Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Please Help -it Started W/ Trojaner.download


  • This topic is locked This topic is locked
9 replies to this topic

#1 mp3god

mp3god

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:06:15 AM

Posted 13 November 2005 - 03:33 PM

I'm trying to help a friend who got an alert from NAV2005 that his box was infected w/ the Trojaner.download virus. the file it showed was c:\windows\system32\ssttss.dll

I stumbled across your site after my own attempts to remove the tool failed
(symantec removal tool, and booting to safemode to delete manually)

I tried piecing together info from other posts to tackle the issue but had little luck. Here are are a few of the problems I have been encountering

1Safemode: will not go into safemode w/ f8; when i use the msconfig utility all i get is a black screen, the shell fails to load. I can launch the taskmgr to execute programs just not explorer.exe

2.tried using Killbox and HJT in safemode but it was unable to delete anything. I used examples from other posts discern which items to remove.

---------------------------------------------------------------
------I have killbox, HJT, and ccCleaner ready to use
----------------------------------------------------------------

here is the HJT log ran in 'safemode'

Logfile of HijackThis v1.99.1
Scan saved at 1:08:39 PM, on 11/11/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\DeepSight Extractor\ExtractorService.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\PQV2iSvc.exe
C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\ups.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Azureus\Azureus.exe
C:\Program Files\Java\jre1.5.0_04\bin\javaw.exe
C:\WINDOWS\system32\mstsc.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\Devo\LOCALS~1\Temp\Rar$EX10.649\KillBox.exe
C:\Documents and Settings\Devo\Desktop\Pauls itch\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Ad-Aware] "C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Aware.exe" +c
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [OneTouch Monitor] C:\PROGRA~1\VISION~1\ONETOU~2.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKCU\..\Run: [BMUpdate] C:\WINDOWS\system32\BMUpdate.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Azureus.lnk = C:\Program Files\Azureus\Azureus.exe
O4 - Startup: taskmgr.exe.lnk = C:\WINDOWS\system32\taskmgr.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1130888606253
O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin class) - http://secure2.comned.com/signuptemplates/...login-devel.cab
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: DeepSight Extractor CC Service (ccExtractorService) - Unknown owner - C:\Program Files\Symantec\DeepSight Extractor\ccExtractorService.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Deepsight Extractor (DeepsightExtractor) - Unknown owner - C:\Program Files\Symantec\DeepSight Extractor\ExtractorService.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\PQV2iSvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe


Thanks in advance! I will try to get my buddy to make a donation to whoever can help me get rid of this for him, unfortunately for him my friend is a complete novice

BC AdBot (Login to Remove)

 


#2 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:11:15 AM

Posted 13 November 2005 - 05:04 PM

Hi and Welcome to bleeping computer!! Posted Image

My name is David Posted Image

Please do both of the following before we start if possible!:

1) Please print off these intructions - they will be needed later when internet access is not available.
2) Save these instructions in word/notepad to the desktop where they can be easily found for the same reasons as above.

There is a bit to do on the log - i can almost guaruntee ewido will remove something - it's also a good free tool to keep in your arsenal! :thumbsup:

Please download ewido security suite it is a free version of the program.
  • Install ewido security suite
  • When installing, under "Additional Options" uncheck.
    • Install background guard
    • Install scan via context menu
  • Launch ewido, there should be an icon on your desktop, double-click it.
  • The program will now open to the main screen.
  • When you run ewido for the first time, you may get a warning "Database could not be found!". Click OK. We will fix this in a moment.
  • You will need to update ewido to the latest definition files.
    • On the left hand side of the main screen click update.
    • Then click on Start Update.
  • The update will start and a progress bar will show the updates being installed.
    (the status bar at the bottom will display ("Update successful") Posted Image
If you are having problems with the updater, you can use this link to manually update ewido.
ewido manual updates

Once the updates are installed do the following:
  • Click on scanner
  • Click on Complete System Scan and the scan will begin.
  • You will be prompted to clean the first infection.
  • Select "Perform action on all infections", then proceed.
  • Once the scan has completed, there will be a button located on the bottom of the screen named Save report
  • Click Save report.
  • Save the report .txt file to your desktop or a location where you can find it easily.
Close ewido security suite.

Post a new HJT log and the ewido log at the end! :flowers:
David

#3 mp3god

mp3god
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:06:15 AM

Posted 14 November 2005 - 04:44 PM

Hello D-

Here is the ewigo log----------------------------------------
------------------------------------------------------------------

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 3:22:33 PM, 11/14/2005
+ Report-Checksum: 5FBE3F41

+ Scan result:

HKU\S-1-5-21-3719021225-389045455-511977978-1007\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{10E42047-DEB9-4535-A118-B3F6EC39B807} -> Spyware.SideFind : Cleaned with backup
HKU\S-1-5-21-3719021225-389045455-511977978-1007\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000010-6F7D-442C-93E3-4A4827C2E4C8} -> Spyware.InternetOptimizer : Cleaned with backup
HKU\S-1-5-21-3719021225-389045455-511977978-1007\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{10E42047-DEB9-4535-A118-B3F6EC39B807} -> Spyware.SideFind : Cleaned with backup
HKU\S-1-5-21-3719021225-389045455-511977978-1007\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} -> Spyware.WinFavorites : Cleaned with backup
HKU\S-1-5-21-3719021225-389045455-511977978-1007\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7C559105-9ECF-42B8-B3F7-832E75EDD959} -> Spyware.ISTBar : Cleaned with backup
HKU\S-1-5-21-3719021225-389045455-511977978-1007\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{86227D9C-0EFE-4F8A-AA55-30386A3F5686} -> Spyware.YourSiteBar : Cleaned with backup
HKU\S-1-5-21-3719021225-389045455-511977978-1007\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A3FDD654-A057-4971-9844-4ED8E67DBBB8} -> Spyware.ISTBar : Cleaned with backup
C:\Documents and Settings\Paul Rauch Jr\Cookies\paul rauch jr@adopt.specificclick[1].txt -> Spyware.Cookie.Specificclick : Cleaned with backup
C:\Documents and Settings\Paul Rauch Jr\Cookies\paul rauch jr@ads49.bpath[1].txt -> Spyware.Cookie.Bpath : Cleaned with backup
C:\Documents and Settings\Paul Rauch Jr\Cookies\paul rauch jr@chicagosuntimes.122.2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Paul Rauch Jr\Cookies\paul rauch jr@cnn.122.2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Paul Rauch Jr\Cookies\paul rauch jr@cz11.clickzs[1].txt -> Spyware.Cookie.Clickzs : Cleaned with backup
C:\Documents and Settings\Paul Rauch Jr\Cookies\paul rauch jr@cz3.clickzs[2].txt -> Spyware.Cookie.Clickzs : Cleaned with backup
C:\Documents and Settings\Paul Rauch Jr\Cookies\paul rauch jr@cz4.clickzs[1].txt -> Spyware.Cookie.Clickzs : Cleaned with backup
C:\Documents and Settings\Paul Rauch Jr\Cookies\paul rauch jr@cz5.clickzs[1].txt -> Spyware.Cookie.Clickzs : Cleaned with backup
C:\Documents and Settings\Paul Rauch Jr\Cookies\paul rauch jr@cz6.clickzs[1].txt -> Spyware.Cookie.Clickzs : Cleaned with backup
C:\Documents and Settings\Paul Rauch Jr\Cookies\paul rauch jr@cz7.clickzs[1].txt -> Spyware.Cookie.Clickzs : Cleaned with backup
C:\Documents and Settings\Paul Rauch Jr\Cookies\paul rauch jr@cz8.clickzs[2].txt -> Spyware.Cookie.Clickzs : Cleaned with backup
C:\Documents and Settings\Paul Rauch Jr\Cookies\paul rauch jr@cz9.clickzs[2].txt -> Spyware.Cookie.Clickzs : Cleaned with backup
C:\Documents and Settings\Paul Rauch Jr\Cookies\paul rauch jr@entrepreneur.122.2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Paul Rauch Jr\Cookies\paul rauch jr@free.wegcash[1].txt -> Spyware.Cookie.Wegcash : Cleaned with backup
C:\Documents and Settings\Paul Rauch Jr\Cookies\paul rauch jr@image.masterstats[1].txt -> Spyware.Cookie.Masterstats : Cleaned with backup
C:\Documents and Settings\Paul Rauch Jr\Cookies\paul rauch jr@msnportal.112.2o7[2].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Paul Rauch Jr\Cookies\paul rauch jr@programs.wegcash[2].txt -> Spyware.Cookie.Wegcash : Cleaned with backup
C:\Documents and Settings\Paul Rauch Jr\Cookies\paul rauch jr@rotator.adjuggler[1].txt -> Spyware.Cookie.Adjuggler : Cleaned with backup
C:\Documents and Settings\Paul Rauch Jr\Cookies\paul rauch jr@sales.liveperson[2].txt -> Spyware.Cookie.Liveperson : Cleaned with backup
C:\Documents and Settings\Paul Rauch Jr\Cookies\paul rauch jr@vip.clickzs[1].txt -> Spyware.Cookie.Clickzs : Cleaned with backup
C:\Documents and Settings\Paul Rauch Jr\Cookies\paul rauch jr@vip2.clickzs[2].txt -> Spyware.Cookie.Clickzs : Cleaned with backup
C:\Documents and Settings\Paul Rauch Jr\Cookies\paul rauch jr@www.belstat[3].txt -> Spyware.Cookie.Belstat : Cleaned with backup
C:\Documents and Settings\Paul Rauch Jr\Cookies\paul rauch jr@www.sidefind[2].txt -> Spyware.Cookie.Sidefind : Cleaned with backup
C:\Documents and Settings\Paul Rauch Jr\Cookies\paul rauch jr@ysbweb[1].txt -> Spyware.Cookie.Ysbweb : Cleaned with backup
C:\Documents and Settings\Paul Rauch Jr\Cookies\paul rauch@burstnet[2].txt -> Spyware.Cookie.Burstnet : Cleaned with backup
C:\Documents and Settings\Paul Rauch Jr\Cookies\paul rauch@com[2].txt -> Spyware.Cookie.Com : Cleaned with backup
C:\Documents and Settings\Paul Rauch Jr\Cookies\paul rauch@com[3].txt -> Spyware.Cookie.Com : Cleaned with backup
C:\Documents and Settings\Paul Rauch Jr\Cookies\paul rauch@rotator.adjuggler[2].txt -> Spyware.Cookie.Adjuggler : Cleaned with backup
C:\Documents and Settings\Paul Rauch Jr\Cookies\paul rauch@specificpop[1].txt -> Spyware.Cookie.Specificpop : Cleaned with backup
C:\Documents and Settings\Paul Rauch Jr\Cookies\paul rauch@track-star[1].txt -> Spyware.Cookie.Track-star : Cleaned with backup
C:\Documents and Settings\Paul Rauch Jr\Cookies\paul rauch@www.burstbeacon[1].txt -> Spyware.Cookie.Burstbeacon : Cleaned with backup
C:\Documents and Settings\Paul Rauch Jr\Cookies\paul rauch@www.burstbeacon[2].txt -> Spyware.Cookie.Burstbeacon : Cleaned with backup
C:\Documents and Settings\Paul Rauch Jr\Cookies\paul rauch@www2.enigmasoftwaregroup[1].txt -> Spyware.Cookie.Enigmasoftwaregroup : Cleaned with backup
C:\Documents and Settings\Paul Rauch Jr\Cookies\paul rauch@y-1shz2prbmdj6wvny-1sez2pra2dj6wjmiuicpsepaudj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Program Files\SurfAccuracy -> Adware.SurfAccuracy : Cleaned with backup
C:\Program Files\SurfAccuracy\SAcc.cfg -> Adware.SurfAccuracy : Cleaned with backup
C:\WINDOWS\SYSTEM32\jkkjh.dll -> Spyware.Virtumonde : Cleaned with backup


::Report End

------------------------------------------------------------------------------------------------
the new hjt log--------------------------------------------
--------------------------------------------------------------------------------------------------
Logfile of HijackThis v1.99.1
Scan saved at 3:24:35 PM, on 11/14/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\PQV2iSvc.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
C:\PROGRA~1\NORTON~3\NORTON~1\NPROTECT.EXE
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\NORTON~3\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\D-Link\AirPlus Xtreme G\AirPlusCFG.exe
C:\Program Files\Alpha Networks\ANIWZCS Service\WZCSLDR.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\GhostTray.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Documents and Settings\Paul Rauch Jr\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://us.mcafee.com/apps/vso/en-us/vso9/d...36&dtag=465sf61
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Provided By Rauch CLay Sales Corp
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} - C:\WINDOWS\system32\sstts.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O2 - BHO: MSEvents Object - {FC148228-87E1-4D00-AC06-58DCAA52A4D1} - C:\WINDOWS\system32\jkkjh.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [D-Link AirPlus Xtreme G] C:\Program Files\D-Link\AirPlus Xtreme G\AirPlusCFG.exe
O4 - HKLM\..\Run: [ANIWZCSService] C:\Program Files\Alpha Networks\ANIWZCS Service\WZCSLDR.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [Norton Ghost 9.0] C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\GhostTray.exe
O4 - HKLM\..\Run: [Ad-Aware] "C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Aware.exe" +c
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Norton SystemWorks] "C:\Program Files\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz
O4 - Startup: Microsoft Office Outlook 2003.lnk = ?
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .wav: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1126129149453
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005102...all/xscan53.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: jkkjh - C:\WINDOWS\system32\jkkjh.dll
O20 - Winlogon Notify: sstts - C:\WINDOWS\SYSTEM32\sstts.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\PQV2iSvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~3\NORTON~1\NPROTECT.EXE
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~3\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe



I humbly await your reply

Thanks again!!

#4 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:11:15 AM

Posted 14 November 2005 - 04:56 PM

Please download WebRoot SpySweeper from HERE (It's a 2 week trial):
  • Click the Free Trial link under to "SpySweeper" to download the program.
  • Install it.
  • Once the program is installed, it will open.
  • It will prompt you to update to the latest definitions, click Yes.
  • Once the definitions are installed, click Sweep Now on the left side.
  • Click the Start button.
  • When it's done scanning, click the Next button.
  • Make sure everything has a check next to it, then click the Next button.
  • It will remove all of the items found.
  • Click Session Log in the upper right corner, copy everything in that window.
  • Click the Summary tab and click Finish.
  • Paste the contents of the session log you copied into your next reply.
Then reboot your computer - IMPORTANT
Then post a new HJT log

David

#5 mp3god

mp3god
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:06:15 AM

Posted 14 November 2005 - 08:04 PM

Hi David; here are the new logs; btw my name Devon and I really apprecite your help (so does my friend PAul)

********
4:46 PM: | Start of Session, Monday, November 14, 2005 |
4:46 PM: Spy Sweeper started
4:46 PM: Sweep initiated using definitions version 572
4:46 PM: Starting Memory Sweep
4:46 PM: Warning: Failed to load image: C:\WINDOWS\system32\sstts.dll
4:47 PM: Found Adware: virtumonde
4:48 PM: Detected running threat: C:\WINDOWS\SYSTEM32\jkkjh.dll (ID = 77)
4:54 PM: Memory Sweep Complete, Elapsed Time: 00:08:51
4:54 PM: Starting Registry Sweep
4:56 PM: Found Adware: powerscan
4:56 PM: HKLM\software\microsoft\windows\currentversion\uninstall\power scan\ (2 subtraces) (ID = 136826)
4:56 PM: Found Adware: surfsidekick
4:56 PM: HKLM\software\surfsidekick3\ (2 subtraces) (ID = 143413)
4:56 PM: Found Adware: quicklink search toolbar
4:56 PM: HKLM\software\microsoft\windows\currentversion\uninstall\quick links\ (2 subtraces) (ID = 359457)
4:56 PM: Found Adware: dealhelper
4:56 PM: HKLM\software\ddate\ (1 subtraces) (ID = 636618)
4:56 PM: Found Adware: ezula ilookup
4:56 PM: HKLM\software\microsoft\webext\ (34 subtraces) (ID = 828947)
4:56 PM: Found Trojan Horse: trojan-downloader-conhook
4:56 PM: HKLM\software\classes\clsid\{00dbdac8-4691-4797-8e6a-7c6ab89bc441}\ (3 subtraces) (ID = 833627)
4:56 PM: HKCR\clsid\{00dbdac8-4691-4797-8e6a-7c6ab89bc441}\ (3 subtraces) (ID = 833628)
4:56 PM: HKLM\software\microsoft\windows\currentversion\explorer\browser helper objects\{00dbdac8-4691-4797-8e6a-7c6ab89bc441}\ (ID = 833629)
4:57 PM: Registry Sweep Complete, Elapsed Time:00:02:33
4:57 PM: Starting Cookie Sweep
4:57 PM: Found Spy Cookie: 3 cookie
4:57 PM: paul rauch jr@3[1].txt (ID = 1959)
4:57 PM: Found Spy Cookie: 64.62.232 cookie
4:57 PM: paul rauch jr@64.62.232[2].txt (ID = 1987)
4:57 PM: paul rauch jr@64.62.232[3].txt (ID = 1987)
4:57 PM: paul rauch jr@64.62.232[4].txt (ID = 1987)
4:57 PM: paul rauch jr@64.62.232[5].txt (ID = 1987)
4:57 PM: paul rauch jr@64.62.232[6].txt (ID = 1987)
4:57 PM: Found Spy Cookie: go.com cookie
4:57 PM: paul rauch jr@abc.go[2].txt (ID = 2729)
4:57 PM: Found Spy Cookie: about cookie
4:57 PM: paul rauch jr@about[1].txt (ID = 2037)
4:57 PM: Found Spy Cookie: precisead cookie
4:57 PM: paul rauch jr@adopt.precisead[1].txt (ID = 3182)
4:57 PM: Found Spy Cookie: adultfriendfinder cookie
4:57 PM: paul rauch jr@adultfriendfinder[2].txt (ID = 2165)
4:57 PM: Found Spy Cookie: askmen cookie
4:57 PM: paul rauch jr@askmen[1].txt (ID = 2247)
4:57 PM: Found Spy Cookie: ask cookie
4:57 PM: paul rauch jr@ask[2].txt (ID = 2245)
4:57 PM: Found Spy Cookie: belnk cookie
4:57 PM: paul rauch jr@ath.belnk[2].txt (ID = 2293)
4:57 PM: Found Spy Cookie: azjmp cookie
4:57 PM: paul rauch jr@azjmp[2].txt (ID = 2270)
4:57 PM: paul rauch jr@belnk[1].txt (ID = 2292)
4:57 PM: Found Spy Cookie: enhance cookie
4:57 PM: paul rauch jr@c.enhance[1].txt (ID = 2614)
4:57 PM: Found Spy Cookie: barelylegal cookie
4:57 PM: paul rauch jr@c.fsx[2].txt (ID = 2286)
4:57 PM: Found Spy Cookie: ccbill cookie
4:57 PM: paul rauch jr@ccbill[2].txt (ID = 2369)
4:57 PM: Found Spy Cookie: commission junction cookie
4:57 PM: paul rauch jr@cj[1].txt (ID = 2453)
4:57 PM: Found Spy Cookie: cnt cookie
4:57 PM: paul rauch jr@cnt[1].txt (ID = 2422)
4:57 PM: Found Spy Cookie: sextracker cookie
4:57 PM: paul rauch jr@counter12.sextracker[1].txt (ID = 3362)
4:57 PM: Found Spy Cookie: dealhelper cookie
4:57 PM: paul rauch jr@dealhelper[2].txt (ID = 2503)
4:57 PM: Found Spy Cookie: did-it cookie
4:57 PM: paul rauch jr@did-it[2].txt (ID = 2523)
4:57 PM: paul rauch jr@disney.go[1].txt (ID = 2729)
4:57 PM: paul rauch jr@dist.belnk[2].txt (ID = 2293)
4:57 PM: Found Spy Cookie: dl cookie
4:57 PM: paul rauch jr@dl[2].txt (ID = 2529)
4:57 PM: Found Spy Cookie: freestats.net cookie
4:57 PM: paul rauch jr@drunkendelight.freestats[1].txt (ID = 2705)
4:57 PM: paul rauch jr@espn.go[1].txt (ID = 2729)
4:57 PM: paul rauch jr@espnradio.espn.go[2].txt (ID = 2729)
4:57 PM: Found Spy Cookie: fastclick cookie
4:57 PM: paul rauch jr@fastclick[2].txt (ID = 2651)
4:57 PM: Found Spy Cookie: gamespy cookie
4:57 PM: paul rauch jr@gamespy[1].txt (ID = 2719)
4:57 PM: Found Spy Cookie: gangbangsquad cookie
4:57 PM: paul rauch jr@gangbangsquad[2].txt (ID = 2720)
4:57 PM: Found Spy Cookie: go2net.com cookie
4:57 PM: paul rauch jr@go2net[1].txt (ID = 2730)
4:57 PM: paul rauch jr@go[1].txt (ID = 2728)
4:57 PM: paul rauch jr@go[3].txt (ID = 2728)
4:57 PM: Found Spy Cookie: herfirstanalsex cookie
4:57 PM: paul rauch jr@herfirstanalsex[2].txt (ID = 2769)
4:57 PM: Found Spy Cookie: herfirstlesbiansex cookie
4:57 PM: paul rauch jr@herfirstlesbiansex[2].txt (ID = 2771)
4:57 PM: Found Spy Cookie: clickandtrack cookie
4:57 PM: paul rauch jr@hits.clickandtrack[2].txt (ID = 2397)
4:57 PM: Found Spy Cookie: imlive.com cookie
4:57 PM: paul rauch jr@imlive[1].txt (ID = 2843)
4:57 PM: paul rauch jr@insider.espn.go[1].txt (ID = 2729)
4:57 PM: Found Spy Cookie: kinghost cookie
4:57 PM: paul rauch jr@kinghost[1].txt (ID = 2903)
4:57 PM: Found Spy Cookie: mrskin cookie
4:57 PM: paul rauch jr@mrskin[1].txt (ID = 3020)
4:57 PM: Found Spy Cookie: aptimus cookie
4:57 PM: paul rauch jr@network.aptimus[2].txt (ID = 2235)
4:57 PM: Found Spy Cookie: nextag cookie
4:57 PM: paul rauch jr@nextag[2].txt (ID = 5014)
4:57 PM: Found Spy Cookie: love-host cookie
4:57 PM: paul rauch jr@nylonplanet.love-host[1].txt (ID = 2939)
4:57 PM: Found Spy Cookie: partypoker cookie
4:57 PM: paul rauch jr@partypoker[1].txt (ID = 3111)
4:57 PM: Found Spy Cookie: pornochicks cookie
4:57 PM: paul rauch jr@pornochicks[1].txt (ID = 3171)
4:57 PM: paul rauch jr@proxy.espn.go[1].txt (ID = 2729)
4:57 PM: Found Spy Cookie: rightmedia cookie
4:57 PM: paul rauch jr@rightmedia[2].txt (ID = 3259)
4:57 PM: Found Spy Cookie: rn11 cookie
4:57 PM: paul rauch jr@rn11[2].txt (ID = 3261)
4:57 PM: Found Spy Cookie: domain sponsor cookie
4:57 PM: paul rauch jr@searchportal.domainsponsor[1].txt (ID = 2534)
4:57 PM: paul rauch jr@sextracker[1].txt (ID = 3361)
4:57 PM: Found Spy Cookie: sex cookie
4:57 PM: paul rauch jr@sex[2].txt (ID = 3347)
4:57 PM: Found Spy Cookie: socalcoeds.com cookie
4:57 PM: paul rauch jr@socalcoeds[2].txt (ID = 3393)
4:57 PM: paul rauch jr@sports-att.espn.go[2].txt (ID = 2729)
4:57 PM: paul rauch jr@sports.espn.go[1].txt (ID = 2729)
4:57 PM: Found Spy Cookie: reliablestats cookie
4:57 PM: paul rauch jr@stats1.reliablestats[2].txt (ID = 3254)
4:57 PM: Found Spy Cookie: promaxtraffic cookie
4:57 PM: paul rauch jr@tds.promaxtraffic[2].txt (ID = 3200)
4:57 PM: Found Spy Cookie: teensforcash cookie
4:57 PM: paul rauch jr@teensforcash[2].txt (ID = 3509)
4:57 PM: Found Spy Cookie: toplist cookie
4:57 PM: paul rauch jr@toplist[2].txt (ID = 3557)
4:57 PM: paul rauch jr@toplist[3].txt (ID = 3557)
4:57 PM: paul rauch jr@toplist[4].txt (ID = 3557)
4:57 PM: Found Spy Cookie: trb.com cookie
4:57 PM: paul rauch jr@trb[1].txt (ID = 3587)
4:57 PM: paul rauch jr@usmilitary.about[2].txt (ID = 2038)
4:57 PM: Found Spy Cookie: webpower cookie
4:58 PM: paul rauch jr@webpower[2].txt (ID = 3660)
4:58 PM: paul rauch jr@wgntv.trb[1].txt (ID = 3588)
4:58 PM: Found Spy Cookie: adultxxxpornstars cookie
4:58 PM: paul rauch jr@www.adultxxxpornstars[2].txt (ID = 2170)
4:58 PM: paul rauch jr@www.espn.go[1].txt (ID = 2729)
4:58 PM: Found Spy Cookie: frenchcum cookie
4:58 PM: paul rauch jr@www.frenchcum[2].txt (ID = 2707)
4:58 PM: paul rauch jr@www.mrskin[1].txt (ID = 3021)
4:58 PM: paul rauch jr@www.sex[1].txt (ID = 3348)
4:58 PM: Found Spy Cookie: winantiviruspro cookie
4:58 PM: paul rauch jr@www.winantiviruspro[2].txt (ID = 3690)
4:58 PM: Found Spy Cookie: xxx69 cookie
4:58 PM: paul rauch jr@www.xxx69[2].txt (ID = 3732)
4:58 PM: Found Spy Cookie: xiti cookie
4:58 PM: paul rauch jr@xiti[1].txt (ID = 3717)
4:58 PM: Found Spy Cookie: xren_cj cookie
4:58 PM: paul rauch jr@xren_cj[10].txt (ID = 3723)
4:58 PM: paul rauch jr@xren_cj[1].txt (ID = 3723)
4:58 PM: paul rauch jr@xren_cj[2].txt (ID = 3723)
4:58 PM: paul rauch jr@xren_cj[3].txt (ID = 3723)
4:58 PM: paul rauch jr@xren_cj[4].txt (ID = 3723)
4:58 PM: paul rauch jr@xren_cj[5].txt (ID = 3723)
4:58 PM: paul rauch jr@xren_cj[6].txt (ID = 3723)
4:58 PM: paul rauch jr@xren_cj[7].txt (ID = 3723)
4:58 PM: paul rauch jr@xren_cj[8].txt (ID = 3723)
4:58 PM: paul rauch jr@xren_cj[9].txt (ID = 3723)
4:58 PM: Found Spy Cookie: yadro cookie
4:58 PM: paul rauch jr@yadro[2].txt (ID = 3743)
4:58 PM: paul rauch@abc.go[2].txt (ID = 2729)
4:58 PM: paul rauch@abc.go[3].txt (ID = 2729)
4:58 PM: paul rauch@abclocal.go[1].txt (ID = 2729)
4:58 PM: paul rauch@abcnews.go[2].txt (ID = 2729)
4:58 PM: paul rauch@askmen[1].txt (ID = 2247)
4:58 PM: paul rauch@ask[1].txt (ID = 2245)
4:58 PM: Found Spy Cookie: atwola cookie
4:58 PM: paul rauch@atwola[1].txt (ID = 2255)
4:58 PM: paul rauch@atwola[2].txt (ID = 2255)
4:58 PM: paul rauch@atwola[3].txt (ID = 2255)
4:58 PM: paul rauch@atwola[4].txt (ID = 2255)
4:58 PM: Found Spy Cookie: avenuea cookie
4:58 PM: paul rauch@avenuea[2].txt (ID = 2259)
4:58 PM: Found Spy Cookie: centralmedia cookie
4:58 PM: paul rauch@centralmedia[1].txt (ID = 2373)
4:58 PM: Found Spy Cookie: classmates cookie
4:58 PM: paul rauch@classmates[2].txt (ID = 2384)
4:58 PM: Found Spy Cookie: tickle cookie
4:58 PM: paul rauch@cookie.tickle[1].txt (ID = 3530)
4:58 PM: Found Spy Cookie: emode cookie
4:58 PM: paul rauch@emode[1].txt (ID = 2603)
4:58 PM: paul rauch@emode[3].txt (ID = 2603)
4:58 PM: paul rauch@espn.go[1].txt (ID = 2729)
4:58 PM: paul rauch@espn.go[2].txt (ID = 2729)
4:58 PM: paul rauch@espn.go[3].txt (ID = 2729)
4:58 PM: paul rauch@espn.go[4].txt (ID = 2729)
4:58 PM: paul rauch@espnradio.espn.go[1].txt (ID = 2729)
4:58 PM: paul rauch@espnradio.espn.go[2].txt (ID = 2729)
4:58 PM: paul rauch@espnradio.espn.go[4].txt (ID = 2729)
4:58 PM: paul rauch@espnradio.espn.go[5].txt (ID = 2729)
4:58 PM: paul rauch@expn.go[1].txt (ID = 2729)
4:58 PM: Found Spy Cookie: gotoast cookie
4:58 PM: paul rauch@gotoast[1].txt (ID = 2751)
4:58 PM: paul rauch@gotoast[2].txt (ID = 2751)
4:58 PM: Found Spy Cookie: homestore cookie
4:58 PM: paul rauch@homestore[1].txt (ID = 2793)
4:58 PM: Found Spy Cookie: ijsearch cookie
4:58 PM: paul rauch@ijsearch[1].txt (ID = 2837)
4:58 PM: Found Spy Cookie: kount cookie
4:58 PM: paul rauch@kount[1].txt (ID = 2911)
4:58 PM: Found Spy Cookie: l2m.net cookie
4:58 PM: paul rauch@l2m[1].txt (ID = 2913)
4:58 PM: Found Spy Cookie: ugo cookie
4:58 PM: paul rauch@mediamgr.ugo[2].txt (ID = 3609)
4:58 PM: Found Spy Cookie: tripod cookie
4:58 PM: paul rauch@members.tripod[1].txt (ID = 3592)
4:58 PM: Found Spy Cookie: metareward.com cookie
4:58 PM: paul rauch@metareward[1].txt (ID = 2990)
4:58 PM: Found Spy Cookie: military cookie
4:58 PM: paul rauch@military[1].txt (ID = 2996)
4:58 PM: paul rauch@msn.espn.go[1].txt (ID = 2729)
4:58 PM: paul rauch@msn.espn.go[3].txt (ID = 2729)
4:58 PM: paul rauch@nextag[1].txt (ID = 5014)
4:58 PM: paul rauch@nextag[2].txt (ID = 5014)
4:58 PM: Found Spy Cookie: netratingsselect cookie
4:58 PM: paul rauch@nnselect[2].txt (ID = 3065)
4:58 PM: Found Spy Cookie: popups.infostart cookie
4:58 PM: paul rauch@popups.infostart[2].txt (ID = 3159)
4:58 PM: paul rauch@proxy.espn.go[1].txt (ID = 2729)
4:58 PM: paul rauch@proxy.espn.go[2].txt (ID = 2729)
4:58 PM: paul rauch@rightmedia[1].txt (ID = 3259)
4:58 PM: paul rauch@rightmedia[3].txt (ID = 3259)
4:58 PM: paul rauch@rn11[1].txt (ID = 3261)
4:58 PM: paul rauch@rn11[2].txt (ID = 3261)
4:58 PM: paul rauch@rn11[3].txt (ID = 3261)
4:58 PM: paul rauch@rsi.espn.go[1].txt (ID = 2729)
4:58 PM: paul rauch@rsi.espn.go[2].txt (ID = 2729)
4:58 PM: paul rauch@search.domainsponsor[1].txt (ID = 2534)
4:58 PM: Found Spy Cookie: servlet cookie
4:58 PM: paul rauch@servlet[2].txt (ID = 3345)
4:58 PM: Found Spy Cookie: smni cookie
4:58 PM: paul rauch@smni[1].txt (ID = 3389)
4:58 PM: paul rauch@sports.espn.go[1].txt (ID = 2729)
4:58 PM: paul rauch@sports.espn.go[2].txt (ID = 2729)
4:58 PM: Found Spy Cookie: stats.klsoft.com cookie
4:58 PM: paul rauch@stats.klsoft[1].txt (ID = 3451)
4:58 PM: paul rauch@stats.klsoft[2].txt (ID = 3451)
4:58 PM: paul rauch@stats.klsoft[4].txt (ID = 3451)
4:58 PM: paul rauch@trb[1].txt (ID = 3587)
4:58 PM: paul rauch@trb[2].txt (ID = 3587)
4:58 PM: paul rauch@trb[3].txt (ID = 3587)
4:58 PM: paul rauch@tv.trb[1].txt (ID = 3588)
4:58 PM: paul rauch@tv.trb[2].txt (ID = 3588)
4:58 PM: paul rauch@wgntv.trb[2].txt (ID = 3588)
4:58 PM: paul rauch@wgntv.trb[3].txt (ID = 3588)
4:58 PM: paul rauch@www.askmen[1].txt (ID = 2248)
4:58 PM: paul rauch@www.emode[1].txt (ID = 2604)
4:58 PM: Found Spy Cookie: starpulse cookie
4:58 PM: paul rauch@www.starpulse[1].txt (ID = 3440)
4:58 PM: Found Spy Cookie: xzoomy cookie
4:58 PM: paul rauch@www.xzoomy[1].txt (ID = 3742)
4:58 PM: Cookie Sweep Complete, Elapsed Time: 00:00:37
4:58 PM: Starting File Sweep
4:58 PM: Found Trojan Horse: 2nd-thought
4:58 PM: c:\windows\system32\newmsrdk (ID = -2147481534)
4:58 PM: c:\windows\system32\dealhelper (ID = -2147481148)
4:59 PM: uorlymu3.xml (ID = 57652)
5:03 PM: Found Adware: apropos
5:03 PM: wingenerics.dll (ID = 50187)
5:03 PM: hvhsejk1.xml (ID = 57647)
5:04 PM: uorlymk2.xml (ID = 57648)
5:04 PM: hvhsejk2.xml (ID = 57648)
5:05 PM: bho.dll (ID = 167068)
5:09 PM: gkehlmu3.xml (ID = 57652)
5:09 PM: gkehlmk1.xml (ID = 57647)
5:10 PM: hvhseju.xml (ID = 57649)
5:10 PM: gkehlmu.xml (ID = 57649)
5:11 PM: uorlymu1.xml (ID = 57650)
5:11 PM: uorlymk1.xml (ID = 57647)
5:11 PM: uorlymu2.xml (ID = 57651)
5:11 PM: gkehlmk.xml (ID = 57646)
5:11 PM: uorlymu.xml (ID = 57649)
5:11 PM: uorlymk.xml (ID = 57646)
5:11 PM: gkehlmk2.xml (ID = 57648)
5:11 PM: hvhsejk.xml (ID = 57646)
5:12 PM: Found Adware: ist yoursitebar
5:12 PM: mp3.exe (ID = 131722)
5:12 PM: mp3.exe (ID = 131722)
5:13 PM: hvhseju1.xml (ID = 57650)
5:13 PM: hvhseju2.xml (ID = 57651)
5:13 PM: gkehlmu1.xml (ID = 57650)
5:13 PM: gkehlmu2.xml (ID = 57651)
5:13 PM: gkehlmdk.xml (ID = 57645)
5:13 PM: hvhsejdk.xml (ID = 57645)
5:13 PM: newuorlymtime.xml (ID = 163168)
5:13 PM: uorlymdk.xml (ID = 57645)
5:13 PM: newgkehlmtime.xml (ID = 163168)
5:14 PM: File Sweep Complete, Elapsed Time: 00:16:06
5:14 PM: Full Sweep has completed. Elapsed time 00:28:15
5:14 PM: Traces Found: 241
5:16 PM: Removal process initiated
5:17 PM: Quarantining All Traces: 2nd-thought
5:17 PM: Quarantining All Traces: surfsidekick
5:17 PM: Quarantining All Traces: virtumonde
5:18 PM: virtumonde is in use. It will be removed on reboot.
5:18 PM: C:\WINDOWS\SYSTEM32\jkkjh.dll is in use. It will be removed on reboot.
5:18 PM: Quarantining All Traces: apropos
5:18 PM: apropos is in use. It will be removed on reboot.
5:18 PM: wingenerics.dll is in use. It will be removed on reboot.
5:18 PM: Quarantining All Traces: trojan-downloader-conhook
5:18 PM: Quarantining All Traces: dealhelper
5:19 PM: Quarantining All Traces: ezula ilookup
5:19 PM: Quarantining All Traces: ist yoursitebar
5:19 PM: Quarantining All Traces: powerscan
5:19 PM: Quarantining All Traces: quicklink search toolbar
5:19 PM: Quarantining All Traces: 3 cookie
5:19 PM: Quarantining All Traces: 64.62.232 cookie
5:19 PM: Quarantining All Traces: about cookie
5:19 PM: Quarantining All Traces: adultfriendfinder cookie
5:19 PM: Quarantining All Traces: adultxxxpornstars cookie
5:19 PM: Quarantining All Traces: aptimus cookie
5:19 PM: Quarantining All Traces: ask cookie
5:19 PM: Quarantining All Traces: askmen cookie
5:19 PM: Quarantining All Traces: atwola cookie
5:19 PM: Quarantining All Traces: avenuea cookie
5:19 PM: Quarantining All Traces: azjmp cookie
5:19 PM: Quarantining All Traces: barelylegal cookie
5:19 PM: Quarantining All Traces: belnk cookie
5:19 PM: Quarantining All Traces: ccbill cookie
5:19 PM: Quarantining All Traces: centralmedia cookie
5:19 PM: Quarantining All Traces: classmates cookie
5:19 PM: Quarantining All Traces: clickandtrack cookie
5:19 PM: Quarantining All Traces: cnt cookie
5:19 PM: Quarantining All Traces: commission junction cookie
5:19 PM: Quarantining All Traces: dealhelper cookie
5:19 PM: Quarantining All Traces: did-it cookie
5:19 PM: Quarantining All Traces: dl cookie
5:19 PM: Quarantining All Traces: domain sponsor cookie
5:19 PM: Quarantining All Traces: emode cookie
5:19 PM: Quarantining All Traces: enhance cookie
5:19 PM: Quarantining All Traces: fastclick cookie
5:19 PM: Quarantining All Traces: freestats.net cookie
5:19 PM: Quarantining All Traces: frenchcum cookie
5:19 PM: Quarantining All Traces: gamespy cookie
5:19 PM: Quarantining All Traces: gangbangsquad cookie
5:19 PM: Quarantining All Traces: go.com cookie
5:19 PM: Quarantining All Traces: go2net.com cookie
5:19 PM: Quarantining All Traces: gotoast cookie
5:19 PM: Quarantining All Traces: herfirstanalsex cookie
5:19 PM: Quarantining All Traces: herfirstlesbiansex cookie
5:19 PM: Quarantining All Traces: homestore cookie
5:19 PM: Quarantining All Traces: ijsearch cookie
5:19 PM: Quarantining All Traces: imlive.com cookie
5:19 PM: Quarantining All Traces: kinghost cookie
5:19 PM: Quarantining All Traces: kount cookie
5:19 PM: Quarantining All Traces: l2m.net cookie
5:19 PM: Quarantining All Traces: love-host cookie
5:19 PM: Quarantining All Traces: metareward.com cookie
5:19 PM: Quarantining All Traces: military cookie
5:19 PM: Quarantining All Traces: mrskin cookie
5:19 PM: Quarantining All Traces: netratingsselect cookie
5:19 PM: Quarantining All Traces: nextag cookie
5:19 PM: Quarantining All Traces: partypoker cookie
5:19 PM: Quarantining All Traces: popups.infostart cookie
5:19 PM: Quarantining All Traces: pornochicks cookie
5:19 PM: Quarantining All Traces: precisead cookie
5:19 PM: Quarantining All Traces: promaxtraffic cookie
5:19 PM: Quarantining All Traces: reliablestats cookie
5:19 PM: Quarantining All Traces: rightmedia cookie
5:19 PM: Quarantining All Traces: rn11 cookie
5:19 PM: Quarantining All Traces: servlet cookie
5:19 PM: Quarantining All Traces: sex cookie
5:19 PM: Quarantining All Traces: sextracker cookie
5:19 PM: Quarantining All Traces: smni cookie
5:19 PM: Quarantining All Traces: socalcoeds.com cookie
5:19 PM: Quarantining All Traces: starpulse cookie
5:19 PM: Quarantining All Traces: stats.klsoft.com cookie
5:19 PM: Quarantining All Traces: teensforcash cookie
5:19 PM: Quarantining All Traces: tickle cookie
5:19 PM: Quarantining All Traces: toplist cookie
5:20 PM: Quarantining All Traces: trb.com cookie
5:20 PM: Quarantining All Traces: tripod cookie
5:20 PM: Quarantining All Traces: ugo cookie
5:20 PM: Quarantining All Traces: webpower cookie
5:20 PM: Quarantining All Traces: winantiviruspro cookie
5:20 PM: Quarantining All Traces: xiti cookie
5:20 PM: Quarantining All Traces: xren_cj cookie
5:20 PM: Quarantining All Traces: xxx69 cookie
5:20 PM: Quarantining All Traces: xzoomy cookie
5:20 PM: Quarantining All Traces: yadro cookie
5:20 PM: Removal process completed. Elapsed time 00:04:29
********
4:43 PM: | Start of Session, Monday, November 14, 2005 |
4:43 PM: Spy Sweeper started
4:45 PM: Your spyware definitions have been updated.
4:46 PM: | End of Session, Monday, November 14, 2005 |
---------------------------------------------------------------------------------------------------------------------

and the post reboot hjk log
---------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 5:31:27 PM, on 11/14/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\PQV2iSvc.exe
C:\Program Files\D-Link\AirPlus Xtreme G\AirPlusCFG.exe
C:\Program Files\Alpha Networks\ANIWZCS Service\WZCSLDR.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\GhostTray.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
C:\PROGRA~1\NORTON~3\NORTON~1\NPROTECT.EXE
C:\PROGRA~1\NORTON~3\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\dumprep.exe
C:\WINDOWS\system32\dwwin.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Paul Rauch Jr\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://us.mcafee.com/apps/vso/en-us/vso9/d...36&dtag=465sf61
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Provided By Rauch CLay Sales Corp
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} - C:\WINDOWS\system32\sstts.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [D-Link AirPlus Xtreme G] C:\Program Files\D-Link\AirPlus Xtreme G\AirPlusCFG.exe
O4 - HKLM\..\Run: [ANIWZCSService] C:\Program Files\Alpha Networks\ANIWZCS Service\WZCSLDR.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [Norton Ghost 9.0] C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\GhostTray.exe
O4 - HKLM\..\Run: [Ad-Aware] "C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Aware.exe" +c
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Norton SystemWorks] "C:\Program Files\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz
O4 - Startup: Microsoft Office Outlook 2003.lnk = ?
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .wav: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1126129149453
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005102...all/xscan53.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: sstts - C:\WINDOWS\SYSTEM32\sstts.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\PQV2iSvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~3\NORTON~1\NPROTECT.EXE
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~3\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe



I can see we are making progress, Thanks for the help

#6 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:11:15 AM

Posted 15 November 2005 - 12:01 PM

Please do both of the following before we start if possible!:

1) Please print off these intructions - they will be needed later when internet access is not available.
2) Save these instructions in word/notepad to the desktop where they can be easily found for the same reasons as above.
At the moment you may feel like you battling with your computer to keep it running smoothly, but doing the following things should most certainly help getting it back to how it was
_____________________

Download KillBox here: http://www.downloads.subratam.org/KillBox.zip
Save it to your desktop.
DO NOT run it yet.
_____________________

With IE closed, run Hijack This again.
Put a checkmark on these entries and hit "fix checked":

R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} - C:\WINDOWS\system32\sstts.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O20 - Winlogon Notify: sstts - C:\WINDOWS\SYSTEM32\sstts.dll

_____________________

Boot into Safe Mode

Double-click on Killbox.exe to run it.
Now put a tick by Standard File Kill.
In the "Full Path of File to Delete" box, copy and paste each of the following lines one at a time then click on the button that has the red circle with the X in the middle after you enter each file.
It will ask for confimation to delete the file.
Click Yes.
Continue with that same procedure until you have copied and pasted all of these in the "Paste Full Path of File to Delete" box.

C:\WINDOWS\SYSTEM32\sstts.dll
_____________________

Please Navigate to the C:\Windows\Temp folder.
Open the Temp folder and go to Edit > Select All then Edit > Delete to delete the entire contents of the Temp folder. (if you cannot delete some items it's fine!)
_____________________

Then go to Start > Run and type %temp% in the Run box.
The Temp folder will open. Click Edit > Select All then Edit > Delete to delete the entire contents of the Temp folder.
_____________________

Finally go to Control Panel > Internet Options.
On the General tab under "Temporary Internet Files" Click "Delete Files".
Put a check by "Delete Offline Content" and click OK.
Click on the Programs tab then click the "Reset Web Settings" button.
Click Apply then OK.
_____________________

Empty the Recycle Bin.
_____________________

Reboot to normal mode and post a new HJT log
David

#7 mp3god

mp3god
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:06:15 AM

Posted 15 November 2005 - 05:25 PM

Here is the new log Thanks!

Logfile of HijackThis v1.99.1
Scan saved at 3:09:59 PM, on 11/15/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\PQV2iSvc.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
C:\PROGRA~1\NORTON~3\NORTON~1\NPROTECT.EXE
C:\PROGRA~1\NORTON~3\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\D-Link\AirPlus Xtreme G\AirPlusCFG.exe
C:\Program Files\Alpha Networks\ANIWZCS Service\WZCSLDR.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\GhostTray.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Paul Rauch Jr\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://us.mcafee.com/apps/vso/en-us/vso9/d...36&dtag=465sf61
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Provided By Rauch CLay Sales Corp
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [D-Link AirPlus Xtreme G] C:\Program Files\D-Link\AirPlus Xtreme G\AirPlusCFG.exe
O4 - HKLM\..\Run: [ANIWZCSService] C:\Program Files\Alpha Networks\ANIWZCS Service\WZCSLDR.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [Norton Ghost 9.0] C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\GhostTray.exe
O4 - HKLM\..\Run: [Ad-Aware] "C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Aware.exe" +c
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Norton SystemWorks] "C:\Program Files\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz
O4 - Startup: Microsoft Office Outlook 2003.lnk = ?
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .wav: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1126129149453
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005102...all/xscan53.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\PQV2iSvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~3\NORTON~1\NPROTECT.EXE
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~3\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

trendmicro and bitdefender are also not showing any infections

could it be that this is finally done?

#8 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:11:15 AM

Posted 16 November 2005 - 11:54 AM

Clean Log!! Posted Image
How's everything running? :up: or :down: ?

Now turn off System Restore:

On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

Restart your computer, turn System Restore back on and create a restore point.

To create a restore point:

Single-click Start and point to All Programs.
Mouse over Accessories, then System Tools, and select System Restore.In the System Restore wizard, select the box next the text labeled "Create a restore point" and click the Next button.
Type a description for your new restore point. Something like "After trojan/spyware cleanup". Click Create and you're done.

How's everything running? :up: or :down: ?

#9 mp3god

mp3god
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:06:15 AM

Posted 16 November 2005 - 02:31 PM

everything seems to be running better, I have left meesage for my friend to get back to me to set the restore point and find out for sure how the pc is running, but last night it seemed to be in a lot better shape!

-Devon

#10 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:11:15 AM

Posted 17 November 2005 - 01:01 PM

:thumbsup:

David

Due to the fact that this topic has thankfully been resolved, I will close this thread. :flowers:

If you want to thread to be re-opened at any point ? please PM me or any other staff with a link to it!

If anyone else is reading this with a similar problem that you would like help with, please post it in a new thread in the security section!


:trumpet: David :inlove:




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users