InterviewSolution
Saved Bookmarks
InterviewSolution
| 1. |
Solve : MSN Virus [RESOLVED]? |
|
Answer» SORRY for the delay in an update, i'm afraid that the PC is running so *censored* comparatively well that i keep forgetting that i even had a problem! All of the leud pop-ups are gone, speed is good and it doesn't keep asking me to download questionable virus protectors. Here's the latest Hijack This file. Logfile of Trend Micro HijackThis v2.0.0 (BETA) Scan saved at 15:57:55, on 27/05/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\system32\alpsfsvc.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\WINDOWS\runservice.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Silicon Integrated Systems\SiSRaidPackage\SRaid.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\printray.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe C:\Program Files\AIM\aim.exe C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe C:\WINDOWS\system32\sistray.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Dan\My Documents\Dan's Music\Wavetune Themes\HiJackThis_v2.exe --->--> R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer Provided By Wanadoo R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll O3 - Toolbar: Wanadoo - {8B68564D-53FD-4293-B80C-993A9F3988EE} - C:\WINDOWS\system32\WSBar.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll O4 - HKLM\..\Run: [AOL_Demo] "C:\Applications\Tool\AOL Demo\DSGDemo.exe" O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [SiSRaid] "C:\Program Files\Silicon Integrated Systems\SiSRaidPackage\SRaid.exe" O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [SiSPower] "Rundll32.exe" SiSPower.dll,ModeAgent O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\printray.exe O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\system32\LXSUPMON.EXE RUN O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [4oD] "C:\Program Files\Kontiki\KHost.exe" -all O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe" O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Search with Wanadoo - res://C:\WINDOWS\system32\WSBar.dll/VSearch.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.pcservicecall.co.uk O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab O16 - DPF: {15AC034D-14DF-4AF8-9D02-29E1F56A8235} (Virgin Digital MusicNet Class) - http://www.virgindigital.co.uk/activeX/VirginWMA.cab O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {45A0A292-ECC6-4D8F-9EA9-A4BD411D24C1} (king.com) - http://games.king.com/ctl/kingcomie.cab O16 - DPF: {47CEF84E-92D8-4C4A-86D7-CB982889DCC0} (Oberon Media Network Optimizer) - http://mp1.mplay.oberon-media.com/client/flashnet.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game11.zylom.com/activex/zylomgamesplayer.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{42674042-8611-4CE1-B2CB-6CA1A71C299A}: NameServer = 195.92.195.95 195.92.195.94 O17 - HKLM\System\CS1\Services\Tcpip\..\{42674042-8611-4CE1-B2CB-6CA1A71C299A}: NameServer = 195.92.195.95 195.92.195.94 O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: COMPONENT Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: AlProSoft Support Service (AlProSoftSupSvc) - TODO: - C:\WINDOWS\system32\alpsfsvc.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe -- End of file - 8644 bytes You're right Matt, about the AllPro Soft thing, never heard of it and never intended to download it. With regards to the king.com files, i presume they'll forever be there because other people who use this computer play games on king.com . Well, your log looks a lot better. Our efforts appear to have been successful. I wouldn't worry too much about the King.com entry. Some people say to remove it, but it shouldn't be harmful. If you don't recognize AlProSoft, then go ahead and fix this entry... O23 - Service: AlProSoft Support Service (AlProSoftSupSvc) - TODO: <Company name> - C:\WINDOWS\system32\alpsfsvc.exe Then reboot in Safe Mode and use Add/Remove Programs to uninstall any mention of AlProSoft Support Service. Then (with hidden files and folders revealed) delete: C:\WINDOWS\system32\alpsfsvc.exe Let me know if you have any trouble. Other than that, your log looks clean to me. And I'm glad to hear that things are running better. You have some good anti-malware programs, so I don't think I need to give you a lecture on that. I would suggest getting AdAware, though. It would also be a good idea to have SpywareBlaster, which will help make your internet browsing a bit safer. I don't spot a firewall on your computer, so you should look into getting one. There are plenty of good free options, such as Kerio Personal Firewall and ZONEALARM. To learn more about how to protect yourself while on the internet, read this article by Tony Klein: So how did I get infected in the first place?.Awesome, thankyou V E R Y much for helping me through that stuff, same thanks go to oddjob. I REALLY appreciate the help. What i would ask quickly though, with regards to firewalls - i've been using Avast's firewall for some time, is that adequate protection - because i've tried Zone Alarm and it's completely annoying.As far as I know, Avast! doesn't have a firewall... It comes with Network Shield, which has some features of a firewall, but it's not a full-fledged firewall. If ZoneAlarm doesn't suit you, there are others such as Kerio (mentioned above), Comodo, Jetico, or Ashampoo (avoid giving them your e-mail). And although I'm not fond of Symantec, there's also Sygate.Right, i'm on Comodo. I was going to ask, are Window's Firewalls not adequate then? It's just, having security programs gets me concerned about everything. I end up monitoring them for ages just to see what actually happens, and then these particular firewalls need you to allow all sorts of programs to connect, which is just alot of hassle for the less computer literates in my HOUSEHOLD. I always thought a firewall was just that ... a device that prevented hackers and bad things from getting onto your PC, never knew they were this sophisticated.the reason is so that if you do get infected the bad program cant send info back to the creator Quote from: Gliff on May 29, 2007, 03:52:40 PM Right, i'm on Comodo. I was going to ask, are Window's Firewalls not adequate then? It's just, having security programs gets me concerned about everything. I end up monitoring them for ages just to see what actually happens, and then these particular firewalls need you to allow all sorts of programs to connect, which is just alot of hassle for the less computer literates in my household. I always thought a firewall was just that ... a device that prevented hackers and bad things from getting onto your PC, never knew they were this sophisticated.Windows Firewall is better than nothing, but it's always a good idea to have something with better protection and more features. I know it seems like a bit of a hassle at first, but once you get used to it, it won't feel so bothersome. And besides, if you ask me, it's worth the protection.Actually, since installing yesterday and a bit of accepting needed to allow certain programs to connect to the internet, Comodo is a nice program. Quiet, but it does the job. Thanks for all of your advice, if anyone i know gets computer problems, i will no doubt direct them here! The help has been fantastic, and i appreciate it to no extent. Thanks!You're very welcome, Gliff. I'm just glad I was able to help you out. As this issue appears to be resolved, I am closing this topic. If you would like this topic to be re-opened for any reason, PM me or another moderator and it can be arranged. If you are not the original poster and you require help, please start a New Topic with information about your computer and your problem. |
|