Hijack Log (Please review)

Discussion in 'adware, spyware & hijack cleaning' started by luvencl, Jun 16, 2004.

Thread Status:
Not open for further replies.
  1. luvencl

    luvencl Registered Member

    Joined:
    Jun 16, 2004
    Posts:
    3
    Hope this is the correct place to post..
    Please review and reply with your opinion.

    I have cleaned up, but I think there still might be a few left..

    Logfile of HijackThis v1.97.7
    Scan saved at 7:20:03 PM, on 6/16/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Ahead\InCD\InCDsrv.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Cingular\VPN Client\cvpnd.exe
    C:\PROGRA~1\NavNT\DefWatch.exe
    C:\WINDOWS\SYSTEM32\DWRCS.EXE
    C:\WINDOWS\System32\inetsrv\inetinfo.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\mysql\bin\mysqld-nt.exe
    C:\PROGRA~1\NavNT\Rtvscan.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\RealVNC\VNC4\WinVNC4.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
    C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
    C:\Program Files\Ahead\InCD\InCD.exe
    C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\NavNT\vptray.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\MailFrontier\mlfbuddy.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\ATI Multimedia\main\ATISched.EXE
    C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
    C:\Program Files\OLYMPUS\DeviceDetector\DevDtct2.exe
    C:\Program Files\ATI Multimedia\main\ATIMMC.exe
    C:\WINDOWS\System32\DllHost.exe
    C:\WINDOWS\System32\SNDVOL32.EXE
    C:\Program Files\RadioManager\DRSRadioStreamer.exe
    C:\PROGRA~1\MICROS~2\OFFICE11\OUTLOOK.EXE
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\lv\Desktop\CWShredder.exe
    C:\WINDOWS\System32\notepad.exe
    C:\downloads\hijackthis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://proxy.bscc.bls.com/proxy.pac
    R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
    R3 - URLSearchHook: (no name) - {1C78AB3F-A857-482e-80C0-3A1E5238A565} - (no file)
    F2 - REG:system.ini: UserInit=C:\Windows\System32\wsaupdater.exe,
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
    O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
    O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe -CheckReg
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
    O4 - HKLM\..\Run: [Device Detector] "C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe" -autorun
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [Matador] "C:\Program Files\MailFrontier\mlfbuddy.exe" -quiet
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [ATI Scheduler] C:\Program Files\ATI Multimedia\main\ATISched.EXE
    O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
    O4 - Global Startup: Device Detector 2.lnk = C:\Program Files\OLYMPUS\DeviceDetector\DevDtct2.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: VPN Dialer (OnStartup).lnk = ?
    O8 - Extra context menu item: &iSearch The Web - res://C:\WINDOWS\System32\toolbar.dll/SEARCH.HTML
    O8 - Extra context menu item: Download All Files by HiDownload - C:\Program Files\HiDownload\HDGetAll.htm
    O8 - Extra context menu item: Download by HiDownload - C:\Program Files\HiDownload\HDGet.htm
    O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
    O9 - Extra button: Trace (HKLM)
    O9 - Extra 'Tools' menuitem: VisualRoute Trace (HKLM)
    O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
    O9 - Extra button: ATI TV (HKLM)
    O9 - Extra button: Research (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Messenger (HKLM)
    O10 - Unknown file in Winsock LSP: c:\progra~1\tcp spy\tcpspylsp.dll
    O10 - Unknown file in Winsock LSP: c:\progra~1\tcp spy\tcpspylsp.dll
    O10 - Unknown file in Winsock LSP: c:\progra~1\tcp spy\tcpspylsp.dll
    O10 - Unknown file in Winsock LSP: c:\progra~1\tcp spy\tcpspylsp.dll
    O10 - Unknown file in Winsock LSP: c:\progra~1\tcp spy\tcpspylsp.dll
    O10 - Unknown file in Winsock LSP: c:\progra~1\tcp spy\tcpspylsp.dll
    O10 - Unknown file in Winsock LSP: c:\progra~1\tcp spy\tcpspylsp.dll
    O10 - Unknown file in Winsock LSP: c:\progra~1\tcp spy\tcpspylsp.dll
    O10 - Unknown file in Winsock LSP: c:\progra~1\tcp spy\tcpspylsp.dll
    O10 - Unknown file in Winsock LSP: c:\progra~1\tcp spy\tcpspylsp.dll
    O10 - Unknown file in Winsock LSP: c:\progra~1\tcp spy\tcpspylsp.dll
    O10 - Unknown file in Winsock LSP: c:\progra~1\tcp spy\tcpspylsp.dll
    O10 - Unknown file in Winsock LSP: c:\progra~1\tcp spy\tcpspylsp.dll
    O10 - Unknown file in Winsock LSP: c:\progra~1\tcp spy\tcpspylsp.dll
    O16 - DPF: {1C78AB3F-A857-482E-80C0-3A1E5238A565} - file://C:\install.cab
    O16 - DPF: {21F49842-BFA9-11D2-A89C-00104B62BDDA} (ChartFX IE 2000 Control) - http://serge.bscc.bls.com/download/CfxIEAx.cab
    O16 - DPF: {2253F320-AB68-4A07-917D-4F12D8884A06} (ChainCast VMR Client Proxy) - http://www.streamaudio.com/download/ccpm_0237.cab
    O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://download.weatherbug.com/minibug/tricklers/AWS/MiniBugTransporter.cab?
    O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc.cab
    O16 - DPF: {4B824B7C-EDE2-4335-819E-98D88FFBCE13} (Cingular.DatePicker) - http://serge.bscc.bls.com/ActiveX/DatePicker/CingularDatePicker.ocx
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/22db4f36f281caa8bf06/netzip/RdxIE601.cab
    O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52...pple.com/mickey/us/win/QuickTimeInstaller.exe
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38004.3205324074
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/aio/eng/check/qdiagh.cab?312
     
  2. CalamityJane

    CalamityJane Registered Member

    Joined:
    Sep 29, 2002
    Posts:
    126
    Location:
    Central Florida
    Hi luvencl

    Please go offline, close all browsers and any open Windows, making sure that only HijackThis is open. Scan and when it finishes, put an x in the boxes next to these items, then press *fix checked*

    R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

    R3 - URLSearchHook: (no name) - {1C78AB3F-A857-482e-80C0-3A1E5238A565} - (no file)

    F2 - REG:system.ini: UserInit=C:\Windows\System32\wsaupdater.exe,

    O8 - Extra context menu item: &iSearch The Web - res://C:\WINDOWS\System32\toolbar.dll/SEARCH.HTML

    O16 - DPF: {1C78AB3F-A857-482E-80C0-3A1E5238A565} - file://C:\install.cab

    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/22db4f3...ip/RdxIE601.cab
    ................................
    Reboot your PC

    Delete the following named in bold (if found, a prior cleaning step may have already removed them):

    C:\Windows\System32\wsaupdater.exe

    C:\WINDOWS\System32\toolbar.dll

    Additionally, since you had the Isearch infection, it may have compromised your hosts file to block security sites. Please do a search on your PC for a file named: hosts (you want the one with no extension)

    It is located in the folder listed for your Operating System:

    Windows 95/98/ME c:\windows directory

    Windows NT4/2000/XP/2003 c:\winnt\system32\drivers\etc directory.

    Please open it up - you will need to chose a program to open it with (use Open with Notepad or Wordpad) and look at the entries inside. If you did not place them there yourself, please delete them (just the bad entries - not the the hosts file). Most *bad* entries begin with: O1 - Hosts: 127.0.0.* (where * can be any number) and then a name of a site

    The list may look something like this:

    If you are not sure what to do, please feel free to post your list in this thread and someone will be glad to assist you

    You should then be able to access the sites that you were previously being blocked from.
    .............................................................
    There is also a program available to reset your Hosts file to the default used by Windows. Please note that this instruction will replace any entries in that file - so if you have added entries yourself to the Hosts file, you will need to add them back after resetting your Hosts file with this method.

    Download Hoster from here:
    http://members.aol.com/toadbee/hoster.zip
    Unzip, install the program and run it.
    Press *Restore Original Hosts* and press OK*
    Exit the program, and you should now be able to access the sites you need.
    ..............................
    Ok! Now, please scan once more with HijackThis and post a fresh log please to see if anything else needs to be done :)
     
  3. luvencl

    luvencl Registered Member

    Joined:
    Jun 16, 2004
    Posts:
    3
    Thanks so much for all your great help!!
    I have cleaned up..
    The host file contains:

    127.0.0.1 and.doxdesk.com
    127.0.0.10 eblocs.com
    127.0.0.11 enigmasoftwaregroup.com
    127.0.0.12 forum.aumha.org
    127.0.0.13 free-spyware-scan.com
    127.0.0.14 free-web-browsers.com
    127.0.0.16 grisoft.com
    127.0.0.17 hackfaq.org
    127.0.0.18 hazeleger.net
    127.0.0.19 javacoolsoftware.com
    127.0.0.100 www.spyware-cop.com
    127.0.0.102 www.spywarenuker.com
    127.0.0.103 www.spywareremove.com
    127.0.0.104 www.spywareremove.com
    127.0.0.105 www.stopzillapro.com
    127.0.0.107 www.thiefware.com
    127.0.0.109 www.unwantedlinks.com
    127.0.0.110 www.webattack.com

    Shall I delete all?
    I notice that I am missing the local host entry?
     
  4. luvencl

    luvencl Registered Member

    Joined:
    Jun 16, 2004
    Posts:
    3
    Logfile of HijackThis v1.97.7
    Scan saved at 5:06:53 AM, on 6/18/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Ahead\InCD\InCDsrv.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Cingular\VPN Client\cvpnd.exe
    C:\PROGRA~1\NavNT\DefWatch.exe
    C:\WINDOWS\SYSTEM32\DWRCS.EXE
    C:\WINDOWS\System32\inetsrv\inetinfo.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\mysql\bin\mysqld-nt.exe
    C:\PROGRA~1\NavNT\Rtvscan.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\RealVNC\VNC4\WinVNC4.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
    C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
    C:\Program Files\Ahead\InCD\InCD.exe
    C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\NavNT\vptray.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\MailFrontier\mlfbuddy.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\ATI Multimedia\main\ATISched.EXE
    C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
    C:\Program Files\OLYMPUS\DeviceDetector\DevDtct2.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\PROGRA~1\MICROS~2\OFFICE11\OUTLOOK.EXE
    C:\Program Files\GlobalSCAPE\CuteFTP\cutftp32.exe
    C:\Program Files\Lavasoft\Ad-aware 6\Ad-aware.exe
    C:\Program Files\Lavasoft\Ad-aware 6\Ad-watch.exe
    C:\WINDOWS\System32\WISPTIS.EXE
    C:\Program Files\RadioManager\DRSRadioStreamer.exe
    C:\Program Files\Winamp\winamp.exe
    C:\Program Files\WinRAR\WinRAR.exe
    C:\downloads\hijackthis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://proxy.bscc.bls.com/proxy.pac
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
    O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
    O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe -CheckReg
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
    O4 - HKLM\..\Run: [Device Detector] "C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe" -autorun
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
    O4 - HKLM\..\Run: [SpyHunter] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [Matador] "C:\Program Files\MailFrontier\mlfbuddy.exe" -quiet
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [ATI Scheduler] C:\Program Files\ATI Multimedia\main\ATISched.EXE
    O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
    O4 - Global Startup: Device Detector 2.lnk = C:\Program Files\OLYMPUS\DeviceDetector\DevDtct2.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: VPN Dialer (OnStartup).lnk = ?
    O8 - Extra context menu item: Download All Files by HiDownload - C:\Program Files\HiDownload\HDGetAll.htm
    O8 - Extra context menu item: Download by HiDownload - C:\Program Files\HiDownload\HDGet.htm
    O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
    O9 - Extra button: Trace (HKLM)
    O9 - Extra 'Tools' menuitem: VisualRoute Trace (HKLM)
    O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
    O9 - Extra button: ATI TV (HKLM)
    O9 - Extra button: Research (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Messenger (HKLM)
    O10 - Unknown file in Winsock LSP: c:\progra~1\tcp spy\tcpspylsp.dll
    O10 - Unknown file in Winsock LSP: c:\progra~1\tcp spy\tcpspylsp.dll
    O10 - Unknown file in Winsock LSP: c:\progra~1\tcp spy\tcpspylsp.dll
    O10 - Unknown file in Winsock LSP: c:\progra~1\tcp spy\tcpspylsp.dll
    O10 - Unknown file in Winsock LSP: c:\progra~1\tcp spy\tcpspylsp.dll
    O10 - Unknown file in Winsock LSP: c:\progra~1\tcp spy\tcpspylsp.dll
    O10 - Unknown file in Winsock LSP: c:\progra~1\tcp spy\tcpspylsp.dll
    O10 - Unknown file in Winsock LSP: c:\progra~1\tcp spy\tcpspylsp.dll
    O10 - Unknown file in Winsock LSP: c:\progra~1\tcp spy\tcpspylsp.dll
    O10 - Unknown file in Winsock LSP: c:\progra~1\tcp spy\tcpspylsp.dll
    O10 - Unknown file in Winsock LSP: c:\progra~1\tcp spy\tcpspylsp.dll
    O10 - Unknown file in Winsock LSP: c:\progra~1\tcp spy\tcpspylsp.dll
    O10 - Unknown file in Winsock LSP: c:\progra~1\tcp spy\tcpspylsp.dll
    O10 - Unknown file in Winsock LSP: c:\progra~1\tcp spy\tcpspylsp.dll
    O16 - DPF: {21F49842-BFA9-11D2-A89C-00104B62BDDA} (ChartFX IE 2000 Control) - http://serge.bscc.bls.com/download/CfxIEAx.cab
    O16 - DPF: {2253F320-AB68-4A07-917D-4F12D8884A06} (ChainCast VMR Client Proxy) - http://www.streamaudio.com/download/ccpm_0237.cab
    O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://download.weatherbug.com/minibug/tricklers/AWS/MiniBugTransporter.cab?
    O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc.cab
    O16 - DPF: {4B824B7C-EDE2-4335-819E-98D88FFBCE13} (Cingular.DatePicker) - http://serge.bscc.bls.com/ActiveX/DatePicker/CingularDatePicker.ocx
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/22db4f36f281caa8bf06/netzip/RdxIE601.cab
    O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52...pple.com/mickey/us/win/QuickTimeInstaller.exe
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38004.3205324074
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/aio/eng/check/qdiagh.cab?312
     
  5. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,331
    Location:
    Netherlands
    Those entries are blocking you from visiting security related sites, updating security programs, etc. so please do as CalamityJane advised.

    Your last log looks OK although I'm not very fond of SpyHunter. Having it may give you a false sense of security.

    Please read: Why did I get infected in the first place

    Regards,

    Pieter
     
  6. CalamityJane

    CalamityJane Registered Member

    Joined:
    Sep 29, 2002
    Posts:
    126
    Location:
    Central Florida
    You can use that step to fix your Hosts file back to the default used by Windows. It will get rid of the bad entries and restore the file as it should be.
    ....................................
    And I agree with Pieter about SpyHunter (get rid of it)...Spybot and Adaware are much better and both are FREE. (Thanks for catching that, Pieter!)

    Now that your PC is clean, you'll need to reset your restore points in Windows XP.....why? One of the best features of Windows ME or XP is the System Restore option, however if a malware infects a computer with this operating system it can be backed up in the System Restore folder. Therefore, clearing the restore points is necessary after malware removal.

    To reset your restore points, please note that you will need to log into your computer with an account which has full administrator access. You will know if the account has administrator access because you will be able to see the System Restore tab. If the tab is missing, you are logged in under a limited account.

    (winXP)

    1. Turn off System Restore.
    On the Desktop, right-click My Computer.
    Click Properties.
    Click the System Restore tab.
    Check Turn off System Restore.
    Click Apply, and then click OK.

    2. Reboot.

    3. Turn ON System Restore.
    On the Desktop, right-click My Computer.
    Click Properties.
    Click the System Restore tab.
    UN-Check *Turn off System Restore*.
    Click Apply, and then click OK.

    How to Turn On and Turn Off System Restore in Windows XP
    http://support.microsoft.com/default.aspx?scid=kb;en-us;310405
    ....................................
    Lastly, please do follow the recommendations in Pieter's link for preventing future infections.

    I also recommend this free tool from Microsoft to evaluate and tighten up your System and IE security.

    Get the free tool, Microsoft Baseline Security Analyzer (MBSA) from Microsoft to analyze your PC security for prevention purposes.

    MBSA Version 1.2 will scan for common system misconfigurations on Windows 2000, Windows XP, and Windows Server 2003 systems. This program will identify the system security weaknesses in your browser and operating system and provides easy instructions to correct them. This includes any missing critical Windows security updates, system vulnerabilities and your IE Browser security settings. Get the download here:
    Microsoft Baseline Security Analyzer
    http://www.microsoft.com/technet/security/tools/mbsahome.mspx
     
Thread Status:
Not open for further replies.