virus?

swatkat · Mar 2, 2005

do u have latest version of HijackThis, that is 1.99?
if u have this, then when u open HijackThis, it will give u an options screen, here there will be many buttons like "Scan computer and Save log file", "Scan computer only" etc..
Here u click, "Scan Computer and Save Log File", after this it scans ur comp and opens a Dialog box for saving te Log file, it automatically gives it a name as hijackthis.log, u click OK.

then open this "hijackthis.log" file in NotePAd and copy the entire content and post it here.....it will be approximately 1 page...
*www.spychecker.com/program/hijackthis.html

Charley · Mar 2, 2005

hijack log runs into lots of pages, swat, dude u've got 2 teach me to interpret it.....

i'll send u a surprise all d way from blore......

:wink:

bharathbala2003 · Mar 2, 2005

Logfile of HijackThis v1.99.1
Scan saved at 9:36:56 PM, on 3/2/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
D:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
D:\WINDOWS\system32\pctspk.exe
D:\WINDOWS\system32\ZONELABS\vsmon.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\Microsoft AntiSpyware\gcasServ.exe
D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
D:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
D:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
D:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Shareaza\Shareaza.exe
D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\System32\wuauclt.exe
D:\WINDOWS\System32\wuauclt.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\Documents and Settings\Bala\Local Settings\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = *www.thinkdigit.com/forum
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = *www.thinkdigit.com/forum
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [gcasServ] "D:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [Zone Labs Client] "D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [AVG7_CC] D:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] D:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKCU\..\Run: [Shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray
O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O8 - Extra context menu item: &Google Search - res://d:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://d:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://d:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://d:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://d:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - *go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - *v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1109423309296
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - *www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - *messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - D:\WINDOWS\system32\pctspk.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs LLC - D:\WINDOWS\system32\ZONELABS\vsmon.exe

swatkat · Mar 2, 2005

log is clean....
anyway scan ur system with AdAware.....
*www.lavasoftusa.com/software/adaware/

and Webroot Spysweeper....
*www.webroot.com/downloads/?WRSID=4ee5ab6ab4ed7f4b0130594328f83ed7
download demo of SpySweeper from the above link (this demo also removes Spywares...)

or else if u have already deleted files related to ShopAtHomeSelect, then u can check registry for these entries and delete them, if u find them...

HKEY_LOCAL_MACHINE\software\vgroup\sahagent\download
HKEY_LOCAL_MACHINE\software\vgroup\sahagent\readytoinstall
HKEY_LOCAL_MACHINE\software\vgroup\sahagent\valid

Go to Start> Run and type regedit and press Enter..
From here expand the branch HKEY_LOCAL_MACHINE and then expand the branch Software.
Here right click on the branch vgroup and delete it.

Charley · Mar 3, 2005

dude chck mine 2...

Logfile of HijackThis v1.99.1
Scan saved at 11:05:47 AM, on 3/3/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v5.00 (5.00.2614.3500)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\PREVIEW ADSERVICE\PREVADSERV.EXE
C:\PROGRAM FILES\SPYBOT - SEARCH & DESTROY\TEATIMER.EXE
C:\PROGRAM FILES\PREVIEW ADSERVICE\PREVADKEEP.EXE
C:\PROGRAM FILES\OUTLOOK EXPRESS\MSIMN.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE
C:\PKWARE\PKZIPW\pkzipw.exe
C:\WINDOWS\DESKTOP\PKTMP000.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = *www.google.co.in/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = *minisearch.startnow.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = *minisearch.startnow.com/
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Preview AdService] C:\PROGRAM FILES\PREVIEW ADSERVICE\PREVADSERV.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] C:\WINDOWS\SYSTEM\mstask.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ccleaner] "C:\PROGRAM FILES\CCLEANER\CCLEANER.exe" /AUTO
O8 - Extra context menu item: + &Download Express: download this file - C:\Program Files\Download Express\Add_Url.htm
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = dataone
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 61.1.96.69,61.1.96.71

:wink:

bharathbala2003 · Mar 3, 2005

swatkat said:
log is clean....

or else if u have already deleted files related to ShopAtHomeSelect, then u can check registry for these entries and delete them, if u find them...

HKEY_LOCAL_MACHINE\software\vgroup\sahagent\download
HKEY_LOCAL_MACHINE\software\vgroup\sahagent\readytoinstall
HKEY_LOCAL_MACHINE\software\vgroup\sahagent\valid

Go to Start> Run and type regedit and press Enter..
From here expand the branch HKEY_LOCAL_MACHINE and then expand the branch Software.
Here right click on the branch vgroup and delete it.

m8 it got del las nite b4 i posted the log.. anyways when i went to regedit there was nuthin called as vgroup..

n btw i dunno y but for las 2 days.. when ever i restart my system.. b4 the log on screen the system is checked for consistency

all drives except D: ( MY XP is installed in that ) y does this happen?anyways to sto that?

swatkat · Mar 3, 2005

achacko@dataone.in said:
dude chck mine 2...

Logfile of HijackThis v1.99.1
Scan saved at 11:05:47 AM, on 3/3/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v5.00 (5.00.2614.3500)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\PREVIEW ADSERVICE\PREVADSERV.EXE
C:\PROGRAM FILES\SPYBOT - SEARCH & DESTROY\TEATIMER.EXE
C:\PROGRAM FILES\PREVIEW ADSERVICE\PREVADKEEP.EXE
C:\PROGRAM FILES\OUTLOOK EXPRESS\MSIMN.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE
C:\PKWARE\PKZIPW\pkzipw.exe
C:\WINDOWS\DESKTOP\PKTMP000.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = *www.google.co.in/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = *minisearch.startnow.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = *minisearch.startnow.com/
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Preview AdService] C:\PROGRAM FILES\PREVIEW ADSERVICE\PREVADSERV.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] C:\WINDOWS\SYSTEM\mstask.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ccleaner] "C:\PROGRAM FILES\CCLEANER\CCLEANER.exe" /AUTO
O8 - Extra context menu item: + &Download Express: download this file - C:\Program Files\Download Express\Add_Url.htm
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = dataone
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 61.1.96.69,61.1.96.71

First go to Add/Remove Programs and uninstall the following program, if u find it:-
1]Preview AdService

Then close ALL applications and kill these processes by using the HijackTHis ProcessManager (which will be in Misc Tools section):-
1]PREVADSERV.EXE
2]PREVADKEEP.EXE
Then scan the system again in HijackThis and, Select the Red Entries and click Fix.

Then Restart in Safe Mode and delete the following files:-
1]PREVADSERV.EXE
2]PREVADKEEP.EXE
3]related.htm
and also delete the Folders containing them (do not delete the Windows Default Folders...!!)

After this reboot and run CCLeaner and CleanUp!.....
*cleanup.stevengould.org/
and post a fresh log....

bharathbala2003 · Mar 3, 2005

@swat.. answer to my post too

still gettin that cr@ppy consistency error n scans my disks

swatkat · Mar 3, 2005

bharathbala2003 said:
@swat.. answer to my post too still gettin that cr@ppy consistency error n scans my disks

chkdsk runs at every startup if there is an inconsistency in the File System..... This inconsistency is indicated by a Dirty Bit, if this Dirty Bit is SET, then it is assumed that File System in inconsisten and hence chkdsk runs at every startup....

so, u check whether Dirty Bit is SET or RESET, by doing this:-
Go to Start>Run and type cmd and press Enter.
Here, u type fsutil dirty query DriveLetter:
(u have to check the Drives which r scanned at every boot...)

There r two possible outputs:-
1]Volume DriveLetter: is dirty
2]Volume DriveLetter: is not dirty

if u get FIRST output, then at the same Command Prompt, type chkntfs /D and Reboot....(note that there is SPACE between chkntfs and /)
At the boot time, all drives r checked once (dont cancel it) and then in furthur boots, they r not checked.

bharathbala2003 · Mar 3, 2005

m8 mine is a FAT32 partition havin win 98 in C.. i tried ntfs its not workin says must specify atleast one drive name

swatkat · Mar 3, 2005

bharathbala2003 said:
m8 mine is a FAT32 partition havin win 98 in C.. i tried ntfs its not workin says must specify atleast one drive name

u should type chkntfs /D only,here D means Default, no matter what drives r checked at boot time....did u typed chkntfs /C ?

bharathbala2003 · Mar 3, 2005

nope sorry i did C.. sorry ill do it n post the result..

Edited.. its done m8.. now all's fine..

thnx for the help..

Charley · Mar 4, 2005

Before I attach the log file, i would like to ask you that I have spybot installed with the resident in the taskbar as enoonmai had told me.... The resident asks me for change when I install any software, how do i know what shud be changed ( Allow/Deny change ). Also how do i stop the spyware from entering again .....

Please let me know..... Heres the log below

Logfile of HijackThis v1.99.1
Scan saved at 2:40:08 PM, on 3/4/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v5.00 (5.00.2614.3500)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\SPYBOT - SEARCH & DESTROY\TEATIMER.EXE
C:\PKWARE\PKZIPW\pkzipw.exe
C:\WINDOWS\DESKTOP\PKTMP000.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = *www.google.co.in/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = *minisearch.startnow.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = *minisearch.startnow.com/
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] C:\WINDOWS\SYSTEM\mstask.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ccleaner] "C:\PROGRAM FILES\CCLEANER\CCLEANER.exe" /AUTO
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: + &Download Express: download this file - C:\Program Files\Download Express\Add_Url.htm
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = dataone
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 61.1.96.69,61.1.96.71

:wink:

swatkat · Mar 4, 2005

achacko@dataone.in said:
Before I attach the log file, i would like to ask you that I have spybot installed with the resident in the taskbar as enoonmai had told me.... The resident asks me for change when I install any software, how do i know what shud be changed ( Allow/Deny change ). Also how do i stop the spyware from entering again .....

Please let me know..... Heres the log below

Logfile of HijackThis v1.99.1
Scan saved at 2:40:08 PM, on 3/4/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v5.00 (5.00.2614.3500)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\SPYBOT - SEARCH & DESTROY\TEATIMER.EXE
C:\PKWARE\PKZIPW\pkzipw.exe
C:\WINDOWS\DESKTOP\PKTMP000.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = *www.google.co.in/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = *minisearch.startnow.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = *minisearch.startnow.com/
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] C:\WINDOWS\SYSTEM\mstask.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ccleaner] "C:\PROGRAM FILES\CCLEANER\CCLEANER.exe" /AUTO
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: + &Download Express: download this file - C:\Program Files\Download Express\Add_Url.htm
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = dataone
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 61.1.96.69,61.1.96.71

those entries still remain.....
do one thing.....Get About:Buster and run it and after this run a scan using SpyBot SnD.
Downlaod AboutBuster from here, and also dont forget to read the instructions there!!!!
*www.besttechie.net/forums/index.php?showtopic=1488

Blue entrt above is the Alexa's "Related" Service, it's used by MSN, it is used to show the pages related to the ones u r currently visitng, this doesnt collect info abt ur page until unless u click "Show Related" in IE. Also, there is a possibility that, when IE is upgraded, this "Show Related" of Alexa get's vanished and only file remain, so in this case SpyBot doesnt show Alexa in it's scan report.

After running SpyBot and AboutBuster, run CleanUp! and then scan with HijackThis, and see that red entries still remain, if yes, post it here.....

vinaypatel · Mar 4, 2005

nortan is best solution my friend

Charley · Mar 4, 2005

swatkat said:
those entries still remain.....
do one thing.....Get About:Buster and run it and after this run a scan using SpyBot SnD.
Downlaod AboutBuster from here, and also dont forget to read the instructions there!!!!
*www.besttechie.net/forums/index.php?showtopic=1488

Blue entrt above is the Alexa's "Related" Service, it's used by MSN, it is used to show the pages related to the ones u r currently visitng, this doesnt collect info abt ur page until unless u click "Show Related" in IE. Also, there is a possibility that, when IE is upgraded, this "Show Related" of Alexa get's vanished and only file remain, so in this case SpyBot doesnt show Alexa in it's scan report.

After running SpyBot and AboutBuster, run CleanUp! and then scan with HijackThis, and see that red entries still remain, if yes, post it here.....

the link is corrupt ........

enoonmai · Mar 4, 2005

The link is working perfectly, check it again.

bharathbala2003 · Mar 4, 2005

@enoonmai.. the link is working perfectly for me also.. but once u download the file.. it doesn open it says corrupt.. thats wat he meant.. i also downloaded it from another source thro google.. but same result.. it downloads.. then it doesn open.. try it out..

enoonmai · Mar 4, 2005

I just downloaded the file from here:

*www.malwarebytes.biz/AboutBuster.zip

The last link on that page. Snapfiles.com and it works perfectly. No problems here. Anyway I've posted the direct download link. Try it out.

bharathbala2003 · Mar 4, 2005

@enoonmai.. same prob.. after downloadin the zip of 64KB.. when i open the .exe in the zip it says database corrupt..

virus?

Technomancer

Just Do It

why need title?

Technomancer

Just Do It

why need title?

Technomancer

why need title?

Technomancer

why need title?

Technomancer

why need title?

Just Do It

Technomancer

Journeyman

Just Do It

Cyborg Agent

why need title?

Cyborg Agent

why need title?