MyTechSupport.ca :: Your Computer Technical Resource Headquarters! MyTechSupport.ca :: Your Computer Technical Resource Headquarters!
HOME FORUMS RESOURCES & TOOLS ARTICLES ONLINE STORE ABOUT US
Computer Support Forums arrow Internet & Network Support arrow Security & Viruses arrow Topic: Pop ups from http://ads1.revenue.net/ & yyy11
November 17, 2019, 11:33:42 PM
 

Home Forum Rules Help Search Mobile Version Login Register

Welcome, Guest. Please login or register.
Did you miss your activation email?
November 17, 2019, 11:33:42 PM

Login with username, password and session length
 Featured Sites:
News
Article Writers We are looking for quality, informational articles to add to our Computer Articles
Please contact us if you are interested in submitting some....
  0 Members and 1 Guest are viewing this topic.
Pages: [1] Go Down Print
Author Topic: Pop ups from http://ads1.revenue.net/ & yyy11  (Read 2441 times)
dillony
Newbie
*

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 7


Bookmark and Share

View Profile
« on: October 26, 2004, 07:45:15 PM »

PLEASE SUPPLY RELEVANT INFORMATION:
Operating System Version:Win2k
Problem Application Name & Version:
Problem Hardware Make & Model:
Error Messages:


Pop ups from http://ads1.revenue.net/ and yyy11.html looks like those selling spyware have gotten a hold of my computer. Please help...

Logfile of HijackThis v1.98.2
Scan saved at 1:43:36 PM, on 10/28/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Firebird\bin\ibserver.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\rundll32.exe
C:\WINNT\Explorer.EXE
C:\Program Files\HourTrack 2000\PCClock.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\Microsoft Office\Office\OUTLOOK.EXE
C:\Program Files\Common Files\System\MAPI\1033\nt\MAPISP32.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\dyasso\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ; know malicious sites for known sites for http://securityresponse.symantec.com/avcenter/venc/data/w32.korgo.q.html
O1 - Hosts: ; end of known sites for http://securityresponse.symantec.com/avcenter/venc/data/w32.korgo.q.html
O1 - Hosts: vrp1.dfw-xpc-mii.net localhost
O1 - Hosts: 206.112.99.110 localhost
O1 - Hosts: 206.112.99.111 localhost
O1 - Hosts: 206.65.183.40 localhost
O1 - Hosts: 63.87.252.160 localhost
O1 - Hosts: 68.72.74.141 localhost
O1 - Hosts: 206.65.183.25 localhost
O1 - Hosts: 216.73.87.172 localhost
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [PCClock] "C:\Program Files\HourTrack 2000\PCClock"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [VBundleOuterDL] C:\Program Files\VBouncer\BundleOuter.EXE
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O10 - Unknown file in Winsock LSP: c:\winnt\system32\lspak.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\lspak.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\lspak.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\calsp.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\calsp.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\calsp.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\calsp.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\lspak.dll
O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe
« Last Edit: November 01, 2004, 06:54:34 PM by dillony » Logged

 
dillony
Newbie
*

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 7


Bookmark and Share

View Profile
« Reply #1 on: October 27, 2004, 04:16:48 PM »

Anybody?
Logged

 
jvic
Visiting Administrator
Hero Member
*****

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 1238


Bookmark and Share

View Profile
« Reply #2 on: October 27, 2004, 04:27:07 PM »

I have to leave for work shortly but if no one has gotten to you I will check your log this evening when I return.Also please do not double post.
Logged

John Vickers
dillony
Newbie
*

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 7


Bookmark and Share

View Profile
« Reply #3 on: October 28, 2004, 06:46:13 PM »

quote:
Originally posted by jvic

I have to leave for work shortly but if no one has gotten to you I will check your log this evening when I return.Also please do not double post.



The second post I made wasn't a duplicate, it was my updated hackthis log file, it had changed since the first one I posted and I didn't think I should edit the original post to show the changes. I've edited the original so it is current now.

Thank you for any help.
Logged

 
benditup
Hero Member
*****

Karma: +2/-0
Offline Offline

Gender: Male
Posts: 2105


Bookmark and Share

View Profile
« Reply #4 on: October 28, 2004, 07:44:57 PM »

Hi dillony, can you please post an updated log, it's been a couple days
Let's see if there's anything new before we try a fix

Could you also for now---Download and save to a folder, LSP fix
http://www.cexx.org/lspfix.htm

Also---Download and install
the free version of Ad-Aware SE Personal 1.05
Ensure you have this version or later
If you don't have this verision, uninstall yours and install this one

Could you also--Visit Subratam's site
Download and Save to desktop
 VX2.BetterInternet Finder XP/2k - but please download the version below labelled this (ii) Version Msg126

Don't run these tools yet, I just need you to have them handy

As you can see by your 010 entries your Winsock Layered Service Provider has been hijacked...Don't attempt to fix them with Hijackthis
Since Windows 2000 doesn't utilize the System Restore feature added to Windows XP and Windows ME, this would be a good time to backup your registry
Simply go to
Start, Programs, Accessories, and click backup.
Within backup click the backup tab.
Within the backup tab check "System State"

Save it---FYI if you need to restore you will
use the same utility
After your clean and everything is running good, it probably wouldn't hurt to remove that backup and create another, just something to fall back on Smiley
« Last Edit: October 28, 2004, 07:46:12 PM by benditup » Logged

 
dillony
Newbie
*

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 7


Bookmark and Share

View Profile
« Reply #5 on: October 28, 2004, 08:26:39 PM »

Logfile of HijackThis v1.98.2
Scan saved at 3:26:40 PM, on 10/28/2004
Platform: Windows 2000 SP3 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Firebird\bin\ibserver.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\rundll32.exe
C:\WINNT\Explorer.EXE
C:\Program Files\HourTrack 2000\PCClock.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\Microsoft Office\Office\OUTLOOK.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\System\MAPI\1033\nt\MAPISP32.EXE
C:\Documents and Settings\dyasso\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ; know malicious sites for known sites for http://securityresponse.symantec.com/avcenter/venc/data/w32.korgo.q.html
O1 - Hosts: ; end of known sites for http://securityresponse.symantec.com/avcenter/venc/data/w32.korgo.q.html
O1 - Hosts: vrp1.dfw-xpc-mii.net localhost
O1 - Hosts: 206.112.99.110 localhost
O1 - Hosts: 206.112.99.111 localhost
O1 - Hosts: 206.65.183.40 localhost
O1 - Hosts: 63.87.252.160 localhost
O1 - Hosts: 68.72.74.141 localhost
O1 - Hosts: 206.65.183.25 localhost
O1 - Hosts: 216.73.87.172 localhost
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [PCClock] "C:\Program Files\HourTrack 2000\PCClock"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O10 - Unknown file in Winsock LSP: c:\winnt\system32\lspak.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\lspak.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\lspak.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\calsp.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\calsp.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\calsp.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\calsp.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\lspak.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe

« Last Edit: November 01, 2004, 06:54:06 PM by dillony » Logged

 
benditup
Hero Member
*****

Karma: +2/-0
Offline Offline

Gender: Male
Posts: 2105


Bookmark and Share

View Profile
« Reply #6 on: October 28, 2004, 09:11:40 PM »

A couple of your Hosts entries I don't recognize, we'll remove them for now, don't delete the backups made by hijackthis until everything is running ok...
I'll assume that you also backed up your registry

You may want to print this or save to a notepad file, I'll need you to start in safe mode and stay offline for part of this

Disconnect from the Internet, close out all windows, including this one--Double click to run Lsp fix
Check "I know what I'm doing".
Then select all occurances of lspak.dll and calsp.dll (and nothing else) in the left pane,
click the arrow button to have them moved into the right hand panel.(The Removal Pane)
Click Finish

RESTART your computer into SAFE MODE

Find and delete these files, if they exist--send them to the recycle bin for now
c:\winnt\system32\lspak.dll <--file
c:\winnt\system32\calsp.dll <--file

You may have to Set Windows to Show Hidden Files and Folders

Stay in safe mode
Do another Scan with Hijackthis and put a check next to these entries
and then FIX CHECKED when ALL other windows are closed

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ; know malicious sites for known sites for http://securityresponse.symantec.com/avcenter/venc/data/w32.korgo.q.html
O1 - Hosts: ; end of known sites for http://securityresponse.symantec.com/avcenter/venc/data/w32.korgo.q.html
O1 - Hosts: vrp1.dfw-xpc-mii.net localhost
O1 - Hosts: 206.112.99.110 localhost
O1 - Hosts: 206.112.99.111 localhost
O1 - Hosts: 206.65.183.40 localhost
O1 - Hosts: 63.87.252.160 localhost
O1 - Hosts: 68.72.74.141 localhost
O1 - Hosts: 206.65.183.25 localhost
O1 - Hosts: 216.73.87.172 localhost


The next 2 may have been set by administrator to restrict IE options,
if you didn't set them, please fix them
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present


RESTART into Normal Mode
Open Ad-Aware
CHECK FOR UPDATES
Do a Full system scan----Remove All Critical objects
RESTART your computer to finish the cleaning process

Post back a fresh hijackthis log

Could you also open VX2 finder
"Click to Find VX2.BetterInternet"
Press "Make a log"
Post that log here too

If you run into troubles
Restore the 2 files in recycle bin---Use hijackthis backup feature to restore those entries and use the backup utility to Restore your Registry--They're shouldn't be problems, this is just FYI
RESTART your computer---We'll try other methods for removal

Logged

 
dillony
Newbie
*

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 7


Bookmark and Share

View Profile
« Reply #7 on: October 28, 2004, 10:04:31 PM »

Logfile of HijackThis v1.98.2
Scan saved at 5:03:22 PM, on 10/28/2004
Platform: Windows 2000 SP3 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Firebird\bin\ibserver.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\rundll32.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\cmd.exe
C:\Program Files\HourTrack 2000\PCClock.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Documents and Settings\dyasso\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [PCClock] "C:\Program Files\HourTrack 2000\PCClock"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe



Log for VX2.BetterInternet File Finder (msg126)

Files Found---
C:\WINNT\System32\2hdsrch.dll
C:\WINNT\System32\aqaamon.dll
 
Additional Files---
 
Keys Under Notify---
crypt32chain
cryptnet
cscdll
NavLogon
sclgntfy
SensLogn
Time Zones


Guardian Key--- is called: Time Zones
Asynchronous 000
DllName C:\WINNT\system32\2hdsrch.dll
Impersonate 000
Logon WinLogon
Logoff WinLogoff
Version 126
ID {3CD45AF4-C396-4EE8-A454-A658CD2408E7}
IDex DS4

User Agent String---
{3CD45AF4-C396-4EE8-A454-A658CD2408E7}
« Last Edit: November 01, 2004, 06:55:16 PM by dillony » Logged

 
benditup
Hero Member
*****

Karma: +2/-0
Offline Offline

Gender: Male
Posts: 2105


Bookmark and Share

View Profile
« Reply #8 on: October 28, 2004, 10:42:22 PM »

Let's try this dillon
Again, you may want to print this out
I need you to follow all steps

Sign off and stay off the internet until the entire procedure is complete. Shut down all windows, including this one

Open VX2Finder and click on the *click to find VX2.BetterInternet* button.

Then select the *Delete these files* button.
You will be left with notice about one to be deleted on reboot.
It will ask to reboot on deletion of the last file
Reboot your computer

-----------------
Once back in Windows


Open VX2Finder again and click on these buttons in the right pane:

user agent$, Guardian.reg, restore policy

Exit and reboot.

Run Vx2Finder once more and click on the *click to find VX2.BetterInternet* button. Then click *make log*.
Post it here with a fresh HijackThis log please.
Let me know how things are running

Could you also let me know if you recognize this domain
It looks like something you may use at work
********* ********.com
« Last Edit: November 01, 2004, 10:38:00 PM by benditup » Logged

 
dillony
Newbie
*

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 7


Bookmark and Share

View Profile
« Reply #9 on: October 29, 2004, 01:22:54 PM »

Log for VX2.BetterInternet File Finder (msg126)

Files Found---
 
Additional Files---
 
Keys Under Notify---
crypt32chain
cryptnet
cscdll
NavLogon
sclgntfy
SensLogn


Guardian Key--- is called:

User Agent String---



Logfile of HijackThis v1.98.2
Scan saved at 8:55:34 AM, on 10/29/2004
Platform: Windows 2000 SP3 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Firebird\bin\ibserver.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\Explorer.EXE
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\WINNT\system32\NOTEPAD.EXE
C:\Documents and Settings\dyasso\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [PCClock] "C:\Program Files\HourTrack 2000\PCClock"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe
« Last Edit: November 01, 2004, 06:56:18 PM by dillony » Logged

 
benditup
Hero Member
*****

Karma: +2/-0
Offline Offline

Gender: Male
Posts: 2105


Bookmark and Share

View Profile
« Reply #10 on: October 30, 2004, 12:16:39 AM »

Nothing malicious left in your log,

You can have hijackthis fix this entry,

O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe

And hold onto Ad-Aware, do a Smart System scan once a week if there's an update
You may also like this program, highly recommended by a lot of helpers of hijackthis logs
Spybot S&D 1.3
After installation--SEARCH FOR UPDATES
Download All updates
Check for Problems---FIX everything in RED
Restart your computer afterwards to finish cleaning

You should install these 2 apps., they add extra security while
silently protecting you, without running in the background

SpywareBlaster by JavaCool---will block bad ActiveX and malevolent cookies
Install---Check for Updates---Enable all protection
http://www.javacoolsoftware.com/spywareblaster.html

IE-Spyad---IE-SPYAD puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.
Here is a tutorial and download link
TUTORIAL==Link to Tutorial
Download link==Download link
Scroll down and click on IE-SPYAD.EXE Free!

With both, Check for updates every couple of weeks

And you may be interested in reading this
How did I get Infected?

Let me know how everythings running.....

I know it's the weekend, If I don't hear back from you by Monday I'll lock this thread as it appears your problems are resolved,
if you need it reopened, please PM a Mod and supply a link to this thread

If you do get back to me, I would also like to see what your hosts file looks,
Open Hijackthis>>Config>>Misc Tools>>Open Hosts file manager>>>click
"Open In Notepad"
Copy and paste the Whole contents back here
« Last Edit: October 30, 2004, 12:17:24 AM by benditup » Logged

 
dillony
Newbie
*

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 7


Bookmark and Share

View Profile
« Reply #11 on: November 01, 2004, 06:57:18 PM »

Thank you for all of your help. You have solved everything for me. Everything appears to running smoothly now.

Thanks once again.
Logged

 
Pages: [1] Go Up Print 
 
Jump to:  

Powered by MySQL Powered by PHP

Powered by SMF 1.1.21 | SMF © 2015, Simple Machines

Valid XHTML 1.0! Valid CSS!

Disclaimer
This site is NOT responsible for any damage that the information on this site may cause to your system. Everything you try, whether inspired by the response given from this site or not, is entirely at your own risk. All product names and company names used herein are for identification purpose only and may be trademarks or registered trademarks of their respective owners. We are in no way affiliated or representing any of the companies on this site unless specified.
Back to Top
Stop Spam Harvesters, Join Project Honey Pot Fight Back Against Spammers! Get Firefox! Get Thunderbird! View Sylvain Amyots profile on LinkedIn
Back to Top
Google visited last this page June 21, 2018, 09:10:05 AM