TWSupport-Smooth,Clean Support


    My Hijackthis fileMy Hijackthis file

    Share

    Srbija101
    New User

    Age : 23
    Number of posts : 11
    Registration date : 2009-02-19

    MSN Trojan (Need Help Bad)

    Post by Srbija101 on Thu Feb 19, 2009 8:01 am

    Well I was on my computer when one of my friends friends sent me a link over msn....

    It said

    "foto?" with a link including my MSN address....

    As we played a game together I thought she took a screenshot so I accepeted...

    A white screen kept flashing (it was opening MSN windows to all my friends sending the virus than closing)

    I used AVG so I scanned it 3 times with my internet off and 2 times with the internet on.... all 5 times it showed that Windows was running from an improper path. I removed it but it came back again and agian and again.... It also changed my homepage to "postarticles.net"

    Yesterday AVG said that if I used "Forced Removal" it could cause "Computer Instability or Crash"

    Can anyone HELP?!

    Srbija101
    New User

    Age : 23
    Number of posts : 11
    Registration date : 2009-02-19

    Re: My Hijackthis fileMy Hijackthis file

    Post by Srbija101 on Thu Feb 19, 2009 4:01 pm

    the trojans not showing up on the scan anymore but the tracking cookies keep coming back...
    avatar
    Placehold
    TWS Manager
    TWS Manager

    Age : 33
    Number of posts : 730
    Registration date : 2008-04-15
    Computer Specs : Windows Vista home premium :: Intel(R) Core(TM) Duo CPU
    Additional Specs : T7250 @ 2.00GHz :: 4.00 GD RAM :: NVIDIA GeForce 8400M GT

    Re: My Hijackthis fileMy Hijackthis file

    Post by Placehold on Thu Feb 19, 2009 5:14 pm

    Ok at the moment i am not in the office however when i do get back i will post a guide for you to follow in order to determine if the vorus is stioll there and a way to clear the tracking cookies

    Regards






    Craig


    _________________
    avatar
    Placehold
    TWS Manager
    TWS Manager

    Age : 33
    Number of posts : 730
    Registration date : 2008-04-15
    Computer Specs : Windows Vista home premium :: Intel(R) Core(TM) Duo CPU
    Additional Specs : T7250 @ 2.00GHz :: 4.00 GD RAM :: NVIDIA GeForce 8400M GT

    Re: My Hijackthis fileMy Hijackthis file

    Post by Placehold on Thu Feb 19, 2009 10:38 pm

    Ok so first we are going to complete a scan of the PC then see what needs removed.

    1. Download HiJackThis to your desktop

    2. Once the download is complete, Double click the "HiJackThis.exe" file that is now saved on your desktop

    3. Select the "Install" option and follow the instructions, Once the installation has completed a new icon should appear on your desktop.

    4. HiJackThis should also launch after installation, Select the "Do a system scan and save a log file" button.

    5. Once the scan has finished a new text file should open, Either copy & paste its contents into a post in the following section or upload the whole file using MediaFire

    >>>>>>>>>>HiJackThis Forum

    6. Once you have posted in the HiJackThis Forum please post the following reply here.

    Guest wrote:I have successfully posted in the HiJackThis Forum

    7. At this stage i would urge you to NOT have HiJackThis fix anything just yet until we have a look at the log and advise you further.


    Regards








    Craig


    _________________

    Srbija101
    New User

    Age : 23
    Number of posts : 11
    Registration date : 2009-02-19

    My Hijackthis fileMy Hijackthis file

    Post by Srbija101 on Fri Feb 20, 2009 12:00 am

    My Hijackthis file:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 7:58:39 AM, on 20/02/2009
    Platform: Windows Vista SP1 (WinNT 6.00.1905)
    MSIE: Internet Explorer v8.00 (8.00.6001.18241)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Java\jre1.6.0\bin\jusched.exe
    C:\Windows\System32\ico.exe
    C:\Windows\System32\Pmxmiced.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
    C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe
    C:\Program Files\Dell Photo AIO Printer 926\memcard.exe
    C:\Windows\vVX1000.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\AVG\AVG8\avgtray.exe
    C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
    C:\Windows\System32\rundll32.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Windows\System32\wpcumi.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\WinZip\WZQKPICK.EXE
    C:\Program Files\Windows Mail\WindowsMailGadget.exe
    C:\Program Files\Teamspeak2_RC2\TeamSpeak.exe
    C:\Program Files\Windows Media Player\wmplayer.exe
    C:\Program Files\Windows Mail\WinMail.exe
    C:\Program Files\AIM6\aolsoftware.exe
    C:\Program Files\Windows Live\Contacts\wlcomm.exe
    C:\Windows\system32\wuauclt.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.myheritage.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: Yahoo!7 Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O1 - Hosts: ::1 localhost
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
    O2 - BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
    O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
    O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
    O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: Yahoo!7 Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
    O4 - HKLM\..\Run: [PMX Daemon] ICO.EXE
    O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe" /r
    O4 - HKLM\..\Run: [UpdReg] C:\Windows\UpdReg.EXE
    O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
    O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
    O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
    O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe"
    O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Dell PC Fax\fm3032.exe" /s
    O4 - HKLM\..\Run: [dlcxmon.exe] "C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe"
    O4 - HKLM\..\Run: [MemoryCardManager] "C:\Program Files\Dell Photo AIO Printer 926\memcard.exe"
    O4 - HKLM\..\Run: [DLCXCATS] rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\DLCXtime.dll,_RunDLLEntry@16
    O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
    O4 - HKLM\..\Run: [VX1000] C:\Windows\vVX1000.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
    O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [WPCUMI] C:\Windows\system32\WpcUmi.exe
    O4 - HKLM\..\Run: [Family Tree Builder Update] C:\MyHeritage\Bin\FTBCheckUpdates.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
    O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
    O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
    O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
    O13 - Gopher Prefix:
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    O16 - DPF: {4E218431-2F07-40BD-A9D3-035324C1F13F} (DyynoX Class) - http://webserver.dyyno.com/DyynoClient/DyynoCAB.CAB
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-AU/a-UNO1/GAME_UNO1.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL,avgrsstx.dll C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
    O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
    O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
    O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
    O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\Windows\system32\CTsvcCDA.exe
    O23 - Service: dlcx_device - - C:\Windows\system32\dlcxcoms.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
    O23 - Service: Google Update Service (gupdate1c9897d4433340) (gupdate1c9897d4433340) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
    O23 - Service: LiveShare P2P Server 10 (RoxLiveShare10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe
    O23 - Service: RoxMediaDB10 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
    O23 - Service: Roxio Hard Drive Watcher 10 (RoxWatch10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe
    O23 - Service: SessionLauncher - Unknown owner - C:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe (file missing)
    O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Windows\system32\STacSV.exe
    O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
    O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe

    --
    End of file - 14678 bytes

    Srbija101
    New User

    Age : 23
    Number of posts : 11
    Registration date : 2009-02-19

    Merged With HiJackThis Thread

    Post by Srbija101 on Fri Feb 20, 2009 12:02 am

    I have successfully posted in the HiJackThis Forum.
    avatar
    Placehold
    TWS Manager
    TWS Manager

    Age : 33
    Number of posts : 730
    Registration date : 2008-04-15
    Computer Specs : Windows Vista home premium :: Intel(R) Core(TM) Duo CPU
    Additional Specs : T7250 @ 2.00GHz :: 4.00 GD RAM :: NVIDIA GeForce 8400M GT

    Re: My Hijackthis fileMy Hijackthis file

    Post by Placehold on Fri Feb 20, 2009 12:55 am

    Thank you Smile

    I have now merged your two posts Very Happy

    Ok so

    1. Download MSNCleaner to your desktop

    2. Unzip the "MSNCleaner.Zip" contents onto your desktop

    3. Reboot your PC now

    4. Upon reboot tap F8 until you enter the "Boot Options"

    5. Using the arrow keys select "Safe Mode" and press enter

    6. Once you have loaded into "Safe Mode" Double click the "MSNCleaner.exe" icon on your desktop

    7. Once the cleaner is running select the "Analyse" button and a scan will commence, A report should also be created once a scan has been performed

    8. If the cleaner alerts you that it has found a virus please select the "Delete" button to remove them

    9. Reboot once you have done this and let the PC restart as normal

    10. Now the report that was created will be stored in C:\MsnCleaner.txt, Please include a copy of this text file and a new HiJackThis log in a new post to this thread

    Massive Grin

    Regards







    Craig


    Last edited by Placehold on Fri Feb 20, 2009 9:27 pm; edited 2 times in total


    _________________

    Srbija101
    New User

    Age : 23
    Number of posts : 11
    Registration date : 2009-02-19

    Re: My Hijackthis fileMy Hijackthis file

    Post by Srbija101 on Fri Feb 20, 2009 7:31 am

    Its all in Spanish lol....

    Can you help me find it?????????
    avatar
    Placehold
    TWS Manager
    TWS Manager

    Age : 33
    Number of posts : 730
    Registration date : 2008-04-15
    Computer Specs : Windows Vista home premium :: Intel(R) Core(TM) Duo CPU
    Additional Specs : T7250 @ 2.00GHz :: 4.00 GD RAM :: NVIDIA GeForce 8400M GT

    Re: My Hijackthis fileMy Hijackthis file

    Post by Placehold on Fri Feb 20, 2009 10:39 am

    Sorry, I keep forgetting

    Try the following link Massive Grin

    MSNCleaner

    Regards





    Craig


    Last edited by Placehold on Fri Feb 20, 2009 9:26 pm; edited 2 times in total


    _________________

    Srbija101
    New User

    Age : 23
    Number of posts : 11
    Registration date : 2009-02-19

    Re: My Hijackthis fileMy Hijackthis file

    Post by Srbija101 on Fri Feb 20, 2009 1:19 pm

    Doesnt want to download when I click on manual download it doesn't respond either :S
    avatar
    Placehold
    TWS Manager
    TWS Manager

    Age : 33
    Number of posts : 730
    Registration date : 2008-04-15
    Computer Specs : Windows Vista home premium :: Intel(R) Core(TM) Duo CPU
    Additional Specs : T7250 @ 2.00GHz :: 4.00 GD RAM :: NVIDIA GeForce 8400M GT

    Re: My Hijackthis fileMy Hijackthis file

    Post by Placehold on Fri Feb 20, 2009 1:22 pm

    I'll upload it directly from the TWS server, I will have to do that later as i'm out at the moment.

    Will post the link shortly Massive Grin

    EDIT: Previous links have been updated for future guests and members however here is the direct link you need

    MSNCleaner

    Regards






    Craig


    _________________

    Srbija101
    New User

    Age : 23
    Number of posts : 11
    Registration date : 2009-02-19

    lol

    Post by Srbija101 on Sat Feb 21, 2009 1:18 pm

    Thanks Craig....

    No stuff is appearing but the tracking cookies are now popping up....

    I'll edit this post when the notice appears... i'll include the tracking cookies names.....


    EDIT: Here it is (For a closer look https://2img.net/h/i647.photobucket.com/albums/uu200/SrbijaDoTokija101/COOKIES.jpg)

    avatar
    Placehold
    TWS Manager
    TWS Manager

    Age : 33
    Number of posts : 730
    Registration date : 2008-04-15
    Computer Specs : Windows Vista home premium :: Intel(R) Core(TM) Duo CPU
    Additional Specs : T7250 @ 2.00GHz :: 4.00 GD RAM :: NVIDIA GeForce 8400M GT

    Re: My Hijackthis fileMy Hijackthis file

    Post by Placehold on Mon Feb 23, 2009 1:10 pm

    Yeah your PC looks fine for virus's however as you said the tracking cookies need erased.

    1. Download Lavasoft, Ad-Aware absolutely free, to your desktop.

    2. Double click the "Ad-aware.exe" and follow the on-screen instructions to install

    3. Once the installation is done you will be asked for a registration key, Select the "Use Free" button

    3. Ad-Aware should now start by itself

    4. On the main Ad-Aware window you will have 3 main icons yto select from, Firstly select "Web Update"

    This will now update Ad-Aware

    5. Once the update manager closes select "Scan System" and then select "Scan Now" at the bottom of the window

    6. Once the scan has finished you will see the results of the scan, Under the actions list select the drop down and then "Remove All"

    7. Then select "Perform Action"

    8. Download Glary Utility Tools

    9. Double click the "gsetupnew.exe" on the desktop to start installation

    10. Follow the on-screen instructions.

    11. Once it has installed please double click the new Glary Utilities icon on your desktop to start.

    12. On the GUT window select "Modules" and then "Privacy & Security"

    13. Select "Track Eraser"

    14. A new larger window will open containing a list of your browsers, Select on each browser you use what exactly your looking to erase,

    You might want to select ALL options for IE and all but the "Saved Password" option for Firefox

    15. Select "Erased Checked Tracks" from the top button

    16. When the pop up message appears select "Yes"

    17. It will start erasing that information and then come up saying its been done.

    you should now be able to start your browsers and all the tracking cookies should now have been removed,

    You also might want to keep both tools to perform the above with every other week to prevent a repeat.

    Regards








    Craig


    _________________

    Srbija101
    New User

    Age : 23
    Number of posts : 11
    Registration date : 2009-02-19

    Still pops up lol... Is there a way of not letting tracking cookies into your CP

    Post by Srbija101 on Mon Feb 23, 2009 3:51 pm

    "Found Tracking cookie.2o7";"C:\Users\Marko\AppData\Roaming\Microsoft\Windows\Cookies\marko@msnportal.112.2o7[1].txt";"Potentially dangerous object";"23/02/2009, 11:48:44 PM";"File";"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"
    avatar
    Placehold
    TWS Manager
    TWS Manager

    Age : 33
    Number of posts : 730
    Registration date : 2008-04-15
    Computer Specs : Windows Vista home premium :: Intel(R) Core(TM) Duo CPU
    Additional Specs : T7250 @ 2.00GHz :: 4.00 GD RAM :: NVIDIA GeForce 8400M GT

    Re: My Hijackthis fileMy Hijackthis file

    Post by Placehold on Mon Feb 23, 2009 4:25 pm

    About time it revealed itself, I was wondering when it was going to happen

    Ok now as its a tracking cookie then after cleaning and removing them all it should remove the threat

    You'll see more people with this in the next few weeks, It actually comes in via a Hijacked message on MSN or an email about updates on Microsoft.

    You can if you want remove previous software we have downloaded.

    Alternatively delete the whole cookies file located at:
    C:\Users\Marko\AppData\Roaming\Microsoft\Windows\Cookies"


    1. Download the Avast Virus/Worm Remover to your desktop

    2. Once downloaded double click the "aswclnr.exe" icon and select "Run"

    3. Select "Start Scan"

    This will now scan for any additional worms that may be hidden.

    4. If it finds any virus/Malware worms select to "Remove" and upload the "aswclnr.txt" attached to the post

    You may also want to upgrade to Avast Home Edition which is free but also contains the relevant database to deal with such virus/worms and attacks

    Regards







    Craig


    _________________

    Srbija101
    New User

    Age : 23
    Number of posts : 11
    Registration date : 2009-02-19

    Re: My Hijackthis fileMy Hijackthis file

    Post by Srbija101 on Sat Feb 28, 2009 3:14 am

    Still keeps popping up :S
    avatar
    Placehold
    TWS Manager
    TWS Manager

    Age : 33
    Number of posts : 730
    Registration date : 2008-04-15
    Computer Specs : Windows Vista home premium :: Intel(R) Core(TM) Duo CPU
    Additional Specs : T7250 @ 2.00GHz :: 4.00 GD RAM :: NVIDIA GeForce 8400M GT

    Re: My Hijackthis fileMy Hijackthis file

    Post by Placehold on Sun Mar 01, 2009 3:52 pm

    Hmmmmmm

    If IE User:
    1. Open Internet Explorer

    2. Select "Tools" and select "Delete Browser History" and click "Delete All" including all off line files

    3. Close Internet Explorer

    If FF User:
    4. Open up Firefox

    5. Select "Tools" and "Options"

    6. Select the "Privacy" tab and then select "Show Cookies"

    7. Click the "Remove All Cookies" button and then select "Close"

    8. Select "Exceptions" and make sure there is not websites there

    9. Close Firefox


    As a last resort

    1. Download SpyBot Search & Destroy

    2. Once downloaded double click the "spybotsd162.exe" file from the desktop

    3. Start to install "SpyBot" following the instructions, Now select the icon for "Spybot" once the installation is complete

    4. Upon start up spybot should search for updates, once done you should see the option to "Immunize This System", select this option

    5. Once the "Immunization" has finished you will then have other options, Select Next, this should get rid of anything harmful to the PC/Laptop

    6. Select "Search & Destroy" and then "Check For Problems"

    7. Once the search has completed it will show a list of issues like virus's, tracking cookies and malware on the bottom of the page, Check the ones you want to fix/delete and press "Fix Selected Problems"

    8. Sometimes you will receive a message that it could not complete that operation as the file is still in use, At this point simply select "Yes" and the system will fix it on next start up.

    This should be the final step to your issues, You can run over the steps we have mentioned in this post at any time


    Regards







    Craig


    _________________

    Sponsored content

    Re: My Hijackthis fileMy Hijackthis file

    Post by Sponsored content


      Current date/time is Sat Dec 15, 2018 1:54 am