Jump to content


Photo

Antivirus sites blocked


  • This topic is locked This topic is locked
15 replies to this topic

#1 NRK

NRK

    Member

  • Full Member
  • Pip
  • 8 posts

Posted 17 May 2004 - 04:59 AM

Hi, I recognized some of the symptoms (not being able getting security updates) in another post, ran HijackThis, but I need some help with the .log. Is updating Windows frequently enough to avoid any contaminations in the future?

Logfile of HijackThis v1.97.7
Scan saved at 11:50:36, on 17/05/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Program Files\Messenger Plus\MsgPlus.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\WINDOWS\system32\spool\WINREC~1.{64\install\as.exe
C:\WINDOWS\system32\spool\winrecycle.{645FF040-5081-101B-9F08-00AA002F954E}\ctfmon.exe
C:\PROGRA~1\AVG6\avgserv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Documents and Settings\admin\Mijn documenten\Downloaded Program Files\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: PK IE Plugin - {1E1B2879-88FF-11D3-8D96-D7ACAC95951A} - C:\PROGRA~1\BPK\bpkwb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [anvshell] anvshell.exe
O4 - HKLM\..\Run: [LiveNote] livenote.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus\MsgPlus.exe"
O4 - HKLM\..\Run: [CorelDRAW Graphics Suite 11b] C:\Program Files\Corel\Corel Graphics 12\Languages\EN\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=031604 serial=DR12WTX-9999998-YSP lang=EN
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG_CC] C:\Program Files\AVG6\avgcc32.exe /startup
O4 - HKLM\..\Run: [Updater Service Process] svehost.exe
O4 - HKLM\..\RunServices: [Updater Service Process] svehost.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus\MsgPlus.exe" /WinStart
O4 - Startup: UGent.lnk = ?
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com...ex/qtplugin.cab
O16 - DPF: {11111111-1111-1111-1111-111111111732} - file://c:\progra~1\pl.exe
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...er.cab27571.cab
O16 - DPF: {3EB4F9EA-51A6-48DA-846A-0D69DCBA39EF} (DownloadManager Control) - http://download.akam...loadManager.ocx
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/t...nfo/webscan.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...StatsClient.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupd...8116.4921296296
O16 - DPF: {A8658086-E6AC-4957-BC8E-7D54A7E8A78E} (SassCln Object) - http://www.microsoft...ols/SassCln.CAB
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zon...ireShowdown.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{08540255-AD7C-4A3F-9748-E2B05F7E845D}: NameServer = 157.193.40.42 157.193.71.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{08540255-AD7C-4A3F-9748-E2B05F7E845D}: NameServer = 157.193.40.42 157.193.71.1

Could anyone help me please?

Edited by NRK, 17 May 2004 - 05:50 AM.


#2 NRK

NRK

    Member

  • Full Member
  • Pip
  • 8 posts

Posted 17 May 2004 - 06:29 AM

Nobody can help me? :(

#3 NRK

NRK

    Member

  • Full Member
  • Pip
  • 8 posts

Posted 17 May 2004 - 07:02 AM

Hi, I've got a Norton Professional Edition 2004 but I can't get connected to symantec to get the updates. Other anti-virus sites seem to be 'down' too. The only one that still is working and that I still can update is AVG. Also my computer is working really slow though it's almost brand new. I tried to save some space on the HD but nothing seems to work. AVG doesn't detect a single infection. What should I do now?

#4 NRK

NRK

    Member

  • Full Member
  • Pip
  • 8 posts

Posted 17 May 2004 - 07:14 AM

Hi, I've got a Norton Professional Edition 2004 but I can't get connected to symantec to get the updates. Other anti-virus sites seem to be 'down' too. The only one that still is working and that I still can update is AVG. Also my computer is working really slow though it's almost brand new. I tried to save some space on the HD but nothing seems to work. AVG doesn't detect a single infection. What should I do now?

#5 NRK

NRK

    Member

  • Full Member
  • Pip
  • 8 posts

Posted 17 May 2004 - 08:48 AM

Ok, I'm getting quite desperate here. I scanned my pc with an updated version of AVG, it gave nothing. I scanned with both AdAware and Spybot, but nothing. Now I scanned with Hijack This and I get a log and I suspect there are some thing not quite ok, but I'm afraid to take action because I'm not sure. The entire system goes very slow in the meanwhile. Programs like IE and Soulseek crash from time to time and ask me if I want to send an error report. Windows explorer doesn't run smoothly either. I have a professional 2004 Norton edition but it can't update and I can't reach the symantec website to update manually. F-Secure, McAfee, ... everything is jammed, so I can't run other antivirus progs to doublecheck. I'd be thankful if someone could give me some advice *fingerscrossed*

Logfile of HijackThis v1.97.7
Scan saved at 15:38:43, on 17/05/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Program Files\Messenger Plus\MsgPlus.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\AVG6\avgcc32.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\spool\WINREC~1.{64\install\as.exe
C:\WINDOWS\system32\spool\winrecycle.{645FF040-5081-101B-9F08-00AA002F954E}\ctfmon.exe
C:\PROGRA~1\AVG6\avgserv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: PK IE Plugin - {1E1B2879-88FF-11D3-8D96-D7ACAC95951A} - C:\PROGRA~1\BPK\bpkwb.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [anvshell] anvshell.exe
O4 - HKLM\..\Run: [LiveNote] livenote.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus\MsgPlus.exe"
O4 - HKLM\..\Run: [CorelDRAW Graphics Suite 11b] C:\Program Files\Corel\Corel Graphics 12\Languages\EN\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=031604 serial=DR12WTX-9999998-YSP lang=EN
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG_CC] C:\Program Files\AVG6\avgcc32.exe /startup
O4 - HKLM\..\Run: [Updater Service Process] svehost.exe
O4 - HKLM\..\RunServices: [Updater Service Process] svehost.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: UGent.lnk = ?
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com...ex/qtplugin.cab
O16 - DPF: {11111111-1111-1111-1111-111111111732} - file://c:\progra~1\pl.exe
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...er.cab27571.cab
O16 - DPF: {3EB4F9EA-51A6-48DA-846A-0D69DCBA39EF} (DownloadManager Control) - http://download.akam...loadManager.ocx
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/t...nfo/webscan.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...StatsClient.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupd...8116.4921296296
O16 - DPF: {A8658086-E6AC-4957-BC8E-7D54A7E8A78E} (SassCln Object) - http://www.microsoft...ols/SassCln.CAB
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zon...ireShowdown.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{08540255-AD7C-4A3F-9748-E2B05F7E845D}: NameServer = 157.193.40.42 157.193.71.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{08540255-AD7C-4A3F-9748-E2B05F7E845D}: NameServer = 157.193.40.42 157.193.71.1

Edited by NRK, 17 May 2004 - 08:50 AM.


#6 PGPhantom

PGPhantom

    Superman of SWI

  • Emeritus
  • PipPipPipPipPip
  • 3,494 posts

Posted 17 May 2004 - 09:33 AM

:) Just so that you know you are not being ignored - I will handle this case for you but I need to ask for your patience while I review the log

Please keep an eye on this message for a resolution shortly.

#7 cnm

cnm

    Mother Lion of SWI

  • Administrators
  • PipPipPipPipPip
  • 25,317 posts

Posted 17 May 2004 - 09:36 AM

Four threads merged to here - stick to just this one please.
Hit ADD REPLY, not NEW TOPIC.

Hi PGPhantom, glad to see you helping NRK. :)

Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE


#8 PGPhantom

PGPhantom

    Superman of SWI

  • Emeritus
  • PipPipPipPipPip
  • 3,494 posts

Posted 17 May 2004 - 09:49 AM

Close all programs and windows.

Press Ctrl+Alt+Delete once => Click Task Manager => Click the Processes tab => Double-click the Image Name column header to alphabetically sort the processes => Scroll through the list and look for "bpk.exe", "bpkr.exe", "bpkun.exe", "bpkvw.exebpkvw.exe" This is a key logger running on your computer. If you find the files, click on them, and then click End Process => Exit the Task Manager.

Browse to c:\windows\system32\drivers\etc. Right click on HOSTS and select "Rename". Rename it to HOSTS.old. Click on this link MVPS HOSTS File and follow the instructions to replace your current HOSTS file.

Run HijackThis and delete the following:
O2 - BHO: PK IE Plugin - {1E1B2879-88FF-11D3-8D96-D7ACAC95951A} - C:\PROGRA~1\BPK\bpkwb.dll
O4 - HKLM\..\Run: [Updater Service Process] svehost.exe
O4 - HKLM\..\RunServices: [Updater Service Process] svehost.exe <= These svehost.exe entries are your problem as it is a trojan that overwrites your HOSTS file

The following is optional to delete as it is a resource hog:
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

Please reboot into safe mode - How do I boot into "Safe" mode?

Please cleanup temporary files etc. Browse to and select all contents in the following folders (Windows may be WINNT or WIN98 etc.), and delete (Make sure to delete the sub-folders, but not the Temp folders themselves!):
  • C:\Windows\Temp (all contents)
  • C:\Documents and Settings\<Your Profile>\Local Settings\Temporary Internet Files (all contents) <=This will delete all your cached internet content including cookies. This is recommended and strongly suggested.
  • C:\Documents and Settings\<Your Profile>\Local Settings\Temp (all contents)
  • C:\Documents and Settings\<Any other users Profile>\Local Settings\Temporary Internet Files [/color](all contents)
  • C:\Documents and Settings\<Any other users Profile>\Local Settings\Temp (all contents)
  • Empty your "Recycle Bin".
  • C:\PROGRAM FILES\BPK <= Delete this directory
  • svehost.exe <= You will have to do a search for this file - It is likely in c:\windows\system32
Reboot again and log in normally, repost a new HijackThis log into this message for further review.

#9 NRK

NRK

    Member

  • Full Member
  • Pip
  • 8 posts

Posted 17 May 2004 - 11:53 AM

Thanks for the reply! I did the things you said, I didn't find an svehost.exe though. The only thing near to that name was svchost.exe in windows/system32. Also I couldn't erase some files in my temporary internet files. Here's the logfile:

Logfile of HijackThis v1.97.7
Scan saved at 18:50:55, on 17/05/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Program Files\Messenger Plus\MsgPlus.exe
C:\Program Files\AVG6\avgcc32.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\spool\WINREC~1.{64\install\as.exe
C:\WINDOWS\system32\spool\winrecycle.{645FF040-5081-101B-9F08-00AA002F954E}\ctfmon.exe
C:\PROGRA~1\AVG6\avgserv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [anvshell] anvshell.exe
O4 - HKLM\..\Run: [LiveNote] livenote.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus\MsgPlus.exe"
O4 - HKLM\..\Run: [CorelDRAW Graphics Suite 11b] C:\Program Files\Corel\Corel Graphics 12\Languages\EN\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=031604 serial=DR12WTX-9999998-YSP lang=EN
O4 - HKLM\..\Run: [AVG_CC] C:\Program Files\AVG6\avgcc32.exe /startup
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: UGent.lnk = ?
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com...ex/qtplugin.cab
O16 - DPF: {11111111-1111-1111-1111-111111111732} - file://c:\progra~1\pl.exe
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...er.cab27571.cab
O16 - DPF: {3EB4F9EA-51A6-48DA-846A-0D69DCBA39EF} (DownloadManager Control) - http://download.akam...loadManager.ocx
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/t...nfo/webscan.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...StatsClient.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupd...8116.4921296296
O16 - DPF: {A8658086-E6AC-4957-BC8E-7D54A7E8A78E} (SassCln Object) - http://www.microsoft...ols/SassCln.CAB
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zon...ireShowdown.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{08540255-AD7C-4A3F-9748-E2B05F7E845D}: NameServer = 157.193.40.42 157.193.71.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{08540255-AD7C-4A3F-9748-E2B05F7E845D}: NameServer = 157.193.40.42 157.193.71.1

#10 PGPhantom

PGPhantom

    Superman of SWI

  • Emeritus
  • PipPipPipPipPip
  • 3,494 posts

Posted 17 May 2004 - 12:12 PM

The only one that still has to be deleted from HijackThis is:
O16 - DPF: {11111111-1111-1111-1111-111111111732} - file://c:\progra~1\pl.exe

Are you still having problems?

I should mention DO NOT delete c:\windows\system32\svchost.exe as it is a vital system file.

Edited by PGPhantom, 17 May 2004 - 12:14 PM.


#11 NRK

NRK

    Member

  • Full Member
  • Pip
  • 8 posts

Posted 17 May 2004 - 12:47 PM

Runs better now and I was able to update the virus definitions. Thanks for helping me out! I'll add this site to the favourites B)

#12 internetXman

internetXman

    InternetXman

  • Full Member
  • Pip
  • 27 posts

Posted 17 May 2004 - 12:54 PM

suggest getting spybot ,adaware,spywareblaster,and antivirus
Protecting yourself
What can you do to protect yourself? Install a firewall. A firewall will prevent outsiders from installing adware on your PC without you knowing about it. Some good firewalls are below:
ZoneAlarm
Sygate Personal Firewall
Also, be sure to run Ad-aware, and Spybot once a month or so. If your PC starts to run funny, the first thing I do is run both of those programs. Also, be smart, if your downloading from Kazaa, then there is a good chance you will get infected. Another easy way to get infected is to use Internet Explorer. Many sites automatically install junk just by visiting them if your are using IE. I recommend using Mozilla Firefox .

Help! Can't download or run any anti-virus software.
goto C:\WINDOWS\system32\drivers\etc then open the file named"hosts" with notepad.
delete all lines except a line like: 127.0.0.0 localhost ,then close and save changes.
THE DELETED ENTRIES WERE NOT ALLOWING YOU TO ACCESSS ANTIVIRUS WEBSITES

Edited by internetXman, 17 May 2004 - 01:00 PM.

InternetXman

#13 NRK

NRK

    Member

  • Full Member
  • Pip
  • 8 posts

Posted 17 May 2004 - 01:17 PM

Some questions:

I'd like to get Mozilla Firefox, but what di I do with favourites? Can I keep those one way or another?

If I get me a firewall, will people still be able to download from me etc. because I've heard of lots of trouble with firewalls and P2P etc.

Is it true that Windows XP has an integrated firewall? Is it any good?

According to you people, what's the best free virusscanner? I've already got AVG and Norton 2004 pro.

#14 PGPhantom

PGPhantom

    Superman of SWI

  • Emeritus
  • PipPipPipPipPip
  • 3,494 posts

Posted 17 May 2004 - 01:46 PM

internetXman - Please DO NOT respond with advice into message where other people are already helping - You will only serve to confuse.

As a final step, after we have everything in the clear I suggest the following:
Here are some tips, to reduce the potential for spyware infection in the future, I strongly recommend installing SpywareBlaster and SpyWareGuard and IE/Spyad.

SpywareBlaster and SpywareGuard are by JavaCool and both are free programs. SpywareBlaster will prevent spyware from being installed and consumes no system resources. SpywareGuard offers realtime protection from spyware installation attempts.

More info and download is available at:
Spywareblaster
Spywareguard

IE/Spyad places over 4000 websites and domains in the IE Restricted list which will several impair attempts to infect your system. It is free.

More info and download is available at:
IE/Spyad

On a regular basis - Use Ad-Aware to check your system for any and all infections => How to use Ad-Aware to remove Spyware

I also suggest that you delete any files from "temp", "tmp" folders. In Internet Explorer, click on "Tools" => "Internet Options" => "Delete Files" and select the box that says "Delete All Offline Content" and click on "OK" twice. Also, empty the recyle bin by right clicking on it and selecting "Empty Recycle Bin". These steps should be done on a regular basis.

#15 PGPhantom

PGPhantom

    Superman of SWI

  • Emeritus
  • PipPipPipPipPip
  • 3,494 posts

Posted 17 May 2004 - 07:31 PM

My apologies - I forgot about your questions :o

I'd like to get Mozilla Firefox, but what di I do with favourites? Can I keep those one way or another?

Firefox will import your IE favorites, no problem.

If I get me a firewall, will people still be able to download from me etc. because I've heard of lots of trouble with firewalls and P2P etc.

Firewalls are definitely a "Requirement" especially when people are downloading from you. You will just have to configure a few rules to allow the specific communications. You can use some of the free ones again but I find most, if not all, very limiting. My preferrence is to pay for something like Norton firewall as they have pretty much everything already set up and it is a breeze to add new rules.

According to you people, what's the best free virusscanner? I've already got AVG and Norton 2004 pro

The answer to this is purely subjective. Personally, I would rather pay for Norton Anti-virus but y9our question is on "Free" scanners. My signature contains a few links - You may want to check on them as they are quite good and fill all needs.

#16 PGPhantom

PGPhantom

    Superman of SWI

  • Emeritus
  • PipPipPipPipPip
  • 3,494 posts

Posted 04 October 2004 - 02:08 AM

Due to no response, I am closing this thread.

If you need this topic reopened, please request this by sending the moderating team an email with the address of the thread. This applies only to the original topic starter. Everyone else please begin a New Topic.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button