lesser-equity

Magazine
Go Back   Computer Juice > Computer Software > Virus, Spyware & Security
Reload this Page

Help with firewall, ports, protocols

Register Site Spy Member List Donate Search Today's Posts Mark Forums Read Forum Rules

Register


 Default 

Help with firewall, ports, protocols




Reply
Page 1 of 2 1 2
 
Thread Tools
  #1  
Old 31st Dec 2007, 17:30
Member Group
  
my current computer is a dell optiplex GX1 (its old) and i just got the below instructions but i got no idea how to do any of these on my computer (i dont know much about computers), i got no idea if i have a firewall and if i do i dont know what type, and i dont know how to configure the protocols and ports

can someone PLEASE help me with the following instructions -

please check that you have configured any firewall software such as Norton, Mcafee or Windows firewall to allow the software access to the Internet. This is usually done through settings/configuration under their allowed programs list. For more information on how to do this please refer to the firewall provider's user manual or your system administrator. The same would apply if you are going through a proxy server.

For more complicated proxy servers/firewalls you need to configure the exact ports and protocols allowed. Our download software uses these protocols (HTTP, HTTPS, TCP) and ports (TCP):

5700-5710, 5720-5724, 5750-5759, and 5760-5769

thanks alot for any help
  #2  
Old 31st Dec 2007, 17:37
Member Group
  
also i need help with this -

if you have any proxy server settings in Internet Explorer, it must be removed before our Windows client can be used

sorry if these are dumb questions but i have no idea

thanks again
  #3  
Old 31st Dec 2007, 17:55
Moderator Group
  
Lets do this.

What OS do you have Vista?

Download and install HijackThis (HJT)

This is so we can exactly what all is running on the computer and give better advice as to what else might be needed.
  • Double-click on HJTInstall.
  • Click on the Install button.
  • It will automatically place HJT in C:\Program Files\TrendMicro\HijackThis\HijackThis.exe.
  • Upon install, HijackThis should open for you.
  • From the desktop open HiackThis.
  • Click on the Do a system scan and save a log file button
  • HijackThis will scan and then a log will open in notepad.
  • Copy and then paste the log in your post.
__________________
  #4  
Old 31st Dec 2007, 18:29
Member Group
  
here you go and thanks for the help-

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:28:59 PM, on 1/01/2008
Platform: Windows 2000 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\Explorer.exe
C:\WINNT\loadqm.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINNT\System32\internat.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.bearshare.com/sidebar.html?src=ssb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.bearshare.com/sidebar.html?src=ssb
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cust...ch/search.html
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - {B066FDAA-D964-6B50-0E48-EFEB695B1685} - defect08.dll (file missing)
F2 - REG:system.ini: UserInit=C:\WINNT\System32\Userinit.exe
O1 - Hosts: localhost 127.0.0.1
O2 - BHO: (no name) - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SearchToolbar - {08BEC6AA-49FC-4379-3587-4B21E286C19E} - C:\WINNT\System32\effqt.dll (file missing)
O2 - BHO: (no name) - {1C3C4699-B285-475F-BE47-0B26088CE876} - C:\Program Files\Video ActiveX Access\iesplg.dll (file missing)
O2 - BHO: (no name) - {47B83D78-F986-4E96-9769-2C55EF14DA0B} - C:\WINNT\System32\__c0036DA0.dat (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: SearchToolbar - {08BEC6AA-49FC-4379-3587-4B21E286C19E} - C:\WINNT\System32\effqt.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [Repair Registry Pro] C:\Program Files\Repair Registry Pro\RepairRegistryPro.exe -s
O4 - HKLM\..\Run: [teqq32] pizda.exe
O4 - HKLM\..\Run: [TorontoMail] avpmondll.exe
O4 - HKLM\..\Run: [svchost] c:\windows\system32\drivers\svchost.exe
O4 - HKLM\..\Run: [eanth_critical_update_alert] C:\PROGRA~1\ACCELE~1\ANTI-V~1\EANTH_~1.EXE /Startup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [dmnhl.exe] C:\WINNT\System32\dmnhl.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [UnSpyPC] "C:\Program Files\UnSpyPC\UnSpyPC.exe"
O4 - HKCU\..\Run: [sysconf16] abrek.exe
O4 - HKCU\..\Run: [utsgmon] runload32.exe
O4 - HKCU\..\Run: [CToolBar] systemdll.exe
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKLM\..\Policies\Explorer\Run: [isamonitor.exe] C:\Program Files\Video ActiveX Object\isamonitor.exe
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: PartyGammonNet - {42ABEA80-798C-4236-B90C-4091EC0927BA} - C:\Program Files\PartyGaming.net\PartyGammonNet\RunPartyGammo nNet.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyGammonNet - {42ABEA80-798C-4236-B90C-4091EC0927BA} - C:\Program Files\PartyGaming.net\PartyGammonNet\RunPartyGammo nNet.exe (file missing)
O9 - Extra button: PartyGammon.com - {59A861EE-32B3-42cd-8CCA-FC130EDF3A44} - C:\Program Files\PartyGaming\PartyGammon\RunBackGammon.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyGammon.com - {59A861EE-32B3-42cd-8CCA-FC130EDF3A44} - C:\Program Files\PartyGaming\PartyGammon\RunBackGammon.exe (file missing)
O9 - Extra button: (no name) - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - (no file)
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: Dream Poker - {D45D9D5F-B491-4c95-8B05-FA6B6C69CA82} - C:\Program Files\dreampokerMPP\MPPoker.exe (file missing)
O9 - Extra button: Vegas Poker 247 - {E913D28B-4327-4f36-B303-D08ADF847142} - C:\Documents and Settings\All Users\Start Menu\Programs\Vegas Poker 247\Vegas Poker 247.lnk (file missing)
O9 - Extra 'Tools' menuitem: Vegas Poker 247 - {E913D28B-4327-4f36-B303-D08ADF847142} - C:\Documents and Settings\All Users\Start Menu\Programs\Vegas Poker 247\Vegas Poker 247.lnk (file missing)
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe (file missing)
O9 - Extra button: Royal Vegas Poker - {FA4904B4-1FAF-4afd-886C-C19D2297BA62} - C:\Program Files\royalvegasMPP\MPPoker.exe (file missing)
O9 - Extra button: WPT Casino - {AEA41B74-B7C9-42B7-A684-4CE687B6BA76} - http://online.worldpokertour.com (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: WPT Casino - {AEA41B74-B7C9-42B7-A684-4CE687B6BA76} - http://online.worldpokertour.com (file missing) (HKCU)
O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} (Installer Class) - http://www.ysbweb.com/ist/softwares/...sb_regular.cab
O20 - AppInit_DLLs: C:\WINNT\System32\__c00D3781.dat
O22 - SharedTaskScheduler: heterotroph - {de5ede53-9db0-422d-b32d-5c41c96d6f52} - (no file)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Internet - Unknown owner - C:\Program Files\Windows NT\lsass.exe (file missing)
O23 - Service: Microsoft authenticate service (MsaSvc) - Unknown owner - C:\WINNT\System32\msasvc.exe (file missing)

--
End of file - 7662 bytes
  #5  
Old 31st Dec 2007, 18:42
Member Group
  
here you go and thanks for your help

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:43:28 PM, on 1/01/2008
Platform: Windows 2000 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\Explorer.exe
C:\WINNT\loadqm.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINNT\System32\internat.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
  #6  
Old 31st Dec 2007, 18:43
Member Group
  
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.bearshare.com/sidebar.html?src=ssb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.bearshare.com/sidebar.html?src=ssb
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cust...ch/search.html
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - {B066FDAA-D964-6B50-0E48-EFEB695B1685} - defect08.dll (file missing)
F2 - REG:system.ini: UserInit=C:\WINNT\System32\Userinit.exe
O1 - Hosts: localhost 127.0.0.1
O2 - BHO: (no name) - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SearchToolbar - {08BEC6AA-49FC-4379-3587-4B21E286C19E} - C:\WINNT\System32\effqt.dll (file missing)
O2 - BHO: (no name) - {1C3C4699-B285-475F-BE47-0B26088CE876} - C:\Program Files\Video ActiveX Access\iesplg.dll (file missing)
O2 - BHO: (no name) - {47B83D78-F986-4E96-9769-2C55EF14DA0B} - C:\WINNT\System32\__c0036DA0.dat (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: SearchToolbar - {08BEC6AA-49FC-4379-3587-4B21E286C19E} - C:\WINNT\System32\effqt.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [Repair Registry Pro] C:\Program Files\Repair Registry Pro\RepairRegistryPro.exe -s
O4 - HKLM\..\Run: [teqq32] pizda.exe
O4 - HKLM\..\Run: [TorontoMail] avpmondll.exe
O4 - HKLM\..\Run: [svchost] c:\windows\system32\drivers\svchost.exe
O4 - HKLM\..\Run: [eanth_critical_update_alert] C:\PROGRA~1\ACCELE~1\ANTI-V~1\EANTH_~1.EXE /Startup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [dmnhl.exe] C:\WINNT\System32\dmnhl.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [UnSpyPC] "C:\Program Files\UnSpyPC\UnSpyPC.exe"
O4 - HKCU\..\Run: [sysconf16] abrek.exe
O4 - HKCU\..\Run: [utsgmon] runload32.exe
O4 - HKCU\..\Run: [CToolBar] systemdll.exe
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKLM\..\Policies\Explorer\Run: [isamonitor.exe] C:\Program Files\Video ActiveX Object\isamonitor.exe
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: PartyGammonNet - {42ABEA80-798C-4236-B90C-4091EC0927BA} - C:\Program Files\PartyGaming.net\PartyGammonNet\RunPartyGammo nNet.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyGammonNet - {42ABEA80-798C-4236-B90C-4091EC0927BA} - C:\Program Files\PartyGaming.net\PartyGammonNet\RunPartyGammo nNet.exe (file missing)
O9 - Extra button: PartyGammon.com - {59A861EE-32B3-42cd-8CCA-FC130EDF3A44} - C:\Program Files\PartyGaming\PartyGammon\RunBackGammon.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyGammon.com - {59A861EE-32B3-42cd-8CCA-FC130EDF3A44} - C:\Program Files\PartyGaming\PartyGammon\RunBackGammon.exe (file missing)
O9 - Extra button: (no name) - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - (no file)
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: Dream Poker - {D45D9D5F-B491-4c95-8B05-FA6B6C69CA82} - C:\Program Files\dreampokerMPP\MPPoker.exe (file missing)
O9 - Extra button: Vegas Poker 247 - {E913D28B-4327-4f36-B303-D08ADF847142} - C:\Documents and Settings\All Users\Start Menu\Programs\Vegas Poker 247\Vegas Poker 247.lnk (file missing)
O9 - Extra 'Tools' menuitem: Vegas Poker 247 - {E913D28B-4327-4f36-B303-D08ADF847142} - C:\Documents and Settings\All Users\Start Menu\Programs\Vegas Poker 247\Vegas Poker 247.lnk (file missing)
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe (file missing)
O9 - Extra button: Royal Vegas Poker - {FA4904B4-1FAF-4afd-886C-C19D2297BA62} - C:\Program Files\royalvegasMPP\MPPoker.exe (file missing)
O9 - Extra button: WPT Casino - {AEA41B74-B7C9-42B7-A684-4CE687B6BA76} - http://online.worldpokertour.com (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: WPT Casino - {AEA41B74-B7C9-42B7-A684-4CE687B6BA76} - http://online.worldpokertour.com (file missing) (HKCU)
O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} (Installer Class) - http://www.ysbweb.com/ist/softwares/...sb_regular.cab
O20 - AppInit_DLLs: C:\WINNT\System32\__c00D3781.dat
O22 - SharedTaskScheduler: heterotroph - {de5ede53-9db0-422d-b32d-5c41c96d6f52} - (no file)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Internet - Unknown owner - C:\Program Files\Windows NT\lsass.exe (file missing)
O23 - Service: Microsoft authenticate service (MsaSvc) - Unknown owner - C:\WINNT\System32\msasvc.exe (file missing)

--
End of file - 7662 bytes
  #7  
Old 31st Dec 2007, 19:50
Moderator Group
  
Actually I am glad we did the Hijackthis log.

The computer is BADLY infected with malware and needs to be cleaned.

Lets start by uninstalling some things that are going to be nothing but problems for you.

Go to add/remove programs and look for these items and uninstall them. If they are not there then we will have to remove them manually. They may not uninstall either, but we will deal with them.

Look for and uninstall:
Bearshare << Any variation you see uninstall.
SearchToolbar << May have another name, but look for unknown Toolbars and uninstall them.IntCodec or Media Codec
Repair Registry Pro

---------------

Enable the viewing of Hidden files.
  1. Close all programs so that you are at your desktop.
  2. Double-click on the My Computer icon.
  3. Select the Tools menu and click Folder Options.
  4. After the new window appears select the View tab.
  5. Under the Hidden files and folders section select the radio button labeled Show hidden files and folders.
  6. Remove the checkmark from the checkbox labeled Hide file extensions for known file types.
  7. Remove the checkmark from the checkbox labeled Hide protected operating system files.
  8. Press the Apply button and then the OK button and shutdown My Computer.
  9. Now your computer is configured to show all hidden files.
We will need this for deleting files later.

---------------

On the keyboard press ctrl + alt + delete (all at the same time)

When Task Manager comes up:

Click the Applications tab

To quit a program, click the program that you want to quit, and then click End Task.

Choose End Task for these programs:
pizda.exe
avpmondll.exe
svchost.exe
dmnhl.exe
UnSpyPC.exe
isamonitor.exe

---------------

Go to Start > Run and type in Services.msc then click OK
Click the Extended tab.
Scroll down until you find the service.
Quote:
Microsoft authenticate service (MsaSvc)
Click once on the service to highlight it.
Click Stop

Right-Click on the service.
Click on 'Properties'
Select the 'General' tab
Click the Arrow-down tab on the right-hand side on the 'Start-up Type' box
From the drop-down menu, click on 'Disabled'
Click the 'Apply' tab, then click 'OK'
The service is now stopped and disabled.

---------------

Next

You may want to print out these instructions for reference, since you will have to restart your computer during the fix.

Please download FixWareout from one of these sites:
http://downloads.subratam.org/Fixwareout.exe
http://swandog46.geekstogo.com/Fixwareout.exe

Save it to your desktop and run it. Click Next, then Install, then make sure "Run fixit" is checked and click Finish. The fix will begin; follow the prompts.
If a warning appears from your script blocking service, please click to allow the tool to run.
You will be asked to reboot your computer; please do so. Your system may take longer than usual to load; this is normal.

When your system reboots, follow the prompts. Afterwards, HijackThis will launch. Please click Do a system scan only, and place a check next to the following items (if they appear):

If HijackThis does not launch then launch it yourself.

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.bearshare.com/sidebar.html?src=ssb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.bearshare.com/sidebar.html?src=ssb
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - {B066FDAA-D964-6B50-0E48-EFEB695B1685} - defect08.dll (file missing)
F2 - REG:system.ini: UserInit=C:\WINNT\System32\Userinit.exe
O1 - Hosts: localhost 127.0.0.1
O2 - BHO: (no name) - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - (no file)
O2 - BHO: SearchToolbar - {08BEC6AA-49FC-4379-3587-4B21E286C19E} - C:\WINNT\System32\effqt.dll (file missing)
O2 - BHO: (no name) - {1C3C4699-B285-475F-BE47-0B26088CE876} - C:\Program Files\Video ActiveX Access\iesplg.dll (file missing)
O2 - BHO: (no name) - {47B83D78-F986-4E96-9769-2C55EF14DA0B} - C:\WINNT\System32\__c0036DA0.dat (file missing)
O3 - Toolbar: SearchToolbar - {08BEC6AA-49FC-4379-3587-4B21E286C19E} - C:\WINNT\System32\effqt.dll (file missing)
O4 - HKLM\..\Run: [teqq32] pizda.exe
O4 - HKLM\..\Run: [TorontoMail] avpmondll.exe
O4 - HKLM\..\Run: [svchost] c:\windows\system32\drivers\svchost.exe
O4 - HKLM\..\Run: [dmnhl.exe] C:\WINNT\System32\dmnhl.exe
O4 - HKCU\..\Run: [UnSpyPC] "C:\Program Files\UnSpyPC\UnSpyPC.exe"
O4 - HKLM\..\Policies\Explorer\Run: [isamonitor.exe] C:\Program Files\Video ActiveX Object\isamonitor.exe
O9 - Extra button: PartyGammonNet - {42ABEA80-798C-4236-B90C-4091EC0927BA} - C:\Program Files\PartyGaming.net\PartyGammonNet\RunPartyGammo nNet.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyGammonNet - {42ABEA80-798C-4236-B90C-4091EC0927BA} - C:\Program Files\PartyGaming.net\PartyGammonNet\RunPartyGammo nNet.exe (file missing)
O9 - Extra button: PartyGammon.com - {59A861EE-32B3-42cd-8CCA-FC130EDF3A44} - C:\Program Files\PartyGaming\PartyGammon\RunBackGammon.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyGammon.com - {59A861EE-32B3-42cd-8CCA-FC130EDF3A44} - C:\Program Files\PartyGaming\PartyGammon\RunBackGammon.exe (file missing)
O9 - Extra button: (no name) - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - (no file)
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: Dream Poker - {D45D9D5F-B491-4c95-8B05-FA6B6C69CA82} - C:\Program Files\dreampokerMPP\MPPoker.exe (file missing)
O9 - Extra button: Vegas Poker 247 - {E913D28B-4327-4f36-B303-D08ADF847142} - C:\Documents and Settings\All Users\Start Menu\Programs\Vegas Poker 247\Vegas Poker 247.lnk (file missing)
O9 - Extra 'Tools' menuitem: Vegas Poker 247 - {E913D28B-4327-4f36-B303-D08ADF847142} - C:\Documents and Settings\All Users\Start Menu\Programs\Vegas Poker 247\Vegas Poker 247.lnk (file missing)
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe (file missing)
O9 - Extra button: Royal Vegas Poker - {FA4904B4-1FAF-4afd-886C-C19D2297BA62} - C:\Program Files\royalvegasMPP\MPPoker.exe (file missing)
O9 - Extra button: WPT Casino - {AEA41B74-B7C9-42B7-A684-4CE687B6BA76} - http://online.worldpokertour.com (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: WPT Casino - {AEA41B74-B7C9-42B7-A684-4CE687B6BA76} - http://online.worldpokertour.com (file missing) (HKCU)
O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} (Installer Class) - http://www.ysbweb.com/ist/softwares/...sb_regular.cab
O22 - SharedTaskScheduler: heterotroph - {de5ede53-9db0-422d-b32d-5c41c96d6f52} - (no file)
O23 - Service: Internet - Unknown owner - C:\Program Files\Windows NT\lsass.exe (file missing)
O23 - Service: Microsoft authenticate service (MsaSvc) - Unknown owner - C:\WINNT\System32\msasvc.exe (file missing)

Then click Fix Checked. Close HijackThis, and click OK to proceed.

At the end of the fix, you may need to restart your computer again.

Finally, please post the contents of the logfile C:\fixwareout\report.txt, along with a new HijackThis log.


You may have Internet connection problems associated with WareOut. Note that not all systems even have these settings, while some connection services will require them.

Please go to Start -> Control Panel, and choose Network Connections. Then right click on your default connection, usually Local Area Connection or Dial-up Connection if you are using Dial-up, and left click on properties. Double-click on the Internet Protocol (TCP/IP) item and select the radio button that says Obtain DNS servers automatically. Click OK twice, and restart your computer.
If you continue to have connection problems check with your internet service provider for the proper DNS settings---------------

Double-click on the My Computer icon to get to the C:\ drive and locate these Files and Folders to delete them.

c:\windows\system32\drivers\svchost.exe
C:\WINNT\System32\dmnhl.exe
C:\Program Files\UnSpyPC\UnSpyPC.exe

---------------

Download and Install CCleaner (Crap Cleaner)

Be sure to un-check the Install Yahoo! Toolbar button during installation to avoid the unnecessary installation of the Yahoo! Toolbar.

Before first use, check under Options, Advanced, and ensure "Only delete files in Windows Temp folder older than 48 hours" is unchecked.
A pop up box will appear advising this process will permanently delete files from your system.
Then click the "Run Cleaner" button and it will scan and clean your system.

---------------

Next post please add the Fixwareout log and run a new HijackThis scan and post that log also.
__________________
  #8  
Old 31st Dec 2007, 20:30
Member Group
  
most of them instructions you gave me i cant even do on my computer, the instructions must be for other computers, i dont know

im going to be getting a new computer in about 2 weeks, im looking at dell. is it possible to skip those instructions you gave me and just help me with the info in my first post because i need that done pretty much asap or do we need to do the things you told me?

i can put up with my crappy computer for the next 2 weeks so it doesnt bother me if its infected with just about everything because its good enough for the moment anyway
  #9  
Old 31st Dec 2007, 20:39
Moderator Group
  
The thing is that the service pack is years out of date also, so until everything is taken care of, a firewall isn't much difference.

Lets do this instead.

Run the CCleaner program from the last post then install and run SAS.

Download SUPERAntispyware Free Edition (SAS)
  • Double-click the icon on your desktop to run the installer.
  • When asked to Update the program definitions, click Yes
  • Next click the Preferences button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure only the following are checked:
    • Close browsers before scanning
    • Scan for tracking cookies
    • Terminate memory threats before quarantining
    • Please leave the others unchecked.
    • Click the Close button to leave the control center screen.
  • Click the Close button to leave the control center screen.
  • On the main screen click Scan your computer
  • On the left check C:\Fixed Drive
  • On the right choose Perform Complete Scan
  • Click Next to start the scan. Please be patient while it scans your computer.
  • After the scan is complete a summary box will appear. Click OK
  • Make sure everything in the white box has a check next to it, then click Next
  • It will quarantine what it found and if it asks if you want to reboot, click Yes
  • To retrieve the removal information please do the following:
    • After reboot, double-click the SUPERAntiSpyware icon on your desktop.
    • Click Preferences. Click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • It will open in your default text editor (such as Notepad/Wordpad).
    • Save the notepad file to your desktop by clicking (in notepad) "File" "Save As"
  • Save the log somewhere you can easily find it. (normally the desktop)
  • Click close and close again to exit the program.
  • Please copy and then paste the log in your post.
After the SAS is done, run a new HijackThis scan and post the log.
__________________
  #10  
Old 1st Jan 2008, 00:20
Member Group
  
took a while but here it is

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 01/01/2008 at 06:00 PM

Application Version : 3.9.1008

Core Rules Database Version : 3371
Trace Rules Database Version: 1366

Scan type : Complete Scan
Total Scan Time : 02:18:01

Memory items scanned : 272
Memory threats detected : 0
Registry items scanned : 4105
Registry threats detected : 213
File items scanned : 17452
File threats detected : 8

Trojan.SafeSearch
HKLM\Software\Classes\CLSID\{00000000-0000-0000-0000-000000000001}
HKCR\CLSID\{00000000-0000-0000-0000-000000000001}
HKCR\CLSID\{00000000-0000-0000-0000-000000000001}\InprocServer32

Adware.SBSoft
HKLM\Software\Classes\CLSID\{08BEC6AA-49FC-4379-3587-4B21E286C19E}
HKCR\CLSID\{08BEC6AA-49FC-4379-3587-4B21E286C19E}
HKCR\CLSID\{08BEC6AA-49FC-4379-3587-4B21E286C19E}
HKCR\CLSID\{08BEC6AA-49FC-4379-3587-4B21E286C19E}\Implemented Categories
HKCR\CLSID\{08BEC6AA-49FC-4379-3587-4B21E286C19E}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4}
HKCR\CLSID\{08BEC6AA-49FC-4379-3587-4B21E286C19E}\Implemented Categories\{7DD95802-9882-11CF-9FA9-00AA006C42C4}
HKCR\CLSID\{08BEC6AA-49FC-4379-3587-4B21E286C19E}\InprocServer32
HKCR\CLSID\{08BEC6AA-49FC-4379-3587-4B21E286C19E}\InprocServer32#ThreadingModel
HKCR\CLSID\{08BEC6AA-49FC-4379-3587-4B21E286C19E}\ProgID
HKCR\CLSID\{08BEC6AA-49FC-4379-3587-4B21E286C19E}\Programmable
HKCR\CLSID\{08BEC6AA-49FC-4379-3587-4B21E286C19E}\TypeLib
HKCR\CLSID\{08BEC6AA-49FC-4379-3587-4B21E286C19E}\VersionIndependentProgID
C:\WINNT\SYSTEM32\EFFQT.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\{08BEC6AA-49FC-4379-3587-4B21E286C19E}
HKLM\Software\Microsoft\Internet Explorer\Toolbar#{08BEC6AA-49FC-4379-3587-4B21E286C19E}
HKCR\ToolBand.ToolBandObj.1
HKCR\ToolBand.ToolBandObj
HKCR\TypeLib\{5297E905-1DFB-4A9C-9871-A4F95FD58945}
HKU\S-1-5-21-1960408961-436374069-1343024091-1000\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser#{08BEC6AA-49FC-4379-3587-4B21E286C19E}
HKU\S-1-5-21-1960408961-436374069-1343024091-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser#{08BEC6AA-49FC-4379-3587-4B21E286C19E}

Trojan.Media-Codec/V3
HKLM\Software\Classes\CLSID\{1C3C4699-B285-475F-BE47-0B26088CE876}
HKCR\CLSID\{1C3C4699-B285-475F-BE47-0B26088CE876}
HKCR\CLSID\{1C3C4699-B285-475F-BE47-0B26088CE876}#xxx
HKCR\CLSID\{1C3C4699-B285-475F-BE47-0B26088CE876}\InprocServer32
HKCR\CLSID\{1C3C4699-B285-475F-BE47-0B26088CE876}\InprocServer32#ThreadingModel
C:\PROGRAM FILES\VIDEO ACTIVEX ACCESS\IESPLG.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\{1C3C4699-B285-475F-BE47-0B26088CE876}

Unclassified.Unknown Origin
HKLM\Software\Classes\CLSID\{47B83D78-F986-4E96-9769-2C55EF14DA0B}
HKCR\CLSID\{47B83D78-F986-4E96-9769-2C55EF14DA0B}
HKCR\CLSID\{47B83D78-F986-4E96-9769-2C55EF14DA0B}\InprocServer32
HKCR\CLSID\{47B83D78-F986-4E96-9769-2C55EF14DA0B}\InprocServer32#ThreadingModel
C:\WINNT\SYSTEM32\__C0036DA0.DAT
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\{47B83D78-F986-4E96-9769-2C55EF14DA0B}
HKCR\CLSID\{47B83D78-F986-4E96-9769-2C55EF14DA0B}

Parasite.WareOut
HKLM\Software\Classes\CLSID\{B066FDAA-D964-6B50-0E48-EFEB695B1685}
HKCR\CLSID\{B066FDAA-D964-6B50-0E48-EFEB695B1685}
HKCR\CLSID\{B066FDAA-D964-6B50-0E48-EFEB695B1685}\InprocServer32
DEFECT08.DLL
HKU\S-1-5-21-1960408961-436374069-1343024091-1000\Software\Microsoft\Internet Explorer\URLSearchHooks#{B066FDAA-D964-6B50-0E48-EFEB695B1685}

Adware.Avenue Media/Internet Optimizer
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\{00000010-6F7D-442C-93E3-4A4827C2E4C8}
HKU\S-1-5-21-1960408961-436374069-1343024091-1000\Software\Microsoft\Internet Explorer\URLSearchHooks#_{CFBFAE00-17A6-11D0-99CB-00C04FD64497}

Adware.IST/YourSiteBar
HKU\S-1-5-21-1960408961-436374069-1343024091-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser#{86227D9C-0EFE-4F8A-AA55-30386A3F5686}
HKCR\TypeLib\{4EE12B71-AA5E-45EC-8666-2DB3AD3FDF44}
HKCR\CLSID\{42F2C9BA-614F-47c0-B3E3-ECFD34EED658}
HKCR\CLSID\{42F2C9BA-614F-47c0-B3E3-ECFD34EED658}\InprocServer32
HKCR\CLSID\{42F2C9BA-614F-47c0-B3E3-ECFD34EED658}\InprocServer32#ThreadingModel
HKCR\CLSID\{42F2C9BA-614F-47c0-B3E3-ECFD34EED658}\ProgID

Registry Cleaner Trial
HKU\S-1-5-21-1960408961-436374069-1343024091-1000\Software\Registry Cleaner

Trojan.Unknown Origin
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{42F2C9BA-614F-47C0-B3E3-ECFD34EED658}
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{42F2C9BA-614F-47C0-B3E3-ECFD34EED658}#SystemComponent
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{42F2C9BA-614F-47C0-B3E3-ECFD34EED658}#Installer
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{42F2C9BA-614F-47C0-B3E3-ECFD34EED658}\Contains
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{42F2C9BA-614F-47C0-B3E3-ECFD34EED658}\Contains\Files
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{42F2C9BA-614F-47C0-B3E3-ECFD34EED658}\Contains\Files#C:\WINNT\Downloaded Program Files\ysbactivex.dll
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{42F2C9BA-614F-47C0-B3E3-ECFD34EED658}\DownloadInformation
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{42F2C9BA-614F-47C0-B3E3-ECFD34EED658}\DownloadInformation#CODEBASE
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{42F2C9BA-614F-47C0-B3E3-ECFD34EED658}\InstalledVersion
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{42F2C9BA-614F-47C0-B3E3-ECFD34EED658}\InstalledVersion#LastModified

Malware.AlertSpy
HKLM\Software\Mandel Enterprises

Adware.IST/ISTBar (Slotch Bar)
HKU\S-1-5-21-1960408961-436374069-1343024091-1000\Software\Microsoft\Internet Explorer\Main#BandRest [ Never ]

Trojan.ErrorSafe
HKCR\ESSPCheck.ESSPCheck
HKCR\ESSPCheck.ESSPCheck\CLSID
HKCR\ESSPCheck.ESSPCheck\CurVer
HKCR\ESSPCheck.ESSPCheck.1
HKCR\ESSPCheck.ESSPCheck.1\CLSID
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ERS SDD
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ERS SDD#NextInstance
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ERS SDD\0000
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ERS SDD\0000#Service
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ERS SDD\0000#Legacy
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ERS SDD\0000#ConfigFlags
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ERS SDD\0000#Class
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ERS SDD\0000#ClassGUID
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ERS SDD\0000#DeviceDesc
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ERS SDD\0000#Capabilities
Reply
Page 1 of 2 1 2

Register
Thread Tools



Arabic Bulgarian Chinese (Simplified) Chinese (Traditional) Croatian Czech Danish Dutch English Finnish French German Greek Hebrew Hungarian Italian Japanese Korean Latvian Lithuanian Norwegian Polish Portuguese Romanian Russian Serbian Slovak Spanish Swedish Thai Turkish Ukrainian

Copyright ©2006 - 2009 Computer Juice.
Contact - Privacy - Sitemap - Top

Powered by vBulletin® Copyright ©2000 - 2009 Jelsoft Enterprises Ltd. SEO by vBSEO ©2009, Crawlability, Inc.