Member Panel

I have been getting mutliple pop-ups and server busy switch to different server pop-ups. I have been continually running ad-aware, spy-bot and ewdio software to clean up my system but nothing seems to help. Could please look at my hijackthis.log to see what might help.

Thanks

Hy there T Pearson , welcome to PCHF.

You have indeed a bunch of nasty little buggers on there , lets first clean up the easy way abit. When did you run Ewido last?


please run an Panda active scan here:

http://www.pandasoftware.com/products/activescan.htm

And save the log from it.

Then run Spysweeper:

Please download and install the trial version of Webroot SpySweeper (8.3mg)
http://www.webroot.com/shoppingcart/...011&vcode=DT02

When SpySweeper starts, please accept any prompts to update definitions.
Configure it as follows:

From the left pane, click Options
Select the Sweep Options tab & ensure the following are ticked:

*Sweep Memory
*Sweep Registry
*Sweep Cookies
*Sweep All Users accounts
*Do Not Sweep System Restore Folder
*Enable Direct Disk Sweeping
*Sweep contents of compressed files
*Sweep For Rootkits

-After that's done, select Sweep from the left pane & click on the Start button

Allow Spysweeper to reboot your machine to remove the infected files.
After rebooting, launch SpySweeper & select Results from the left pane
Click the 'Session Log' tab & choose Save to File to create a log.

Then please post that log , the Panda log and a new hjt log.

I usually ran Ewido at least once a day, I was also running ad-aware and spy-bot too.

I followed your request and here are the 3 logs that you asked for.

Thanks,

T

Lets have a go at cleaning that up.


Before fixing things with HijackThis Please Do the Following:


Show hidden files and folders:

For XP:

1. On the Tools menu in Windows Explorer, click Folder Options.
2. Click the View tab.
3. Under Hidden files and folders, click Show hidden files and folders.
4. If you see a warning message, click Yes.
5. Click Apply.
6. Click OK.

Disable System Restore to prevent re-infection.
(If you have/use it. You can turn it back on when youre PC is clean).

How to disable system restore:

WinXP.

1. Click the Start button.
2. Right-click My Computer, and then click Properties.
3. On the System Restore tab, check Turn off System Restore or Turn off System Restore on all drives.

Please download CCleaner


Then uninstall Viewpoint Toolbar in add/remove programs.


After that boot in safemode and fix these with hjt:
Then delete the files in bold if present , and run ccleaner. Also delete these files:

C:\WINDOWS\System32\kii.dll
C:\WINDOWS\inf\biU.inf
C:\WINDOWS\system32\??sembly\spoolsv.exe (you wont see question marks , but letters or numbers , if unsure , post what you find first)

And do you know what these two are from? :

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = 172.34.1.5;
O17 - HKLM\System\CCS\Services\Tcpip\..\{4667A043-1022-4AE6-A1E6-32E2F48C0A16}: NameServer = 172.16.2.116

Also are you aware that there is a bunch of remote/vpn software running on youre pc?
If you use them youreself then it is ok , but it could also mean that someone else uses them to control youre pc.

PLSRemote Service
DameWare Mini Remote Control
iSeries Access for Windows Remote Command
Cisco Systems, Inc. VPN Service
pcAnywhere Host Service

Please post a new hjt log when done.

Things seem to be running smoother. The remote/vpn software is installed because I use this pc to access our network where I work at, that is als why you see the 172.x.x.x subnet items.

Here is the latest log after running the fixes and cleanup.

Thanks,

T

Looking good , i see no more problems. :smiley:

Only i would disable the windows messenger service:


Also i would recommend to update windows , but other then that it looks good from here.

Do you still have any problems?