Jump to content

'Redirected Hostile Entry'


Recommended Posts

Hello Boz,

Raid had to take care of some other matters so I will be taking over for him.

Please give me some time to review your logs and post back any logs or other information that Raid may have requested.

Everything is posted, except a .zip attachment that I had to rename a .dat and send by email because I could not upload.

Thank you for your help.

Link to post
Share on other sites
Okay the program has been updated.

Start MB and go to the UPDATE tab and update the program. Then go to the Scanner tab and run a Quick Scan

After it's done reboot your computer.

Run HJT and do a Scan only and then post back the new MB and HJT logs.

.

.......as requested MB and HJT logs follow:

MB:

Malwarebytes' Anti-Malware 1.28

Database version: 1211

Windows 5.1.2600 Service Pack 3

9/26/2008 5:44:42 PM

mbam-log-2008-09-26 (17-44-42).txt

Scan type: Quick Scan

Objects scanned: 52648

Time elapsed: 5 minute(s), 21 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

*****************************************

HJT:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 6:03:07 PM, on 9/26/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16705)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Logitech\CallCentral\CallCentral.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

C:\Program Files\Spyware Doctor\pctsTray.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Anonymizer\Anonymizer Software\Anonymizer.exe

C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe

C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe

C:\Program Files\Anonymizer\Anonymizer Software\AnonASW\AnonAswSvc.exe

C:\Program Files\Anonymizer\Anonymizer Software\Common\AnonMgmtSvc.exe

C:\Program Files\McAfee\SiteAdvisor\McSACore.exe

C:\Program Files\Spyware Doctor\pctsAuxs.exe

C:\Program Files\Spyware Doctor\pctsSvc.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\SearchIndexer.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\System32\alg.exe

C:\Program Files\Anonymizer\Anonymizer Software\common\AnonProxy.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

C:\WINDOWS\System32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://*.mcafee.com

O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab

O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1191179581135

O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--

End of file - 9668 bytes

Link to post
Share on other sites

Okay, overall the logs look pretty good. How is the computer working? Anything that leads you to believe the system is still infected?

Update Java Runtime

You are using an old version of Java. Sun's Java is sometimes updated in order to eliminate the exploitation of vulnerabilities in an existing version. For this reason, it's extremely important that you keep the program up to date, and also remove the older more vulnerable versions from your system. The most current version of Sun Java is: Java Runtime Environment Version 6 Update 7.

  • Go to http://java.sun.com/javase/downloads/index.jsp
  • Go to Java Runtime Environment (JRE) 6 Update 7 and click on Download button.
  • In Platform box choose Windows.
  • Check the box to Accept License Agreement and click Continue.
  • Click on Windows Offline Installation, click on the link under it which says "jre-6u7-windows-i586-p.exe" and save the downloaded file to your desktop.
  • Go to Start => Control Panel => Add or Remove Programs
  • Uninstall all all old versions of Java (Java 3 Runtime Environment, JRE or JSE), etc...
  • Browse to C:\Program Files\Java and remove the JAVA folder.
  • Install the new version by running the newly-downloaded file with the java icon which will be at your desktop, and follow the on-screen instructions.
  • Reboot your computer

Come back and let me know how things are going.

Link to post
Share on other sites
Okay, overall the logs look pretty good. How is the computer working? Anything that leads you to believe the system is still infected?

Update Java Runtime

You are using an old version of Java. Sun's Java is sometimes updated in order to eliminate the exploitation of vulnerabilities in an existing version. For this reason, it's extremely important that you keep the program up to date, and also remove the older more vulnerable versions from your system. The most current version of Sun Java is: Java Runtime Environment Version 6 Update 7.

  • Go to http://java.sun.com/javase/downloads/index.jsp

  • Go to Java Runtime Environment (JRE) 6 Update 7 and click on Download button.

  • In Platform box choose Windows.

  • Check the box to Accept License Agreement and click Continue.

  • Click on Windows Offline Installation, click on the link under it which says "jre-6u7-windows-i586-p.exe" and save the downloaded file to your desktop.

  • Go to Start => Control Panel => Add or Remove Programs

  • Uninstall all all old versions of Java (Java 3 Runtime Environment, JRE or JSE), etc...

  • Browse to C:\Program Files\Java and remove the JAVA folder.

  • Install the new version by running the newly-downloaded file with the java icon which will be at your desktop, and follow the on-screen instructions.

  • Reboot your computer

Come back and let me know how things are going.

OK, I updated JAVA w/ no problems. Thank you for noticing it.

I have cleaned up a lot of viruses, trojans, etc. from my computer recently. However I still suspect something is wrong. My machine sometimes slows to a crawl, and a lot of security programs keep encountering problems... repeatedly.

I first noticed trouble when one day I couldn't reach Norton360 anymore, so I removed it and replaced it with Avast and ZoneAlarm. SiteAdvisor also stops working. I uninstall and reinstall it. It'll work for a couple of days and stops again. I discover my Spyware Doctor (activated in startup) 'disconnected' sometimes. I exit and start again. My Anonymizer (also activated in startup) refuses to come on, w/ a msg. of: "Anonymizer Software has encountered a problem and needs to close." I have uninstalled and reinstalled it a couple of times already.

What do you think ?

Link to post
Share on other sites

Well it could just be a mixture of too many installs, uninstalls, and compatibility issues.

I'm hesitant to spend too much time in the Malware removal forum on this as it really doesn't seem like Malware, but it could be.

STEP 1

Please turn off, disable all the programs that perform blocking activity and run the following routines.

Download CCleaner from
here
to clean temp files from your computer.

  • Double click on the ccsetup.exe file to start the installation of the program.
  • Select your language and click
    OK
    , then
    next
    .

  • Read the license agreement and click
    I Agree
    .

  • Click
    next
    to use the default install location.

  • Under Install Options, choose all the default settings except
    I would recommend that you unclick/untick install the Yahoo! Toolbar, unless you want it. You can also Uncheck the 'Automatically check for updates' box.

  • Click
    Install
    then
    finish
    to complete installation.

  • Double click the
    CCleaner
    shortcut on the desktop to start the program.

  • On the "Windows" tab, under "Internet Explorer," uncheck "Cookies" if you do not want them deleted. (If deleted, you will likely need to reenter your passwords at all sites where a cookie is used to recognize you when you visit).

  • If you use either the Firefox or Mozilla browsers, the box to uncheck for "Cookies" is on the Applications tab, under Firefox/Mozilla.

  • Click on the "Options" icon at the left side of the window, then click on "Advanced."

    deselect
    "Only delete files in Windows Temp folders older than 48 hours."

  • Caution:
    It is not recommended that you use the "Registry" feature unless you are very familiar with the registry as it has been known to find legitimate items.
    Click on Registry and make sure Registry Integrity is UNchecked!

  • Click on the "Cleaner" icon on the left side of the window, then click
    Run Cleaner
    to run the program.

  • After
    CCleaner
    has completed its process, click
    Exit.

STEP 2

Disable Spyware Doctor until the computer is clean

Please disable
Spyware Doctor
, as it may interfere with the fix. To disable Spyware Doctor:
  • Click the Spyware Doctor
    icon in the System Tray.
  • Click
    Settings

  • Click
    Startup Settings
    under Pick a Category.

  • Uncheck Run
    at Windows startup.

  • Click
    Apply
    and Exit Spyware Doctor

  • Reboot your computer

Don't forget to re-enable it, when your computer is clean.

STEP 3

Disable Avast Anti-Virus

Since you have
Avast Anti-Virus
installed on your computer, before you run a scan with Combofix, please do the following.
  • Launch
    Avast Anti-Virus
  • Click
    Menu > Settings > Troubleshooting

  • Check
    Disable Avast self defence module
    then click
    OK

  • Exit out of
    Avast Anti-Virus
    .

Note:Failure to do so will likely cause BSOD (Blue Screen of Death) problems with your computer when Combofix tries to stop Avast running.

STEP 4

Download and Run ComboFix

If you already have Combofix, please delete this copy and download it again as it's being updated regularly.

  • Download this file
    from one of the three below listed places and save it on your
    DESKTOP
    :

    For
    IMPORTANT information
    regarding this download, please visit this webpage and read about it before using it.

    bleepingcomputer.com/combofix/how-to-use-combofix

    You can downoad the program from one of these links:
    1. ComboFix.exe
    2. ComboFix.exe

    3. ComboFix.exe

    [*]
    Very Important!
    Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".

    [*]
    Then double click
    combofix.exe
    and follow the prompts.

    [*]
    When finished, it shall produce
    a log
    for you.
    Post that log
    in your next reply

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Combofix should never take more that 20 minutes including the reboot if malware is detected.

If it does, open
Task Manager
then
Processes
tab (press ctrl, alt and del at the same time) and end any processes of
findstr, find, sed or swreg
, then combofix should continue.

If that happened we want to know, and also what process you had to end

STEP 5

Run HJT again and do a Scan and save the log

STEP 6

Post the logs from ComboFix and HJT back here and we'll take a look and see if we can find anything suspicious on your system.

.

Link to post
Share on other sites
Well it could just be a mixture of too many installs, uninstalls, and compatibility issues.

I'm hesitant to spend too much time in the Malware removal forum on this as it really doesn't seem like Malware, but it could be.

STEP 1

Please turn off, disable all the programs that perform blocking activity and run the following routines.

Download CCleaner from
to clean temp files from your computer.
  • Double click on the ccsetup.exe file to start the installation of the program.

  • Select your language and click
    OK
    , then
    next
    .

  • Read the license agreement and click
    I Agree
    .

  • Click
    next
    to use the default install location.

  • Under Install Options, choose all the default settings except
    I would recommend that you unclick/untick install the Yahoo! Toolbar, unless you want it. You can also Uncheck the 'Automatically check for updates' box.

  • Click
    Install
    then
    finish
    to complete installation.

  • Double click the
    CCleaner
    shortcut on the desktop to start the program.

  • On the "Windows" tab, under "Internet Explorer," uncheck "Cookies" if you do not want them deleted. (If deleted, you will likely need to reenter your passwords at all sites where a cookie is used to recognize you when you visit).

  • If you use either the Firefox or Mozilla browsers, the box to uncheck for "Cookies" is on the Applications tab, under Firefox/Mozilla.

  • Click on the "Options" icon at the left side of the window, then click on "Advanced."

    deselect
    "Only delete files in Windows Temp folders older than 48 hours."

  • Caution:
    It is not recommended that you use the "Registry" feature unless you are very familiar with the registry as it has been known to find legitimate items.
    Click on Registry and make sure Registry Integrity is UNchecked!

  • Click on the "Cleaner" icon on the left side of the window, then click
    Run Cleaner
    to run the program.

  • After
    CCleaner
    has completed its process, click
    Exit.

STEP 2

Disable Spyware Doctor until the computer is clean
Please disable
Spyware Doctor
, as it may interfere with the fix. To disable Spyware Doctor:
  • Click the Spyware Doctor
    icon in the System Tray.

  • Click
    Settings

  • Click
    Startup Settings
    under Pick a Category.

  • Uncheck Run
    at Windows startup.

  • Click
    Apply
    and Exit Spyware Doctor

  • Reboot your computer

Don't forget to re-enable it, when your computer is clean.

STEP 3

Disable Avast Anti-Virus
Since you have
Avast Anti-Virus
installed on your computer, before you run a scan with Combofix, please do the following.
  • Launch
    Avast Anti-Virus

  • Click
    Menu > Settings > Troubleshooting

  • Check
    Disable Avast self defence module
    then click
    OK

  • Exit out of
    Avast Anti-Virus
    .

Note:Failure to do so will likely cause BSOD (Blue Screen of Death) problems with your computer when Combofix tries to stop Avast running.

STEP 4

Download and Run ComboFix

If you already have Combofix, please delete this copy and download it again as it's being updated regularly.
  • Download this file
    from one of the three below listed places and save it on your
    DESKTOP
    :

    For
    IMPORTANT information
    regarding this download, please visit this webpage and read about it before using it.

    You can downoad the program from one of these links:
    1. http://subs.geekstogo.com/ComboFix.exe' rel="external nofollow">

    [*]
    Very Important!
    Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    [*]
    Then double click
    combofix.exe
    and follow the prompts.
    [*]
    When finished, it shall produce
    a log
    for you.
    Post that log
    in your next reply

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open
Task Manager
then
Processes
tab (press ctrl, alt and del at the same time) and end any processes of
findstr, find, sed or swreg
, then combofix should continue.
If that happened we want to know, and also what process you had to end

STEP 5

Run HJT again and do a Scan and save the log

STEP 6

Post the logs from ComboFix and HJT back here and we'll take a look and see if we can find anything suspicious on your system.

.

Thank you for your detailed instructions.

I was away, and now I am ready to do the routine you suggest. I know this may sound a little stupid, but I don't want to take the risk of getting online 'naked'. I want to confirm the exact order of the steps, especially the disabling and re-enabling of the different components.

Should I disable everything (ZA, Spyware Doctor, and Avast) before I start the whole process ?..or

should I first disable ZoneAlarm only

then dwnld and run CCleaner

then (?) disable Spyware Doctor (or disable it before I run CCleaner ?)

.....BTW, there is no 'Pick a Category' or 'Startup Settings' under settings, how about if I just .....uncheck it in MSconfig startup and reboot ?

then, re-enable it ?

then, disable Avast

then, dwnld and run ComboFix

then, run HJT

then re-enable ZA and Avast and post ComboFix and HJT logs?

Thank you for your patience.

Link to post
Share on other sites

Very sorry for the delay, the site has been overburdened with traffic lately.

I would download the required tools, then update MB one more time, then disconnect your network cable and try to finish up the process. Once done re-enable your applications and then hook up your network connection again and post back the results.

Link to post
Share on other sites
Hi Boz,

Please post a status update.

Thanks

Thanks for the follow up.

I haven't had a chance to run the programs yesterday. I am about to leave now. But I'm planning to do my 'homework' this evening. I'll post as soon as I have the logs.

Link to post
Share on other sites
Okay, please post soon and don't install applications or use the computer for general use until we finish cleaning it up otherwise you could get it more infected during the cleanup process.

I followed your instructions and I have a couple of observations/questions.

(1) I seem to have lost the 'Run' function button in 'Start'... how do I get it back ?

(2) IE seems to have taken over as my default browser and installed a new (I already had one) short cut on my desktop

(3) Spyware Doctor detected 88 infections (nothing too serious) when I restarted it. I let it fix them.

Following are the logs:

Combofix

ComboFix 08-09-30.03 - Basil 2008-10-02 7:02:05.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1547 [GMT -5:00]

Running from: C:\Documents and Settings\Basil\Desktop\ComboFix.exe

* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\Documents and Settings\Basil\Cookies\basil@symantec[1].txt

C:\WINDOWS\Downloaded Program Files\ODCTOOLS

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_MCHINJDRV

((((((((((((((((((((((((( Files Created from 2008-09-02 to 2008-10-02 )))))))))))))))))))))))))))))))

.

2008-09-30 18:24 . 2008-09-30 18:24 <DIR> d-------- C:\Program Files\CCleaner

2008-09-26 22:58 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl

2008-09-26 22:57 . 2008-09-26 22:58 <DIR> d-------- C:\Program Files\Java

2008-09-26 22:57 . 2008-09-26 22:57 <DIR> d-------- C:\Program Files\Common Files\Java

2008-09-24 14:46 . 2008-09-24 14:47 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft

2008-09-24 14:45 . 2008-09-24 14:45 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard

2008-09-24 14:01 . 2008-09-24 14:01 <DIR> d-------- C:\Program Files\VS Revo Group

2008-09-24 07:49 . 2008-09-24 07:49 <DIR> d-------- C:\Program Files\Common Files\McAfee

2008-09-24 07:48 . 2008-09-24 09:48 <DIR> d-------- C:\Program Files\McAfee

2008-09-23 10:45 . 2008-09-23 10:45 <DIR> d-------- C:\Documents and Settings\Basil\Application Data\Anonymizer

2008-09-23 10:43 . 2008-09-23 10:43 <DIR> d-------- C:\Program Files\Anonymizer

2008-09-23 10:43 . 2008-09-23 10:43 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Anonymizer

2008-09-23 10:43 . 2008-09-23 10:44 <DIR> d--h----- C:\Documents and Settings\All Users\Application Data\{9E97B640-FCFE-4900-B18A-72FAE662D6B7}

2008-09-19 16:27 . 2008-09-19 16:27 <DIR> d-------- C:\Documents and Settings\Basil\Application Data\Windows Search

2008-09-19 15:53 . 2008-09-19 15:53 <DIR> d-------- C:\Program Files\Microsoft Silverlight

2008-09-19 15:53 . 2008-09-19 15:53 <DIR> d-------- C:\Documents and Settings\Basil\Application Data\Windows Desktop Search

2008-09-19 15:52 . 2008-09-19 15:52 <DIR> d-------- C:\WINDOWS\system32\GroupPolicy

2008-09-19 15:52 . 2008-09-19 15:52 <DIR> d-------- C:\Program Files\Windows Desktop Search

2008-09-19 15:51 . 2008-03-07 12:02 192,000 -----c--- C:\WINDOWS\system32\dllcache\offfilt.dll

2008-09-19 15:51 . 2008-03-07 12:02 98,304 -----c--- C:\WINDOWS\system32\dllcache\nlhtml.dll

2008-09-19 15:51 . 2008-03-07 12:02 29,696 -----c--- C:\WINDOWS\system32\dllcache\mimefilt.dll

2008-09-19 13:29 . 2008-09-19 13:33 <DIR> d-------- C:\Documents and Settings\Basil\Application Data\OfficeUpdate12

2008-09-19 13:28 . 2008-09-19 13:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage

2008-09-18 11:34 . 2008-09-18 11:34 <DIR> d-------- C:\Program Files\Panda Security

2008-09-18 11:34 . 2008-06-19 17:24 28,544 --a------ C:\WINDOWS\system32\drivers\pavboot.sys

2008-09-18 10:38 . 2008-09-18 10:38 <DIR> d-------- C:\Program Files\Trend Micro

2008-09-18 09:41 . 2008-09-18 09:41 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware

2008-09-18 09:41 . 2008-09-18 09:41 <DIR> d-------- C:\Documents and Settings\Basil\Application Data\Malwarebytes

2008-09-18 09:41 . 2008-09-18 09:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes

2008-09-18 09:41 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys

2008-09-18 09:41 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys

2008-09-17 17:34 . 2008-09-17 17:34 <DIR> d-------- C:\Program Files\Windows Defender

2008-09-17 16:27 . 2008-09-17 16:27 <DIR> d-------- C:\Program Files\ZoneAlarmSB

2008-09-17 16:26 . 2008-09-17 16:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier

2008-09-17 14:04 . 2008-09-17 14:04 <DIR> d-------- C:\Program Files\Alwil Software

2008-09-17 10:33 . 2008-09-17 10:33 <DIR> d-------- C:\hp

2008-09-14 11:30 . 2008-09-14 11:30 <DIR> d-------- C:\Program Files\gs

2008-09-14 11:30 . 2008-09-14 11:30 <DIR> d-------- C:\Program Files\G7PS

2008-09-14 11:30 . 2008-09-14 11:30 <DIR> d-------- C:\Program Files\Common Files\G7PS

2008-09-14 11:30 . 2008-09-14 11:30 <DIR> d-------- C:\Documents and Settings\Basil\Application Data\G7PS

2008-09-14 11:30 . 2008-09-14 11:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\VJEcoDBSetup

2008-09-14 11:30 . 2008-09-14 11:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\G7PS

2008-09-14 11:26 . 2008-09-16 20:42 <DIR> d-------- C:\Temp\{9F5FBC24-EFE2-4f90-B498-EC0FB7D47D15}

2008-09-14 11:26 . 2008-09-14 11:27 <DIR> d-------- C:\Program Files\VersaJette M300

2008-09-08 22:43 . 2008-09-08 22:43 <DIR> d-------- C:\Documents and Settings\Basil\Application Data\McAfee

2008-09-08 22:07 . 2008-09-08 22:07 84 --a------ C:\WINDOWS\wininit.ini

2008-09-07 07:10 . 2008-09-07 07:10 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\IEPro

2008-09-06 08:02 . 2008-09-06 08:03 <DIR> d-------- C:\WINDOWS\system32\URTTemp

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-10-02 12:08 5,763,104 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat

2008-10-02 12:05 78,164 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx

2008-10-02 12:05 241,152 ----a-w C:\WINDOWS\Internet Logs\xDB1.tmp

2008-10-02 11:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

2008-10-02 11:33 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP

2008-10-02 11:13 --------- d-----w C:\Program Files\Mozilla Thunderbird

2008-10-01 11:09 --------- d-----w C:\Program Files\Spyware Doctor

2008-09-26 23:04 --------- d-----w C:\Documents and Settings\LocalService\Application Data\SACore

2008-09-24 19:46 --------- d-----w C:\Program Files\Lavasoft

2008-09-24 15:02 --------- d-----w C:\Documents and Settings\Basil\Application Data\skypePM

2008-09-24 15:02 --------- d-----w C:\Documents and Settings\Basil\Application Data\Skype

2008-09-24 12:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee

2008-09-21 14:07 --------- d-----w C:\Documents and Settings\Basil\Application Data\SiteAdvisor

2008-09-17 21:25 --------- d-----w C:\Program Files\Zone Labs

2008-09-17 18:50 --------- d-----w C:\Program Files\Common Files\Symantec Shared

2008-09-17 18:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec

2008-09-14 16:28 --------- d-----w C:\Program Files\Common Files\InstallShield

2008-09-11 23:01 --------- d-----w C:\Program Files\Spybot - Search & Destroy

2008-09-09 03:59 --------- d-----w C:\Documents and Settings\Basil\Application Data\MiniDm

2008-08-31 12:12 --------- d-----w C:\Program Files\Windows Installer Clean Up

2008-08-31 12:10 --------- d-----w C:\Program Files\MSECache

2008-08-25 19:31 524,288 ----a-w C:\WINDOWS\opuc.dll

2008-08-25 16:36 81,288 ----a-w C:\WINDOWS\system32\drivers\iksyssec.sys

2008-08-25 16:36 66,952 ----a-w C:\WINDOWS\system32\drivers\iksysflt.sys

2008-08-25 16:36 40,840 ----a-w C:\WINDOWS\system32\drivers\ikfilesec.sys

2008-07-09 14:05 75,248 ----a-w C:\WINDOWS\zllsputility.exe

2008-01-16 00:42 56,912 ------w C:\Documents and Settings\Basil\g2mdlhlpx.exe

2008-01-04 00:04 32 ------w C:\Documents and Settings\All Users\Application Data\ezsid.dat

2007-03-05 15:41 532,992 ----a-w C:\Program Files\OEView.exe

2007-02-16 17:45 2,790 ----a-w C:\Program Files\OEViewer.txt

2007-10-13 13:12 125,472 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Logitech CallCentral"="C:\Program Files\Logitech\CallCentral\CallCentral.exe" [2007-02-20 366616]

"MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2008-04-13 169984]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-22 39264]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Reboot.exe]

backup=C:\WINDOWS\pss\Reboot.exeCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]

backup=C:\WINDOWS\pss\Windows Search.lnkCommon Startup

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FixCamera

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\snp2std

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tsnp2std

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

--a------ 2008-01-11 23:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Anonymizer]

--a------ 2008-09-23 10:45 1557176 C:\Program Files\Anonymizer\Anonymizer Software\Anonymizer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast!]

--a------ 2008-07-19 09:38 78008 C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

--ah----- 2008-04-13 19:12 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ddoctorv2]

--a------ 2008-04-24 13:25 202560 C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DWQueuedReporting]

--a------ 2007-03-22 20:29 39264 C:\PROGRA~1\COMMON~1\MICROS~1\DW\DWTRIG20.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]

--a------ 2007-02-20 11:47 488984 C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

--------- 2008-04-13 19:12 1695232 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NetZero_uoltray]

--a------ 2007-09-26 13:14 1629184 C:\Program Files\NetZero\exec.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

--a------ 2008-02-01 00:13 385024 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistryMechanic]

--a------ 2008-07-08 16:41 2828184 C:\Program Files\Registry Mechanic\RegMech.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]

-ra------ 2007-12-07 16:08 21686568 C:\Program Files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

--a------ 2008-06-10 04:27 144784 C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]

--a------ 2006-11-03 19:20 866584 C:\Program Files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZoneAlarm Client]

--a------ 2008-07-09 09:05 919016 C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiSPower]

-ra------ 2007-02-28 00:33 53248 C:\WINDOWS\system32\SiSPower.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"WMPNetworkSvc"=3 (0x3)

"WinDefend"=2 (0x2)

"Symantec Core LC"=2 (0x2)

"sprtsvc_ddoctorv2"=2 (0x2)

"sdCoreService"=3 (0x3)

"sdAuxService"=3 (0x3)

"ose"=3 (0x3)

"McAfee SiteAdvisor Service"=2 (0x2)

"LVSrvLauncher"=2 (0x2)

"LiveUpdate Notice Service"=2 (0x2)

"LiveUpdate Notice Ex"=2 (0x2)

"LiveUpdate"=3 (0x3)

"g7bs_device"=3 (0x3)

"comHost"=2 (0x2)

"CLTNetCnService"=2 (0x2)

"ccSetMgr"=2 (0x2)

"ccEvtMgr"=2 (0x2)

"AnonMgmtSvc"=2 (0x2)

"AnonAswSvc"=2 (0x2)

"aawservice"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Program Files\\Messenger\\msmsgs.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\Program Files\\IEPro\\MiniDM.exe"=

"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 pavboot;pavboot;C:\WINDOWS\system32\drivers\pavboot.sys [2008-06-19 28544]

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]

R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]

R3 lvdevenb;Logitech Device Enabler Filter;C:\WINDOWS\system32\DRIVERS\lvdevenb.sys [2006-12-04 35104]

S3 SNP2STD;USB2.0 PC Camera (SNP2STD);C:\WINDOWS\system32\DRIVERS\snp2sxp.sys [ ]

S4 AnonAswSvc;Anonymizer Anti-Spyware Service;C:\Program Files\Anonymizer\Anonymizer Software\AnonASW\AnonAswSvc.exe [2007-10-22 37560]

S4 AnonMgmtSvc;Anonymizer Management Service;C:\Program Files\Anonymizer\Anonymizer Software\Common\AnonMgmtSvc.exe [2007-10-22 37560]

S4 g7bs_device;g7bs_device;C:\WINDOWS\system32\g7bscoms.exe [2005-12-05 491520]

S4 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [2008-09-08 198944]

.

Contents of the 'Scheduled Tasks' folder

.

.

------- Supplementary Scan -------

.

FireFox -: Profile - C:\Documents and Settings\Basil\Application Data\Mozilla\Firefox\Profiles\527inxro.default\

FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\NPZoneSB.dll

.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://*.mcafee.com

O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab

O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1191179581135

O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--

End of file - 7822 bytes

Link to post
Share on other sites
(3) Spyware Doctor detected 88 infections (nothing too serious) when I restarted it. I let it fix them.

Please post the log for Spyware Doctor here so I can see what it says.

Also run MB, update it and do a Quick Scan.

Then post back those 2 logs. If MB finds anything at all then run another HJT scan and post it's log too.

We'll look at fixing the RUN later on. But you should be able to right click and view Properties over the START button and from there click on the Start Menu tab and then Customize and add the RUN command.

IE should actually have an embedded entry on the desktop and not a shortcut. You can delete the shortcut.

Link to post
Share on other sites
Please post the log for Spyware Doctor here so I can see what it says.

Also run MB, update it and do a Quick Scan.

Then post back those 2 logs. If MB finds anything at all then run another HJT scan and post it's log too.

We'll look at fixing the RUN later on. But you should be able to right click and view Properties over the START button and from there click on the Start Menu tab and then Customize and add the RUN command.

IE should actually have an embedded entry on the desktop and not a shortcut. You can delete the shortcut.

Spyware Dr. still comes out "disconnected" at startup. I have to manually shut it down and restart it to keep it on.

But I am not sure what you mean by the Spyware Dr. log or where to find it. So I tried posting the quarantined items, but I don't seem to be able to 'copy' the list after I highlight it. If you need something else let me know.

and here is the MB log also. It came out clean.

Malwarebytes' Anti-Malware 1.28

Database version: 1226

Windows 5.1.2600 Service Pack 3

10/2/2008 6:12:38 PM

mbam-log-2008-10-02 (18-12-38).txt

Scan type: Quick Scan

Objects scanned: 51303

Time elapsed: 3 minute(s), 41 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

*************************************

Thnx.

Link to post
Share on other sites
Okay that looks okay. Was just curious what the 88 items were. As long as MB and SD are not detecting anything now that's good.

Did you get your RUN entry back on your Start Menu?

Got 'Run' working OK now, thanks.

So are you declaring my system totally 'clean' now and good to go ?

BTW, just as a matter of your curiosity, I have a new file on my desktop in which I put all the security programs. However, I can't get the Combofix.exe icon to go in it. I drag and drop, but it just won't do it. It just sits there "proudly independent" :):) Any ideas why ??

Link to post
Share on other sites

Actually we recommend that you don't keep these tools as many of them are updated every day. They should be removed and if or when you need them in the future you can easily download the updated versions.

As for being 100% clean, well no one can guarantee that, but from the scans and the logs there is no indication that your system is still infected.

Please
Download
OTMoveIt2
by Old Timer
and save it to your
Desktop
.
  • Double-click
    OTMoveIt2.exe
    to run it.
  • While connected to the Internet, Click on the green
    CleanUp!
    button and it will populate a list of items to clean from your system that we used or may have used.

  • It should ask if you want to clean up, select Yes and allow the system to clean up these items.

  • DO NOT
    allow it to reboot your system when asked.

  • Copy everything
    in the Results window (under the
    green
    bar), and paste it in your next reply.

  • Close
    OTMoveIt2

NOW

please reboot your computer to finish the cleanup process and post back the log from OTMoveIt2
Link to post
Share on other sites
Actually we recommend that you don't keep these tools as many of them are updated every day. They should be removed and if or when you need them in the future you can easily download the updated versions.

As for being 100% clean, well no one can guarantee that, but from the scans and the logs there is no indication that your system is still infected.

Please
Download
by Old Timer
and save it to your
Desktop
.
  • Double-click
    OTMoveIt2.exe
    to run it.

  • While connected to the Internet, Click on the green
    CleanUp!
    button and it will populate a list of items to clean from your system that we used or may have used.

  • It should ask if you want to clean up, select Yes and allow the system to clean up these items.

  • DO NOT
    allow it to reboot your system when asked.

  • Copy everything
    in the Results window (under the
    green
    bar), and paste it in your next reply.

  • Close
    OTMoveIt2

NOW
please reboot your computer to finish the cleanup process and post back the log from OTMoveIt2

Here are the 'Results'.

When I tried running it the first time, it did not run and my computer froze. I had to cut off its power, restart it and do it all over.

File/Folder avenger.zip not found.

File/Folder avenger.exe not found.

File/Folder Avenger not found.

File/Folder avenger.txt not found.

File/Folder bfu.zip not found.

File/Folder BFU not found.

C:\WINDOWS\subs folder deleted successfully.

C:\QooBox\Quarantine\Registry_backups folder deleted successfully.

C:\QooBox\Quarantine\C\Documents and Settings\Basil\Cookies folder deleted successfully.

C:\QooBox\Quarantine\C\Documents and Settings\Basil folder deleted successfully.

C:\QooBox\Quarantine\C\Documents and Settings folder deleted successfully.

C:\QooBox\Quarantine\C folder deleted successfully.

C:\QooBox\Quarantine folder deleted successfully.

C:\QooBox\BackEnv folder deleted successfully.

C:\QooBox folder deleted successfully.

Service not present: catchme.

Service not present: gmer.

File delete failed. C:\Documents and Settings\Basil\Desktop\OTMoveIt2.exe scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\Basil\Desktop\OTMoveIt2.exe scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\Basil\Desktop\OTMoveIt2.exe scheduled to be deleted on reboot.

Link to post
Share on other sites
Here are the 'Results'.

When I tried running it the first time, it did not run and my computer froze. I had to cut off its power, restart it and do it all over.

File/Folder avenger.zip not found.

File/Folder avenger.exe not found.

File/Folder Avenger not found.

File/Folder avenger.txt not found.

File/Folder bfu.zip not found.

File/Folder BFU not found.

C:\WINDOWS\subs folder deleted successfully.

C:\QooBox\Quarantine\Registry_backups folder deleted successfully.

C:\QooBox\Quarantine\C\Documents and Settings\Basil\Cookies folder deleted successfully.

C:\QooBox\Quarantine\C\Documents and Settings\Basil folder deleted successfully.

C:\QooBox\Quarantine\C\Documents and Settings folder deleted successfully.

C:\QooBox\Quarantine\C folder deleted successfully.

C:\QooBox\Quarantine folder deleted successfully.

C:\QooBox\BackEnv folder deleted successfully.

C:\QooBox folder deleted successfully.

Service not present: catchme.

Service not present: gmer.

File delete failed. C:\Documents and Settings\Basil\Desktop\OTMoveIt2.exe scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\Basil\Desktop\OTMoveIt2.exe scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\Basil\Desktop\OTMoveIt2.exe scheduled to be deleted on reboot.

*********************************

When I restarted the computer, Spyware Dr. did the same ol' trick and came up "disconnected". I restarted it and it detected 33 new infections: Applications.TrackingCookies and Adware.Advertising items.

I hope this helps (?!)

Thnx.

Link to post
Share on other sites

Well for Spyware Dr I think you will need to maybe reinstall the application if you want to continue to use it, or seek further assistance from their support forum. Not sure why it's operating the way it is. As for cookies which it sounds like it's finding they are not harmful.

At this time I don't think there is anymore Malware related issue on your system from the logs. Is there anything else that would lead you to believe otherwise? Any popups or redirects going on?

What other issues are you currently having on the computer?

Link to post
Share on other sites
Well for Spyware Dr I think you will need to maybe reinstall the application if you want to continue to use it, or seek further assistance from their support forum. Not sure why it's operating the way it is. As for cookies which it sounds like it's finding they are not harmful.

At this time I don't think there is anymore Malware related issue on your system from the logs. Is there anything else that would lead you to believe otherwise? Any popups or redirects going on?

What other issues are you currently having on the computer?

I ran ScanDisk and Defrag, and both Spyware Dr. and Anonymizer seem to be behaving so far.

However, two items I don't recognize requested to access the internet.

(1) alg.exe, and

(2)"SupportSoft Agent"

Is it something to worry about ?... I read that SupportSoft Agent is sometimes related to Dell computers. But I do not have a Dell computer.

Thanks.

Link to post
Share on other sites

Hi Boz,

They both seem fine from what I can find. So unless there is something else I will close this thread later today.

The Company competes with Motive, NGB, Fine Point Technologies, 2Wire, Alcatel, Motorola, Siemens, ATG, BMC, CA, eGain, Hewlett Packard, Talisma, Kana, Knova, RightNow and Citrix.

ALG.EXE should be "Application Layer Gateway Service (ALG)"

Link to post
Share on other sites
Hi Boz,
They both seem fine from what I can find. So unless there is something else I will close this thread later today.

ALG.EXE should be "Application Layer Gateway Service (ALG)"

http://www.castlecops.com/o23list-75.html' rel="external nofollow">

Thank you for all your help ! :)

Link to post
Share on other sites

At this time your system appears to be clean. Nothing else in the logs indicates that you are still infected.

Now that you appear to be clean, please follow these simple steps in order to keep your computer clean and secure:

Disable and Enable System Restore-WINDOWS XP

This is a good time to clear your existing system restore points and establish a new clean restore point:

Turn off System Restore

  • On the Desktop, right-click My Computer.
  • Click Properties.

  • Click the System Restore tab.

  • Check Turn off System Restore.

  • Click Apply, and then click OK.

  • Reboot.

Turn ON System Restore

  • On the Desktop, right-click My Computer.
  • Click Properties.

  • Click the System Restore tab.

  • UN-Check *Turn off System Restore*.

  • Click Apply, and then click OK.

This will remove all restore points except the new one you just created.

Here are some free programs I recommend that could help you improve your computer's security.

Spybot Search and Destroy 1.5.2

Download it from
here
. Just choose a mirror and off you go.

Find here the tutorial on how to use Spybot properly
here

Install SpyWare Blaster 4.1

Download it from
here

Find here the tutorial on how to use Spyware Blaster
here

Install WinPatrol

Download it from
here

Here you can find information about how WinPatrol works
here

Install FireTrust SiteHound

You can find information and download it from
here

Install MVPS Hosts File

from here

The MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer.

You can find a tutorial here :
http://www.mvps.org/winhelp2002/hosts.htm

Update your Antivirus programs and other security products regularly to avoid new threats that could infect your system.

You can use one of these sites to check if any updates are needed for your pc.

Visit Microsoft often to get the latest updates for your computer.

The windows firewall is not sufficient to protect your system. It doesn't monitor outgoing traffic and this is a must. I recommend
Online Armor Free

A little outdated but good reading on

how to prevent Malware

Keep safe online and happy surfing.

Since this issue is resolved I will soon close the thread to prevent others from posting into it. If you need assistance please start your own topic and someone will be happy to assist you.

The fixes and advice in this thread are for this machine only. Do not apply to your machine unless you
Fully Understand

how these programs work and what you're doing. Please start a thread of your own and someone will be happy to help you, just follow the Pre-Hijackthis instructions found here before posting
Pre- HJT Post Instructions

Also don't forget that we offer
FREE
assistance with General PC questions and repair here
PC Help

If you're pleased with the product
Malwarebytes
and the service provided you, please let your friends, family, and co-workers know.
http://www.malwarebytes.org

.

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.