PDA

View Full Version : E2G PROBLEM!! plss help me


levskarcheto
2006-05-03, 05:57
ok........i have a E2G spyware.....i have tried EVERYTHING.....and none of it works...i saw the post where it said to use HJT but it didn't work......when i tried to delete the files that were mentioned it showed an error saying "An unexpected error has occured at procedure :modbackup_Makebackup(the file name) Error #5, invalid procedure call or argument.
here is a copy of HiJackThis log



Logfile of HijackThis v1.99.1
Scan saved at 10:55:10 PM, on 5/2/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Windows Media Connect 2\wmccds.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\RP65\Wireless LAN Utility\WLANmon.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\AOL\1142900808\ee\AOLSoftware.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Yahoo!\WidgetEngine\YahooWidgetEngine.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Yahoo!\WidgetEngine\YahooWidgetEngine.exe
C:\Program Files\Yahoo!\WidgetEngine\YahooWidgetEngine.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Galin Dragiev\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R3 - URLSearchHook: (no name) - <default> - (no file)
O1 - Hosts: <html><head>
O1 - Hosts: <title>TbG :: Anal.School.3-BLUEBALLS</title>
O1 - Hosts: <link rel="stylesheet" href="/darkbluegrey.css" type="text/css">
O1 - Hosts: <LINK REL="alternate" TITLE="TBG RSS" HREF="http://torrents-bg.com/rss.xml" TYPE="application/rss+xml">
O1 - Hosts: </head>
O1 - Hosts: <body>
O1 - Hosts: <table width=100% cellspacing=0 cellpadding=0 style='background: transparent'>
O1 - Hosts: <tr>
O1 - Hosts: <td class=clear width=49%>
O1 - Hosts: </td>
O1 - Hosts: <td class=clear>
O1 - Hosts: <div align=center>
O1 - Hosts: <img src=/pic/logo.gif align=center>
O1 - Hosts: </div>
O1 - Hosts: </td>
O1 - Hosts: <td class=clear width=49% align=right>&nbsp;
O1 - Hosts: </td>
O1 - Hosts: </tr></table>
O1 - Hosts: <table class=mainouter width=100% border="1" cellspacing="0" cellpadding="10">
O1 - Hosts: <tr><td class=outer align=center>
O1 - Hosts: <table class=main width=741 cellspacing="0" cellpadding="5" border="0">
O1 - Hosts: <tr>
O1 - Hosts: <td align="center" class="navigation"><a href=/>Начало</a></td>
O1 - Hosts: <td align="center" class="navigation"><a href=/browse.php>Торенти</a></td>
O1 - Hosts: <td align="center" class="navigation"><a href=/my.php>Профил</a></td>
O1 - Hosts: <td align="center" class="navigation"><a href=/chat.php>Чат</a></td>
O1 - Hosts: <td align="center" class="navigation"><a href=/forums.php>Форум</a></td>
O1 - Hosts: <td align="center" class="navigation"><a href=/topten.php>Топ 10</a></td>
O1 - Hosts: <td align="center" class="navigation"><a href=/log.php>Лог</a></td>
O1 - Hosts: <td align="center" class="navigation">Правила</td>
O1 - Hosts: <td align="center" class="navigation">FAQ</td>
O1 - Hosts: <td align="center" class="navigation"><a href=/links.php>Линкове</a></td>
O1 - Hosts: <td align="center" class="navigation"><a href=/mail.php>Поща</a></td>
O1 - Hosts: </tr>
O1 - Hosts: </table>
O1 - Hosts: </td>
O1 - Hosts: </tr>
O1 - Hosts: <tr><td align=center class=outer style="padding-top: 20px; padding-bottom: 20px">
O1 - Hosts: <h1>Anal.School.3-BLUEBALLS </h1>
O1 - Hosts: <table width=750 border="1" cellspacing="0" cellpadding="5">
O1 - Hosts: <tr><td class=rowhead width=1%>Download</td><td width=99% align=left><a class="index" href="download.php/6727/Anal.School.3-BLUEBALLS.torrent">Anal.School.3-BLUEBALLS.torrent</a></td></tr>
O1 - Hosts: <tr><td class="heading" valign="top" align="right"></td><td valign="top" align=left style='padding: 0px'>
O1 - Hosts: <script type="text/javascript"><!--
O1 - Hosts: google_ad_client = "pub-3484090349569129";
O1 - Hosts: google_ad_width = 728;
O1 - Hosts: google_ad_height = 90;
O1 - Hosts: google_ad_format = "728x90_as";
O1 - Hosts: google_ad_type = "text";
O1 - Hosts: google_ad_channel ="";
O1 - Hosts: google_color_border = "BCCAD6";
O1 - Hosts: google_color_bg = "BCCAD6";
O1 - Hosts: google_color_link = "FFFFFF";
O1 - Hosts: google_color_url = "000000";
O1 - Hosts: google_color_text = "000000";
O1 - Hosts: /--></script>
O1 - Hosts: <div align="left">
O1 - Hosts: <script type="text/javascript"
O1 - Hosts: src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
O1 - Hosts: </script>
O1 - Hosts: </div>
O1 - Hosts: <a href=http://torrents-bg.com/sendmessage.php?receiver=1>За реклама</a>
O1 - Hosts: </td>
O1 - Hosts: </tr>
O2 - BHO: CControl Object - {3643ABC2-21BF-46B9-B230-F247DB0C6FD6} - C:\Program Files\E2G\IeBHOs.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: Alive Text to Speech - {954F618B-0DEC-4D1A-9317-E0FC96F87865} - C:\PROGRA~1\ALIVEM~1\TEXTTO~1\IETOOL~1.DLL
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [RP65 Wireless LAN Utility] C:\Program Files\RP65\Wireless LAN Utility\WLANmon.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1142900808\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [pop06ap] C:\WINDOWS\pop06ap2.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime Alternative\qttask.exe" -atboottime
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: Yahoo! Widget Engine.lnk = C:\Program Files\Yahoo!\WidgetEngine\YahooWidgetEngine.exe
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Download All by FlashGet - C:\PROGRA~1\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\PROGRA~1\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.mmohsix.com
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: iniwin32.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe


thank you for your help! i appreciate it
shelf life
2006-05-05, 02:51
hi levskarcheto,

lets try this:
scan with HJT, put a checkmark beside the items below, close all windows and click fix checked. (all the 01 items)

R3 - URLSearchHook: (no name) - <default> - (no file)

O1 - Hosts: <html><head>
O1 - Hosts: <title>TbG :: Anal.School.3-BLUEBALLS</title>
O1 - Hosts: <link rel="stylesheet" href="/darkbluegrey.css" type="text/css">
O1 - Hosts: <LINK REL="alternate" TITLE="TBG RSS" HREF="http://torrents-bg.com/rss.xml" TYPE="application/rss+xml">
O1 - Hosts: </head>
O1 - Hosts: <body>
O1 - Hosts: <table width=100% cellspacing=0 cellpadding=0 style='background: transparent'>
O1 - Hosts: <tr>
O1 - Hosts: <td class=clear width=49%>
O1 - Hosts: </td>
O1 - Hosts: <td class=clear>
O1 - Hosts: <div align=center>
O1 - Hosts: <img src=/pic/logo.gif align=center>
O1 - Hosts: </div>
O1 - Hosts: </td>
O1 - Hosts: <td class=clear width=49% align=right>&nbsp;
O1 - Hosts: </td>
O1 - Hosts: </tr></table>
O1 - Hosts: <table class=mainouter width=100% border="1" cellspacing="0" cellpadding="10">
O1 - Hosts: <tr><td class=outer align=center>
O1 - Hosts: <table class=main width=741 cellspacing="0" cellpadding="5" border="0">
O1 - Hosts: <tr>
O1 - Hosts: <td align="center" class="navigation"><a href=/>Начало</a></td>
O1 - Hosts: <td align="center" class="navigation"><a href=/browse.php>Торенти</a></td>
O1 - Hosts: <td align="center" class="navigation"><a href=/my.php>Профил</a></td>
O1 - Hosts: <td align="center" class="navigation"><a href=/chat.php>Чат</a></td>
O1 - Hosts: <td align="center" class="navigation"><a href=/forums.php>Форум</a></td>
O1 - Hosts: <td align="center" class="navigation"><a href=/topten.php>Топ 10</a></td>
O1 - Hosts: <td align="center" class="navigation"><a href=/log.php>Лог</a></td>
O1 - Hosts: <td align="center" class="navigation">Правила</td>
O1 - Hosts: <td align="center" class="navigation">FAQ</td>
O1 - Hosts: <td align="center" class="navigation"><a href=/links.php>Линкове</a></td>
O1 - Hosts: <td align="center" class="navigation"><a href=/mail.php>Поща</a></td>
O1 - Hosts: </tr>
O1 - Hosts: </table>
O1 - Hosts: </td>
O1 - Hosts: </tr>
O1 - Hosts: <tr><td align=center class=outer style="padding-top: 20px; padding-bottom: 20px">
O1 - Hosts: <h1>Anal.School.3-BLUEBALLS </h1>
O1 - Hosts: <table width=750 border="1" cellspacing="0" cellpadding="5">
O1 - Hosts: <tr><td class=rowhead width=1%>Download</td><td width=99% align=left><a class="index" href="download.php/6727/Anal.School.3-BLUEBALLS.torrent">Anal.School.3-BLUEBALLS.torrent</a></td></tr>
O1 - Hosts: <tr><td class="heading" valign="top" align="right"></td><td valign="top" align=left style='padding: 0px'>
O1 - Hosts: <script type="text/javascript"><!--
O1 - Hosts: google_ad_client = "pub-3484090349569129";
O1 - Hosts: google_ad_width = 728;
O1 - Hosts: google_ad_height = 90;
O1 - Hosts: google_ad_format = "728x90_as";
O1 - Hosts: google_ad_type = "text";
O1 - Hosts: google_ad_channel ="";
O1 - Hosts: google_color_border = "BCCAD6";
O1 - Hosts: google_color_bg = "BCCAD6";
O1 - Hosts: google_color_link = "FFFFFF";
O1 - Hosts: google_color_url = "000000";
O1 - Hosts: google_color_text = "000000";
O1 - Hosts: /--></script>
O1 - Hosts: <div align="left">
O1 - Hosts: <script type="text/javascript"
O1 - Hosts: src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
O1 - Hosts: </script>
O1 - Hosts: </div>
O1 - Hosts: <a href=http://torrents-bg.com/sendmessage.php?receiver=1>За реклама</a>
O1 - Hosts: </td>
O1 - Hosts: </tr>

O2 - BHO: CControl Object - {3643ABC2-21BF-46B9-B230-F247DB0C6FD6} - C:\Program Files\E2G\IeBHOs.dll
-------------------------------------------
now look in C:\Program Files and delete the entire E2G folder.

reboot computer once, rescan and post a new hjt log

shelf life
levskarcheto
2006-05-05, 04:23
ok i did what you told me to do, but i couldn't delete the E2G folder because it said it is in use, so i went to Safe Mode and deleted it from there, everything else i did as you told me to do. Here is my new HJT log


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
O2 - BHO: CControl Object - {3643ABC2-21BF-46B9-B230-F247DB0C6FD6} - C:\Program Files\E2G\IeBHOs.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: Alive Text to Speech - {954F618B-0DEC-4D1A-9317-E0FC96F87865} - C:\PROGRA~1\ALIVEM~1\TEXTTO~1\IETOOL~1.DLL
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [RP65 Wireless LAN Utility] C:\Program Files\RP65\Wireless LAN Utility\WLANmon.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1142900808\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [pop06ap] C:\WINDOWS\pop06ap2.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime Alternative\qttask.exe" -atboottime
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: Yahoo! Widget Engine.lnk = C:\Program Files\Yahoo!\WidgetEngine\YahooWidgetEngine.exe
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Download All by FlashGet - C:\PROGRA~1\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\PROGRA~1\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.mmohsix.com
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://activation.rr.com/install/download/tgctlcm.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: iniwin32.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
shelf life
2006-05-05, 04:38
hi levskarcheto,

ok good. shelf life missed something. this time we will get one more app to run, then use hjt, then boot into safe mode to run ewido. ok:
----------------------------------------
1. Download Ewido and install
Ewido anti malware. It is a free trial version of the program:

http://www.ewido.net/en/download/

2. Install ewido anti malware
3. Launch ewido, there should be an icon on your desktop double-click it.
4. The program will now go to the main screen

You will need to update ewido to the latest definition files.

1. On the left hand side of the main screen click update
2. Then click on Start Update

The update will start and a progress bar will show the updates being installed.
If you are having problems with the updater, you can use Ewido manual updates

after you have ewido updated, scan with hjt and have it fix:

O2 - BHO: CControl Object - {3643ABC2-21BF-46B9-B230-F247DB0C6FD6} - C:\Program Files\E2G\IeBHOs.dll

O4 - HKLM\..\Run: [pop06ap] C:\WINDOWS\pop06ap2.exe

O15 - Trusted Zone: *.mmohsix.com

O20 - AppInit_DLLs: iniwin32.dll
----------------------------
ok now boot directly into SAFE MODE, i guess you already know how to do that.

once in safe mode scan with ewido:
Click on scanner
Click Complete System Scan and the scan will begin.
During the scan it will prompt you to clean files, click OK
When it asks if you want to clean the first file, put a check in the lower left corner of the box that says "Perform action on all infections" then choose clean and click OK.
When the scan is finished, click the Save report button at the bottom of the screen.
Save the report to your desktop

Close Ewido

look once more and delete e2g folder located here:C:\Program Files if present
--------------------------------
reboot normally, scan and post a new hjt log.......shelf life
levskarcheto
2006-05-05, 17:15
ok all did everything.......and right now when i rebooted checked if the E2G folder is there and it was there, here is my HJT log:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
O2 - BHO: CControl Object - {3643ABC2-21BF-46B9-B230-F247DB0C6FD6} - C:\Program Files\E2G\IeBHOs.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: Alive Text to Speech - {954F618B-0DEC-4D1A-9317-E0FC96F87865} - C:\PROGRA~1\ALIVEM~1\TEXTTO~1\IETOOL~1.DLL
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [RP65 Wireless LAN Utility] C:\Program Files\RP65\Wireless LAN Utility\WLANmon.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1142900808\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: Yahoo! Widget Engine.lnk = C:\Program Files\Yahoo!\WidgetEngine\YahooWidgetEngine.exe
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Download All by FlashGet - C:\PROGRA~1\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\PROGRA~1\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://activation.rr.com/install/download/tgctlcm.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: iniwin32.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

levskarcheto
shelf life
2006-05-06, 00:36
hi levskarcheto,

ok we will try two things. might copy/paste this to notepad and save it somewhere so you can read it. we will be in SAFE MODE.
---------------
make sure files are set to show:
FOr XP: on the desktop double click my computer,go to tools>folder options>view> then select "show hidden files and folders", then UNcheck "hide protected operating system files " also UNcheck "hide extensions for known file types" click apply to all folders, apply then ok
----------------
1) Boot computer into SAFE MODE use hjt and select this line to "fix"

O20 - AppInit_DLLs: iniwin32.dll
------------------
now manually try to find the iniwin32.dll located here:C:\WINDOWS\system32
if you find it attempt to delete it.
next see if you can delete the e2g folder in C:\Program Files

reboot normally rescan with hjt, see if the folder shows back up in the log or this line O20 - AppInit_DLLs: iniwin32.dll.

if so go to step 2:
--------------------
2)
go to start>run> type in cmd. a dos prompt should open in a new window. at the prompt type:regsvr32 /u iniwin32.dll (note space after 32 and /u) hit enter, then delete the e2g folder and the iniwin32.dll in system32 dir.

shelf life
shelf life
2006-05-06, 01:14
hi again.

in case the above fails.
when you try to delete the e2g folder in c program files. do you get a windows popup like: "Access is denied", or "cannot delete", "file in use" or any message? let me know. thanks....
levskarcheto
2006-05-06, 01:27
yeah it did fail :(
i went into safe mode, and ran HJT and tried to delete the file, it gave me an error that i can not delete it. After that I tried to delete that file manually, but it said that the file is in use and cannot delete it. I didn't get to the E2G folder, but i have tried to delete it hundreds of time before, and it does delete, but it come back in about 1 to 2 seconds.
let me know if you need some more information
10x for the help until now :)

levskarcheto
levskarcheto
2006-05-06, 01:38
oh and for the second step, i tried to do that, and the messege was "the file was found and loaded, but the DllUnregister Server entry point was not found; this file can not be registered" and then again i couldn't delete that file from C windows System32.........and the E2G folder was the same, pops back up in 2 seconds
shelf life
2006-05-06, 03:52
hi levskarcheto,

crap. ok do this.
go to start>run and type in regedit then click the + signs in left column for each of these:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows

when done should see APPInit DLLS in right side column
go to--at top Registry>export registry file>call it reg.txt and save as type:all files, save it to your desktop. then copy/paste that txt file in next reply.
--------------------------
may as well try this: its freeware, called unlocker can get it here:
http://ccollomb.free.fr/unlocker/

download and install, find the offending .dll in the system32 dir. right click on it and you will see a selection for unlocker. click on unlocker and some options will come up, delete, rename. try delete first. also do same for the e2g folder in program files.
if it dosnt work, just uninstall it via add/remove programs panel if you want.

shelf life
levskarcheto
2006-05-06, 05:44
I'm not sure if this is what you wanted.......if its something different let me know..... For the Unlocker, i counldn't get the delete to work, i might be doing it wrong, but i don't know, i got the rename to work, but not the delete........


Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="iniwin32.dll"
"DeviceNotSelectedTimeout"="15"
"GDIProcessHandleQuota"=dword:00002710
"Spooler"="yes"
"swapdisk"=""
"TransmissionRetryTimeout"="90"
"USERProcessHandleQuota"=dword:00002710




let me know if you need something else
10x

levskarcheto
shelf life
2006-05-06, 22:58
hi levskarcheto,

thanks for all the info. you might be intrested in viewing this thread with the same problem:

http://forums.spybot.info/showthread.php?p=23855#post23855
----------------------------------------
in any case follow the instructions here; see if it helps any:

http://forums.majorgeeks.com/showthread.php?t=90586
levskarcheto
2006-05-07, 02:06
IT WORKED!!!! 10x for all the help! You guys are the best!
Can you just do me one favor?
Can you look at my HJT log and tell me if there is anything that I have to fix?I will now run Ad-Aware and Spybot and see if there is anything in there! thanks a lot, and here is my HJT log if you can pls look at it and tell me if there is something I can fix!
shelf life
2006-05-07, 16:06
hi levskarcheto,

good. glad it worked, that was much easier than what i was going to suggest trying.


Can you look at my HJT log and tell me if there is anything that I have to fix?

sure, do a hjt scan after you run ad aware and spybot search and destroy.
levskarcheto
2006-05-09, 01:08
I am so stupid, i had the log copied and everything and i forgot to paste it:( yeah i'm stupid......well 10x for everything, i ran spybot and ad-aware and everything was good, so i don't thing i'll need the HJT for now.
10x again and good luck
shelf life
2006-05-09, 01:29
hi levskarcheto,

ok. glad to help, happy safe surfing out there, for your reference:

Be careful of what you download, and where you download it from. Many programs come bundled with extra software.You may be installing more than you think. Make sure you understand what it is you will be downloading and installing to your computer. Visit the makers website, learn more about the program, Does the program you want come bundled with other "3rd party" programs? What do the 3rd party programs do? Will they deliver ads? Track your surfing habits?. Read the EULA agreement, you know, that paragraph of stuff you "agree to" before the software installs? If you search hard enough you can always find a "clean" alternative to any software. Stay away from warez and crack sites. Becarful what you download from file sharing networks. If you are not sure, scan it with your Antivirus app. A small file (in KB) is probably not what you think it is. DO YOU TRUST THE SOURCE? Check this database:Spyware Guide (http://www.spywareguide.com/)

Make sure you keep your Windows OS current by visiting Windows update (http://v4.windowsupdate.microsoft.com/en/default.asp)
occasionaly to download and install any critical updates and service packs. With out these you are leaving the backdoor open.

Adjust your browser settings: Change your(active x) settings in IE. With IE open go to tools, internet options, security tab. Click on the internet globe, then custom level. Set the first option "download signed active x controls" to prompt, the next two to disable. Read more:
Internet Explorer Privacy & Security Settings (https://netfiles.uiuc.edu/ehowes/www/btw/ie/ie-opts.htm)
Working with Internet Explorer 6 Security (http://www.microsoft.com/windows/ie/using/howto/security/settings.mspx)
Many exploits are directed at Internet Explorer, you dont have to use it. Try a different browser. You can have and use more than one browser on your computer.
Like Firefox (http://www.mozilla.org/products/firefox/),


Install a Firewall:A firewall will control what comes in from the internet and what leaves your computer to the internet. A firewall will also alert you when a application trys to connect to the internet from your computer, this is a good way to catch crapware or trojans, trying to connect out bound from your computer- whats that and why does it need a internet connection? You can deny it access it until more investigation is done. Zone Alarm is a free and easy to use firewall, that will provide in and outbound protection. Microsoft XP firewall only provides inbound protection. SP2 adds in and out bound protection which is better than nothing, but is not as robust as third party firewalls, Be sure to run only >one< firewall.If you use another, be sure to disable XP's built in firewall. If you use Zone Alarm learn what needs/uses your internet connection. If something unusal or out of the ordinary "asks" deny it access until more investigation is done.
Zone Alarm (http://www.zonelabs.com/store/content/catalog/products/sku_list_za.jsp?dc=12bms&ctry=US&lang=en&lid=dbtopnav_zass)
OutPost Lite (http://www.agnitum.com/products/outpostfree/download.php)

Outlook Express with the default settings is not secure. It will run scripts, download images etc, just like a browser. You dont have to use it. Windows SP1/SP2 updates have made some improvments to Outlook. Another reason to stay updated.
look here (http://www.codecutters.org/outlook/)
and here (http://www.tames.net/security/oesettings.htm)
Or try Pegasus Mail, safer by default,no tweaking needed. (http://www.pmail.com/)

Make sure you have and keep updated Antivirus software
Free for home users:
avast! 4 Home Edition Download (http://www.avast.com/eng/free_virus_protectio.html)
AVG free version 7.0 (http://free.grisoft.com/freeweb.php/doc/2/)
AntiVir Personal Edition (http://www.free-av.com/)
clam Win (http://www.Clamwin.com/component/option,com_frontpage/Itemid,1/)

Download one or two of these, install and update before using:(if these are constantly finding malware, then you need to make changes to your browser and or your habits)
CounterSpy (http://www.sunbelt-software.com/)Free trial version
Spybot Search and destroy (http://www.safer-networking.org/en/index.html)
Ad-Aware SE Personal edition (http://www.lavasoft.de/)
Microsoft Windows Defender (http://www.microsoft.com/athome/security/spyware/software/default.mspx)
Becarful with spyware "removers and scanners"-- there are many "rogue/suspect" (http://www.spywarewarrior.com/rogue_anti-spyware.htm) programs that "claim to remove" spyware.Check here first.

Dont be tempted to click on popup ads offering free scans or free downloads for malware removers. Read the above line again.

AntiTrojan software to fill in the gap:
a2 free (http://www.emsisoft.com/en/software/free/)
Ewido Anti-Malware (http://www.ewido.net/en/)
Trojan Hunter (30 day trial version) (http://www.misec.net/)
Tauscan trial version (http://www.agnitum.com/products/tauscan/)

Other programs to consider:
Process Guard (http://www.diamondcs.com.au/processguard/) stop events/processes with user intervention
SpywareBlaster (http://www.bleepingcomputer.com/forums/index.php?showtutorial=49) add security to IE
IE-SPYAD (https://netfiles.uiuc.edu/ehowes/www/resource.htm#IESPYAD) adds adware peddlers sites/domains to IE restricted zone
CleanUp (http://www.stevengould.org/software/CleanUp/index.html) cleans out temp files,history, autoforms etc
ATF cleaner (W2K,XP only) (http://www.atribune.org/content/view/25/2/) cleans out temp files, history etc

Learn More:
Browser Checkup (http://www.jasons-toolbox.com/BrowserSecurity/)
Parasite Free (http://www.doxdesk.com/parasite/prevention.html)
Safe Hex (http://www.claymania.com/safe-hex.html)
Shelf Lifes page (http://security-central.us/SafeHex/index.htm)
Home Computer Security (http://www.cert.org/homeusers/HomeComputerSecurity/)
tashi
2006-05-13, 16:30
As the problem appears to be resolved this topic will be archived. :)

If you need it re-opened please send me a pm and provide a link to the thread.