Digit Technology Discussion Forum - View Single Post

swatkat · 05-05-2005, 10:02 PM

Download CCleaner,AdAware, SpyBot SnD, TrojanHunter Trial and SpywareBlaster.

Boot in safe mode.
Go to Control Panel> Add/Remove Programs, and unisntall these tools if you find them:-
1] NavPoint ToolBar or NavExcel Toolbor or NavHelper
2] ISTBar
3] WindUpdates or MediaAccess
4] New.Net or New Dot Net
5] P2P Networking
6] 180 Search Assistant
7] EBates MoneyMaker
8] Altnet Points Manager
9] Internet Optimizer
10] Kazaa (it's better to uninstall this)

Then run HijackThis and click "Do only a system scan". Then put a check mark against the below entries:-
O2 - BHO: URLLink Class - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet6_38.dll

O2 - BHO: InstaFinderK - {4E7BD74F-2B8D-469E-90F0-F66AB581A933} - C:\PROGRA~1\INSTAF~1\INSTAF~1.DLL

O2 - BHO: NavHelper Class - {C1E58A84-95B3-4630-B8C2-D06B77B7A0FC} - C:\Program Files\NavExcel\NavHelper\v2.0.4d\NHelper.dll

O2 - BHO: Saristar - {C68AE9C0-0909-4DDC-B661-C1AFB9F5AE50} - C:\WINDOWS\system32\saristar.dll

O4 - HKLM\..\Run: [ScanRegistry] C:\W

O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe

O4 - HKLM\..\Run: [Ayi96aG] C:\WINDOWS\vtktard.exe

O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe

O4 - HKLM\..\Run: [180ax] c:\windows\180ax.exe

O4 - HKLM\..\Run: [sixtysix] C:\WINDOWS\sixtypopsix.exe

O4 - HKLM\..\Run: [ynqd] C:\WINDOWS\ynqd.exe

O4 - HKLM\..\Run: [Ã?Â³#Â*L"h'Ã¾9Ã“œÃ°3rÃ…WC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\vtktard.exe

O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,NewDotNetStartup -s

O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\system32\P2P Networking\P2P Networking.exe /AUTOSTART

O4 - HKLM\..\Run: [KAZAA] C:\Program Files\Kazaa\kazaa.exe /SYSTRAY

O4 - HKLM\..\Run: [AltnetPointsManager] c:\program files\altnet\points manager\points manager.exe -s

O9 - Extra button: (no name) - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.ht m (file missing)(HKCU)

O9 - Extra button: Ebates - {7F241C00-DAB6-11d5-AAA8-0001028DF1BC} - file://C:\Program Files\EbatesMoeMoneyMaker\System\Temp\ebates_scrip t0.htm (file missing) (HKCU)

O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O15 - Trusted Zone: *.media-motor.net
O15 - Trusted Zone: *.musicmatch.com
O15 - Trusted Zone: *.popuppers.com
O15 - Trusted Zone: *.musicmatch.com (HKLM)

O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/Do...ridge-c293.cab

O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -

O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} (Installer Class) - http://www.ysbweb.com/ist/softwares/...sb_regular.cab

O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://files.ea.com/downloads/rtpatch/v2/EARTPX.cab

O16 - DPF: {7C559105-9ECF-42B8-B3F7-832E75EDD959} (Installer Class) - http://www.xxxtoolbar.com/ist/softwa...06_regular.cab

O16 - DPF: {858B4F85-E945-4F0C-AF65-059E0AD9EEC0} (IntraLaunch.MainControl) - file://H:\Interface\IntraLaunch.CAB

O16 - DPF: {AD0B8220-7DA4-4C0A-8532-B25A9F631D3D} (VacPro.internazionale_ver10) - http://advnt01.com/dialer/internazionale_ver10.CAB

O16 - DPF: {D19781C5-2051-44F8-8445-DDC82933C191} (VacPro.internazionale_ver11) - http://advnt01.com/dialer/internazionale_ver11.CAB

O16 - DPF: {E0CE16CB-741C-4B24-8D04-A817856E07F4} (IObjSafety.DemoCtl) - http://cabs.media-motor.net/cabs/diamond.cab

Close all other programs and click "Fix Checked" in HijackThis.

Exit from HijackThis and then delete these files:-
C:\Program Files\NewDotNet\newdotnet6_38.dll
C:\PROGRA~1\INSTAF~1\INSTAF~1.DLL
C:\Program Files\NavExcel\NavHelper\v2.0.4d\NHelper.dll
C:\WINDOWS\system32\saristar.dll
C:\Program Files\ISTsvc\istsvc.exe
C:\WINDOWS\vtktard.exe
C:\Program Files\Media Access\MediaAccK.exe
c:\windows\180ax.exe
C:\WINDOWS\sixtypopsix.exe
C:\WINDOWS\ynqd.exe
C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL
C:\WINDOWS\system32\P2P Networking\P2P Networking.exe
c:\program files\altnet\points manager\points manager.exe
C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm
C:\Program Files\EbatesMoeMoneyMaker\System\Temp\ebates_script0.htm
C:\PROGRA~1\Altnet\DOWNLO~1\asm.exe
C:\Program Files\ISTsvc\istsvc.exe
H:\Interface\IntraLaunch.CAB
c:\w

And delete these Folders:-
C:\Program Files\NewDotNet
C:\PROGRA~1\INSTAF~1
C:\Program Files\NavExcel
C:\Program Files\ISTsvc
C:\Program Files\Media Access
C:\WINDOWS\system32\P2P Networking
c:\program files\altnet
C:\Program Files\Ebates_MoeMoneyMaker

Run these Tools:-
CCleaner --> Click "Options" button and here go to "Settings" tab and uncheck the option "Only delete files in Windows Temp folder older than 48 hours". Click OK to exit from the Options. Finally click "Run Cleaner"
AdAware --> Click "Scan Now" button in the left pane and select the radio button "Perform full system scan" and click "Start"
SpyBot SnD --> Go to "Mode" menu and click "Advanced". Then "Settings" tab in the left pane, and click "File Sets" and here select the file set named "Usage Tracking" and "Tracks.uti". Then click "SpyBot S&D" button in the left pane and click "Check For Problems"
TrojanHunter --> Select all the Hard Disk partitions and click "Full Scan"
SpywareBlaster --> Run it, and click "Enable All Protection".

Reboot to Normal Mode.

Go to Command Prompt and type this command netsh winsock reset and press ENTER.
Run HijackThis again, and post a fresh HijackThis log.

Kazaa is (in)famous for spywares, you can use P2P tool like Shareaza, which is free of any spyware.

05-05-2005, 10:02 PM	#7 (permalink)
swatkat Human Spambot Join Date: Mar 2004 Location: India Posts: 2,033	Download CCleaner,AdAware, SpyBot SnD, TrojanHunter Trial and SpywareBlaster. Boot in safe mode. Go to Control Panel> Add/Remove Programs, and unisntall these tools if you find them:- 1] NavPoint ToolBar or NavExcel Toolbor or NavHelper 2] ISTBar 3] WindUpdates or MediaAccess 4] New.Net or New Dot Net 5] P2P Networking 6] 180 Search Assistant 7] EBates MoneyMaker 8] Altnet Points Manager 9] Internet Optimizer 10] Kazaa (it's better to uninstall this) Then run HijackThis and click "Do only a system scan". Then put a check mark against the below entries:- O2 - BHO: URLLink Class - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet6_38.dll O2 - BHO: InstaFinderK - {4E7BD74F-2B8D-469E-90F0-F66AB581A933} - C:\PROGRA~1\INSTAF~1\INSTAF~1.DLL O2 - BHO: NavHelper Class - {C1E58A84-95B3-4630-B8C2-D06B77B7A0FC} - C:\Program Files\NavExcel\NavHelper\v2.0.4d\NHelper.dll O2 - BHO: Saristar - {C68AE9C0-0909-4DDC-B661-C1AFB9F5AE50} - C:\WINDOWS\system32\saristar.dll O4 - HKLM\..\Run: [ScanRegistry] C:\W O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe O4 - HKLM\..\Run: [Ayi96aG] C:\WINDOWS\vtktard.exe O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe O4 - HKLM\..\Run: [180ax] c:\windows\180ax.exe O4 - HKLM\..\Run: [sixtysix] C:\WINDOWS\sixtypopsix.exe O4 - HKLM\..\Run: [ynqd] C:\WINDOWS\ynqd.exe O4 - HKLM\..\Run: [Ã?Â³#ÂL"h'Ã¾9Ã“œÃ°3rÃ…WC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\vtktard.exe O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,NewDotNetStartup -s O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\system32\P2P Networking\P2P Networking.exe /AUTOSTART O4 - HKLM\..\Run: [KAZAA] C:\Program Files\Kazaa\kazaa.exe /SYSTRAY O4 - HKLM\..\Run: [AltnetPointsManager] c:\program files\altnet\points manager\points manager.exe -s O9 - Extra button: (no name) - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.ht m (file missing)(HKCU) O9 - Extra button: Ebates - {7F241C00-DAB6-11d5-AAA8-0001028DF1BC} - file://C:\Program Files\EbatesMoeMoneyMaker\System\Temp\ebates_scrip t0.htm (file missing) (HKCU) O10 - Hijacked Internet access by New.Net O10 - Hijacked Internet access by New.Net O10 - Hijacked Internet access by New.Net O10 - Hijacked Internet access by New.Net O10 - Hijacked Internet access by New.Net O15 - Trusted Zone: .media-motor.net O15 - Trusted Zone: .musicmatch.com O15 - Trusted Zone: .popuppers.com O15 - Trusted Zone: .musicmatch.com (HKLM) O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/Do...ridge-c293.cab O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) - O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} (Installer Class) - http://www.ysbweb.com/ist/softwares/...sb_regular.cab O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://files.ea.com/downloads/rtpatch/v2/EARTPX.cab O16 - DPF: {7C559105-9ECF-42B8-B3F7-832E75EDD959} (Installer Class) - http://www.xxxtoolbar.com/ist/softwa...06_regular.cab O16 - DPF: {858B4F85-E945-4F0C-AF65-059E0AD9EEC0} (IntraLaunch.MainControl) - file://H:\Interface\IntraLaunch.CAB O16 - DPF: {AD0B8220-7DA4-4C0A-8532-B25A9F631D3D} (VacPro.internazionale_ver10) - http://advnt01.com/dialer/internazionale_ver10.CAB O16 - DPF: {D19781C5-2051-44F8-8445-DDC82933C191} (VacPro.internazionale_ver11) - http://advnt01.com/dialer/internazionale_ver11.CAB O16 - DPF: {E0CE16CB-741C-4B24-8D04-A817856E07F4} (IObjSafety.DemoCtl) - http://cabs.media-motor.net/cabs/diamond.cab Close all other programs and click "Fix Checked" in HijackThis. Exit from HijackThis and then delete these files:- C:\Program Files\NewDotNet\newdotnet6_38.dll* C:\PROGRA~1\INSTAF~1\INSTAF~1.DLL C:\Program Files\NavExcel\NavHelper\v2.0.4d\NHelper.dll C:\WINDOWS\system32\saristar.dll C:\Program Files\ISTsvc\istsvc.exe C:\WINDOWS\vtktard.exe C:\Program Files\Media Access\MediaAccK.exe c:\windows\180ax.exe C:\WINDOWS\sixtypopsix.exe C:\WINDOWS\ynqd.exe C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL C:\WINDOWS\system32\P2P Networking\P2P Networking.exe c:\program files\altnet\points manager\points manager.exe C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm C:\Program Files\EbatesMoeMoneyMaker\System\Temp\ebates_script0.htm C:\PROGRA~1\Altnet\DOWNLO~1\asm.exe C:\Program Files\ISTsvc\istsvc.exe H:\Interface\IntraLaunch.CAB c:\w And delete these Folders:- C:\Program Files\NewDotNet C:\PROGRA~1\INSTAF~1 C:\Program Files\NavExcel C:\Program Files\ISTsvc C:\Program Files\Media Access C:\WINDOWS\system32\P2P Networking c:\program files\altnet C:\Program Files\Ebates_MoeMoneyMaker Run these Tools:- CCleaner --> Click "Options" button and here go to "Settings" tab and uncheck the option "Only delete files in Windows Temp folder older than 48 hours". Click OK to exit from the Options. Finally click "Run Cleaner" AdAware --> Click "Scan Now" button in the left pane and select the radio button "Perform full system scan" and click "Start" SpyBot SnD --> Go to "Mode" menu and click "Advanced". Then "Settings" tab in the left pane, and click "File Sets" and here select the file set named "Usage Tracking" and "Tracks.uti". Then click "SpyBot S&D" button in the left pane and click "Check For Problems" TrojanHunter --> Select all the Hard Disk partitions and click "Full Scan" SpywareBlaster --> Run it, and click "Enable All Protection". Reboot to Normal Mode. Go to Command Prompt and type this command netsh winsock reset and press ENTER. Run HijackThis again, and post a fresh HijackThis log. Kazaa is (in)famous for spywares, you can use P2P tool like Shareaza, which is free of any spyware. __________________ http://swatrant.blogspot.com/