed : 7/26/2004 3:20:30 PM
Last modified : 1/9/2003 4:20:20 PM

#:29 [ipodservice.exe]
FilePath : C:\Program Files\iPod\bin\
ThreadCreationTime : 7-26-2004 3:36:42 PM
BasePriority : Normal
FileSize : 392 KB
FileVersion : 4.6.0.15
ProductVersion : 4.6.0.15
CompanyName : Apple Computer, Inc.
FileDescription : iPodService Module
InternalName : iPodService
OriginalFilename : iPodService.exe
ProductName : iTunes
Created on : 6/4/2004 5:37:56 PM
Last accessed : 7/26/2004 3:19:28 PM
Last modified : 6/4/2004 5:37:56 PM

#:30 [trueweather.exe]
FilePath : C:\Program Files\Common Files\10-11 Web Alert\
ThreadCreationTime : 7-26-2004 3:36:44 PM
BasePriority : Normal
FileSize : 1226 KB
FileVersion : 1, 0, 0, 277
ProductVersion : 1, 0, 0, 277
Copyright : TrueWeather Copyright © 2001-2004
CompanyName : Digital Information Network
OriginalFilename : TrueWeather.exe
ProductName : TrueWeather
Created on : 5/17/2004 4:55:42 PM
Last accessed : 7/26/2004 3:36:41 PM
Last modified : 6/29/2004 9:10:07 PM

#:31 [sgmain.exe]
FilePath : C:\Program Files\SpywareGuard\
ThreadCreationTime : 7-26-2004 3:36:46 PM
BasePriority : Normal
FileSize : 352 KB
FileVersion : 2.02.0001
ProductVersion : 2.02.0001
Copyright : Copyright © 2002-2003 Javacool Software LLC
FileDescription : SpywareGuard
InternalName : sgmain
OriginalFilename : sgmain.exe
ProductName : SpywareGuard
Created on : 8/30/2003 12:05:35 AM
Last accessed : 7/26/2004 3:36:45 PM
Last modified : 8/30/2003 12:05:35 AM

#:32 [webshots.scr]
FilePath : C:\WINDOWS\
ThreadCreationTime : 7-26-2004 3:36:50 PM
BasePriority : Normal
FileSize : 1912 KB
FileVersion : 2.0.0.4324
ProductVersion : 2.0.0.4324
Copyright : Copyright © 2003
CompanyName : Webshots.com
FileDescription : Webshots Photo Manager
InternalName : Webshots2
OriginalFilename : Webshots2.EXE
ProductName : The Webshots Desktop
Created on : 11/22/2003 5:03:14 PM
Last accessed : 7/26/2004 3:32:15 PM
Last modified : 10/30/2003 7:51:20 PM

#:33 [sgbhp.exe]
FilePath : C:\Program Files\SpywareGuard\
ThreadCreationTime : 7-26-2004 3:36:53 PM
BasePriority : Normal
FileSize : 228 KB
FileVersion : 2.02.0001
ProductVersion : 2.02.0001
Copyright : Copyright © 2002-2003 Javacool Software LLC.
FileDescription : SG Browser Hijacking Protection
InternalName : sgbhp
OriginalFilename : sgbhp.exe
ProductName : SG Browser Hijacking Protection
Created on : 8/29/2003 4:14:56 PM
Last accessed : 7/26/2004 3:20:30 PM
Last modified : 8/29/2003 4:14:56 PM

#:34 [ad-aware.exe]
FilePath : C:\Program Files\Lavasoft\Ad-aware 6\
ThreadCreationTime : 7-26-2004 3:37:15 PM
BasePriority : Normal
FileSize : 668 KB
FileVersion : 6.0.1.181
ProductVersion : 6.0.0.0
Copyright : Copyright
CompanyName : Lavasoft Sweden
FileDescription : Ad-aware 6 core application
InternalName : Ad-aware.exe
OriginalFilename : Ad-aware.exe
ProductName : Lavasoft Ad-aware Plus
Created on : 4/10/2004 4:39:08 PM
Last accessed : 7/26/2004 3:37:14 PM
Last modified : 7/13/2003 3:00:20 AM

Memory scan result :
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
New objects : 0
Objects found so far: 0


Started registry scan
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ

Registry scan result :
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
New objects : 0
Objects found so far: 0


Started deep registry scan
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
Possible browser hijack attempt : Software\Microsoft\Internet Explorer\MainStart Pageabout:blank

Possible Browser Hijack attempt Object recognized!
Type : RegData
Data : "about:blank"
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Internet Explorer\Main
Value : Start Page
Data : "about:blank"


Deep registry scan result :
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
New objects : 1
Objects found so far: 1


Deep scanning and examining files (C:)
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ

Disk scan result for C:\
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
New objects : 0
Objects found so far: 1


Scanning Hosts file(C:\WINDOWS\System32\drivers\etc\hosts)
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ

Hosts file scan result:
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
12 entries scanned.
New objects :0
Objects found so far: 1




Performing conditional scans..
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ

Conditional scan result:
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
New objects : 0
Objects found so far: 1


10:50:56 AM Scan complete

Summary of this scan
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
Total scanning time :00:13:20:875
Objects scanned :156536
Objects identified :1
Objects ignored :0
New objects :1



Logfile of HijackThis v1.98.0
Scan saved at 10:55:34 AM, on 7/26/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Canon\BJCard\Bjmcmng.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Canon\BJPV\TVMon.exe
C:\Program Files\Canon\BJCard\BJLaunch.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\CursorXP\CursorXP.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\10-11 Web Alert\TrueWeather.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\WINDOWS\webshots.scr
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.weather.c...her/local/68528
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [BJPD HID Control] C:\Program Files\Canon\BJPV\TVMon.exe
O4 - HKLM\..\Run: [BJLaunchEXE] C:\Program Files\Canon\BJCard\BJLaunch.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: 10-11 Web Alert.lnk = C:\Program Files\Common Files\10-11 Web Alert\TrueWeather.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: ICQ 4.0 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE



:bounce:

#13 12g

12g

    Forum Deity

  • Trusted Advisor
  • PipPipPipPipPip
  • 1,167 posts

Posted 26 July 2004 - 11:39 AM

Hi there,

That log looks a lot better, Adaware found 1 object, did you let it fix it?

#14 darkerblue

darkerblue

    Member

  • Full Member
  • Pip
  • 9 posts

Posted 26 July 2004 - 11:46 AM

yep.. I let it fix it. so far, no more popups or anoying stuff happening. Will let you peeps know if it does, though! :) Thanks again for all the help. Let me know if I can buy you a drink sometime. heh

#15 12g

12g

    Forum Deity

  • Trusted Advisor
  • PipPipPipPipPip
  • 1,167 posts

Posted 26 July 2004 - 11:50 AM

You are very welcome :wave: Stay clean, to help you do that do this;

To provide protection in the future, I would advise you to download and install:

SpywareBlaster will block bad ActiveX and malevolent cookies. Download from Here

IE-SPYAD puts over 5000 sites in your restricted zone, if you use IE, so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all. Download
Here

Both are very small free programs that you run once, and then just weekly to check for updates.

And also see
So how did I get infected in the first place?

#16 darkerblue

darkerblue

    Member

  • Full Member
  • Pip
  • 9 posts

Posted 26 July 2004 - 11:56 AM

downloaded both of those already as soon as it happened. a little to late though. :) oh, and do you highly recommend a firewall? I have cable connection, but no knowledge or experience with a firewall.

#17 12g

12g

    Forum Deity

  • Trusted Advisor
  • PipPipPipPipPip
  • 1,167 posts

Posted 26 July 2004 - 12:00 PM

downloaded both of those already as soon as it happened.  a little to late though.  :)  oh, and do you highly recommend a firewall?  I have cable connection, but no knowledge or experience with a firewall.

I use Zone Alarm, you can get it from below my signature. Its free!!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button