1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

TOPSECURITYSITE.NET??

Discussion in 'Windows - Virus and spyware problems' started by NatashaK, Jun 10, 2006.

  1. aabbccdd

    aabbccdd Guest

    JaPK , if we want to switch to firefox should we uninstall IE ,or can you use both
     
  2. Percheron

    Percheron Member

    Joined:
    Jul 1, 2006
    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    11
    Sorry for the trouble, any help would be greatly appreciated..

    Logfile of HijackThis v1.99.1
    Scan saved at 5:44:18 PM, on 01/07/2006
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\alg.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\wdfmgr.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\RUNDLL32.EXE
    C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Zelkpwc\Cvlj.exe
    C:\PROGRA~1\Yaplock\YaplockTray.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
    C:\WINDOWS\System32\lexpps.exe
    C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-us\bin\WindowsSearch.exe
    C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-us\bin\WindowsSearchIndexer.exe
    C:\WINDOWS\System32\users32.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\ewido anti-spyware 4.0\guard.exe
    C:\Documents and Settings\Steve\Desktop\HijackThis_v1.99.1.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../*http://www.yahoo.com/ext/search/search.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
    O1 - Hosts: localhost 127.0.0.1
    O2 - BHO: (no name) - {00000000-59D4-4008-9058-080011001200} - (no file)
    O2 - BHO: (no name) - {00000000-C1EC-0345-6EC2-4D0300000000} - (no file)
    O2 - BHO: (no name) - {00000000-F09C-02B4-6EC2-AD0300000000} - (no file)
    O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_5_7_0.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {3ceff6cd-6f08-4e4d-bccd-ff7415288c3b} - (no file)
    O2 - BHO: (no name) - {77701e16-9bfe-4b63-a5b4-7bd156758a37} - (no file)
    O2 - BHO: (no name) - {7b55bb05-0b4d-44fd-81a6-b136188f5deb} - (no file)
    O2 - BHO: (no name) - {8333c319-0669-4893-a418-f56d9249fca6} - (no file)
    O2 - BHO: (no name) - {9c691a33-7dda-4c2f-be4c-c176083f35cf} - (no file)
    O2 - BHO: adobepnl.ADOBE_PANEL - {A40D9D65-5C09-421A-AFF8-2160D7ABD4E7} - C:\WINDOWS\System32\adobepnl.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: MSN Search Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll
    O2 - BHO: (no name) - {e52dedbb-d168-4bdb-b229-c48160800e81} - (no file)
    O2 - BHO: (no name) - {ffd2825e-0785-40c5-9a41-518f53a8261f} - (no file)
    O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_5_7_0.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
    O4 - HKLM\..\Run: [requester] "C:\WINDOWS\System32\requester.10.exe"
    O4 - HKLM\..\Run: [EasyMessage] "C:\Program Files\Zango Messenger\em2.exe" -wait
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [Eqqyb] C:\Program Files\Zelkpwc\Cvlj.exe
    O4 - HKLM\..\Run: [YaplockTray.exe] C:\PROGRA~1\Yaplock\YaplockTray.exe
    O4 - HKLM\..\Run: [SpySpotter System Defender] C:\Program Files\SpySpotter3\Defender.exe -startup
    O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    O4 - HKLM\..\Run: [WordPerfect Office 1215] C:\Program Files\WordPerfect Office 12\Programs\Registration.exe /title="WordPerfect Office 12" /date=070306 serial=wa12wrx-0000002-hmd lang=EN
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
    O4 - HKLM\..\Run: [Adware.Srv32] C:\WINDOWS\System32\runsrv32.exe
    O4 - HKLM\..\Run: [Transponder] C:\WINDOWS\System32\susp.exe
    O4 - HKLM\..\Run: [dmbaq.exe] C:\WINDOWS\System32\dmbaq.exe
    O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-us\bin\WindowsSearch.exe
    O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll/search.htm
    O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0001.1119\en-us\msntabres.dll/229?582d39ae4724cc2bf77ae4e6f71ff3
    O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0001.1119\en-us\msntabres.dll/230?582d39ae4724cc2bf77ae4e6f71ff3
    O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1102877623344
    O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
    O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {B1826A9F-4AA0-4510-BA77-9013E74E4B9B} - http://www.trendmicro.com/spyware-scan/as4web.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/popcap/zuma/popcaploader_v6.cab
    O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{EAA98BA5-2403-4994-9E46-1B04C83896CA}: NameServer = 85.255.114.86,85.255.112.228
    O17 - HKLM\System\CCS\Services\Tcpip\..\{EE13A2C2-91F7-46F6-B88B-7B6BD8439104}: NameServer = 85.255.114.86,85.255.112.228
    O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe




    SmitFraudFix v2.65

    Scan done at 17:45:00.13, 01/07/2006
    Run from C:\Documents and Settings\Steve\Desktop\SmitfraudFix
    OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
    Fix ran in normal mode

    »»»»»»»»»»»»»»»»»»»»»»»» C:\


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

    C:\WINDOWS\alexaie.dll FOUND !
    C:\WINDOWS\alxie328.dll FOUND !
    C:\WINDOWS\alxtb1.dll FOUND !
    C:\WINDOWS\about_spyware_bg.gif FOUND !
    C:\WINDOWS\about_spyware_bottom.gif FOUND !
    C:\WINDOWS\as.gif FOUND !
    C:\WINDOWS\as_header.gif FOUND !
    C:\WINDOWS\bg.gif FOUND !
    C:\WINDOWS\box_1.gif FOUND !
    C:\WINDOWS\box_2.gif FOUND !
    C:\WINDOWS\box_3.gif FOUND !
    C:\WINDOWS\BTGrab.dll FOUND !
    C:\WINDOWS\button_buynow.gif FOUND !
    C:\WINDOWS\button_freescan.gif FOUND !
    C:\WINDOWS\close-bar.gif FOUND !
    C:\WINDOWS\dlmax.dll FOUND !
    C:\WINDOWS\download_box.gif FOUND !
    C:\WINDOWS\features.gif FOUND !
    C:\WINDOWS\footer_back.gif FOUND !
    C:\WINDOWS\footer_back.jpg FOUND !
    C:\WINDOWS\header_1.gif FOUND !
    C:\WINDOWS\header_2.gif FOUND !
    C:\WINDOWS\header_3.gif FOUND !
    C:\WINDOWS\header_4.gif FOUND !
    C:\WINDOWS\infected.gif FOUND !
    C:\WINDOWS\main_back.gif FOUND !
    C:\WINDOWS\Pynix.dll FOUND !
    C:\WINDOWS\rf.gif FOUND !
    C:\WINDOWS\rf_header.gif FOUND !
    C:\WINDOWS\scan_btn.gif FOUND !
    C:\WINDOWS\security-center-bg.gif FOUND !
    C:\WINDOWS\security-center-logo.gif FOUND !
    C:\WINDOWS\security_center_caption.gif FOUND !
    C:\WINDOWS\sep_hor.gif FOUND !
    C:\WINDOWS\sep_vert.gif FOUND !
    C:\WINDOWS\spacer.gif FOUND !
    C:\WINDOWS\spyware-detected.gif FOUND !
    C:\WINDOWS\star.gif FOUND !
    C:\WINDOWS\star_gray.gif FOUND !
    C:\WINDOWS\star_gray_small.gif FOUND !
    C:\WINDOWS\star_small.gif FOUND !
    C:\WINDOWS\susp.exe FOUND !
    C:\WINDOWS\ts.gif FOUND !
    C:\WINDOWS\ts_header.gif FOUND !
    C:\WINDOWS\v.gif FOUND !
    C:\WINDOWS\warning_icon.gif FOUND !
    C:\WINDOWS\warning-bar-ico.gif FOUND !
    C:\WINDOWS\win_logo.gif FOUND !
    C:\WINDOWS\x.gif FOUND !
    C:\WINDOWS\ZServ.dll FOUND !

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

    C:\WINDOWS\system32\a.exe FOUND !
    C:\WINDOWS\system32\adobepnl.dll FOUND !
    C:\WINDOWS\system32\alxres.dll FOUND !
    C:\WINDOWS\system32\bridge.dll FOUND !
    C:\WINDOWS\system32\dailytoolbar.dll FOUND !
    C:\WINDOWS\system32\jao.dll FOUND !
    C:\WINDOWS\system32\qjrkvy.exe FOUND !
    C:\WINDOWS\system32\questmod.dll FOUND !
    C:\WINDOWS\system32\runsrv32.dll FOUND !
    C:\WINDOWS\system32\runsrv32.exe FOUND !
    C:\WINDOWS\system32\tcpservice2.exe FOUND !
    C:\WINDOWS\system32\thlwin32.dll FOUND !
    C:\WINDOWS\system32\txfdb32.dll FOUND !
    C:\WINDOWS\system32\udpmod.dll FOUND !
    C:\WINDOWS\system32\users32.exe FOUND !
    C:\WINDOWS\system32\winbl32.dll FOUND !
    C:\WINDOWS\system32\winflash.dll FOUND !
    C:\WINDOWS\system32\winsrv32.exe FOUND !
    C:\WINDOWS\system32\wstart.dll FOUND !

    »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Steve\Application Data


    »»»»»»»»»»»»»»»»»»»»»»»» Start Menu


    »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Steve\FAVORI~1


    »»»»»»»»»»»»»»»»»»»»»»»» Desktop


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


    »»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


    »»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
    "Source"="About:Home"
    "SubscribedURL"="About:Home"
    "FriendlyName"="My Current Home Page"


    »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    »»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection


    »»»»»»»»»»»»»»»»»»»»»»»» End

    Please help :eek:) Thanks!!
     
  3. blondman

    blondman Member

    Joined:
    Jun 17, 2006
    Messages:
    33
    Likes Received:
    0
    Trophy Points:
    16
    I started using Firefox a few days ago after you first suggested it, which works fine. I've since noticed other problems with my computer, since it was first "taken over" by the malware,even though it is now "clean", it's now really slow, (P4 3.06GHz), and I'm getting strange "out of memory" errors, and "device is being used by another appliction" etc, even though I've got nothing else running in the background or otherwise! I guess it's time to bite the bullet and do a complete format and re-install, I've never done that before, I didn't get a Win XP disc when I first bought my computer, I'm not sure of the best way to go about it?
     
  4. JaPK

    JaPK Regular member

    Joined:
    Feb 23, 2006
    Messages:
    1,269
    Likes Received:
    0
    Trophy Points:
    46
    @aabbccdd
    There is no need for uninstalling IE. You can use them both at the same time, infact, uninstalling IE is not recommended, it can cause all kinds of problems...

    @blondman
    So you have no Win XP install cds or Restore discs ?

    @Percheron

    Ok, you got some infections on your computer....

    You don't have an antivirus on your computer. Download and install one.

    These are good (free) antiviruses:
    AVG Antivirus --> http://www.grisoft.com
    Avast --> http://www.avast.com

    Cleaning instructions:

    Move HijackThis into its own folder C:\HJT

    -> Open Ewido Anti-Spyware
    -> Click the Update icon at the top of the window
    -> Click the Start update button
    -> Wait for the update to download and install
    -> Quit the program, we'll use this later.

    Download ATF Cleaner by Atribune to your desktop -> http://www.atribune.org/ccount/click.php?id=1
    Do NOT run yet.

    Go to Control Panel -> Add/Remove programs -> Remove BetterInternet, SpySpotter3, Zango if found

    Download fixwareout.exe to your desktop http://downloads.subratam.org/Fixwareout.exe
    Doubleclick it and follow instructions. Click Next , Install and make sure that Run fixes is selected. You have to restart your computer when asked so.

    Run HijackThis. Press Do a system scan only, then close all other windows, checkmark the following entries and press Fix checked

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr6/*...
    O2 - BHO: (no name) - {00000000-59D4-4008-9058-080011001200} - (no file)
    O2 - BHO: (no name) - {00000000-C1EC-0345-6EC2-4D0300000000} - (no file)
    O2 - BHO: (no name) - {00000000-F09C-02B4-6EC2-AD0300000000} - (no file)
    O2 - BHO: (no name) - {3ceff6cd-6f08-4e4d-bccd-ff7415288c3b} - (no file)
    O2 - BHO: (no name) - {77701e16-9bfe-4b63-a5b4-7bd156758a37} - (no file)
    O2 - BHO: (no name) - {7b55bb05-0b4d-44fd-81a6-b136188f5deb} - (no file)
    O2 - BHO: (no name) - {8333c319-0669-4893-a418-f56d9249fca6} - (no file)
    O2 - BHO: (no name) - {9c691a33-7dda-4c2f-be4c-c176083f35cf} - (no file)
    O2 - BHO: adobepnl.ADOBE_PANEL - {A40D9D65-5C09-421A-AFF8-2160D7ABD4E7} - C:\WINDOWS\System32\adobepnl.dll
    O2 - BHO: (no name) - {e52dedbb-d168-4bdb-b229-c48160800e81} - (no file)
    O2 - BHO: (no name) - {ffd2825e-0785-40c5-9a41-518f53a8261f} - (no file)
    O4 - HKLM\..\Run: [requester] "C:\WINDOWS\System32\requester.10.exe"
    O4 - HKLM\..\Run: [EasyMessage] "C:\Program Files\Zango Messenger\em2.exe" -wait
    O4 - HKLM\..\Run: [Eqqyb] C:\Program Files\Zelkpwc\Cvlj.exe
    O4 - HKLM\..\Run: [SpySpotter System Defender] C:\Program Files\SpySpotter3\Defender.exe -startup
    O4 - HKLM\..\Run: [Adware.Srv32] C:\WINDOWS\System32\runsrv32.exe
    O4 - HKLM\..\Run: [Transponder] C:\WINDOWS\System32\susp.exe
    O4 - HKLM\..\Run: [dmbaq.exe] C:\WINDOWS\System32\dmbaq.exe
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/popcap/zuma/popcaploader_v6.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{EAA98BA5-2403-4994-9E46-1B04C83896CA}: NameServer = 85.255.114.86,85.255.112.228
    O17 - HKLM\System\CCS\Services\Tcpip\..\{EE13A2C2-91F7-46F6-B88B-7B6BD8439104}: NameServer = 85.255.114.86,85.255.112.228

    Make your hidden files visible -> http://www.bleepingcomputer.com/tutorials/tutorial62.html
    Restart your computer to the safemode -> http://www.pchell.com/support/safemode.shtml

    Delete these folders (if found):
    C:\Program Files\Zango Messenger
    C:\Program Files\SpySpotter3
    C:\Program Files\Zelkpwc
    C:\Program Files\BetterInternet

    Delete these files (if found):
    C:\WINDOWS\System32\adobepnl.dll
    C:\WINDOWS\System32\requester.10.exe
    C:\WINDOWS\System32\runsrv32.exe
    C:\WINDOWS\System32\susp.exe
    C:\WINDOWS\System32\dmbaq.exe

    Run ATF Cleaner -> Check select all -> Press Empty selected

    When in safemode, open SmitfraudFix folder and doubleclick the file smitfraudfix.cmd
    Choose option #2 - Clean by typing 2 and pressing "Enter" in order to remove the infected files.

    You are asked: "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove your desktop wallpaper and the infected registry keys.

    The tool checks if wininet.dll file is infected. You might be asked to replace the infected .dll (if found); answer "Yes" by typing Y and press "Enter".

    The tool might have to restart your computer; if it won't do it, restart your computer back to normal mode.
    A textfile will appear after the cleaning process, copy this file and paste it to here.

    Tha log is saved to your local diskdrive, usually C:\rapport.txt.

    Warning : Running option 2 in a clean computer will delete your desktop wallpaper.

    -> Open Ewido Anti-Spyware
    -> Click the Scanner icon at the top of the window
    -> Click the Settings tab then select Recommended Options and choose Quarantine
    -> Click the Scan tab
    -> Select Complete System Scan. The scanning begins.

    -> When the scan has completed:
    -> If infections were found you'll be prompted about what to do.
    -> Please make sure that the Set all elements to is set to Quarantine (in downleft corner of the window)
    -> Then press Apply all actions and answer yes to all if it asks about something
    -> Click on the Save Scan Report button and save the scan to your Desktop.
    -> Copy and paste the scan results into your next post

    Post the following logs to here:
    -> a fresh HijackThis log
    -> Ewido's log
    -> contents of c:\fixwareout\report.txt
    -> contents of C:\rapport.txt
     
  5. blondman

    blondman Member

    Joined:
    Jun 17, 2006
    Messages:
    33
    Likes Received:
    0
    Trophy Points:
    16
    No, when I bought my computer it didn't come with any Win XP CD's or restore discs, I bought it new at a reputable computer store, (CentreCom)with XP Pro already installed, but too late to complain three years later!I guess I could buy XP Home or XP pro at a local shopping centre, I'm running XP Pro at the moment, but don't think I need pro over home edition, given the extra cost of XP Pro. What are your thoughts?
     
  6. aabbccdd

    aabbccdd Guest

    depending what your ding the home verison if fine if your doing alot of networking then pro is the way to go ,i think office depot had XP home for 39 dollar with a rebate last week, you might check there add and see if its still on or on the web
     

Share This Page