Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Winfix2006 Problem - Here Is Hijack Log


  • This topic is locked This topic is locked
6 replies to this topic

#1 redhead71

redhead71

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Location:Michigan
  • Local time:09:36 PM

Posted 29 January 2006 - 09:31 PM

I have completed all the steps in the "preparation guide for use before posting a hijack log". It did not kill my winfix problem. I also tried to download vundofix and virtumundobegone and every time I try to download those files ie shuts down completely.

Do you think if I can download those from work and burn them to a cd - or have someone email them I can use it???

Be gentle with me - i am not very savvy and i don't know lots of computer terms....here is my hijack log....

If it means anything - I have gotten several "sharing violations" right before the blue screen of death" related to "kernel32.dll

I also have a file in c:/windows/system/awvvw.dll which mcaffee said might be a problem - but I cannot delete the file.

I also started having a problem when I start up my computer it says windowns cannot replace a file or something like that and I have to hit enter to continue....

I am certain these are all related to the winfix crap - I did not have any of these problems until that started about 2 weeks ago....

Thanks anyone who is willing to help

Logfile of HijackThis v1.99.1
Scan saved at 9:26:58 PM, on 1/29/06
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v5.50 (5.50.4134.0600)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\MCAFEE.COM\VSO\MCSHLD9X.EXE
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\MCAFEE.COM\VSO\OASCLNT.EXE
C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSSHLD.EXE
C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSESCN.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\IRMON.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\SYSTEM\3CMLNKW.EXE
C:\PROGRAM FILES\HP CD-WRITER\DIRECTCD\DIRECTCD.EXE
C:\PROGRAM FILES\HP CD-WRITER\MMENU\HPCDTRAY.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\MCAFEE.COM\AGENT\MCAGENT.EXE
C:\PROGRAM FILES\MCAFEE.COM\AGENT\MCTSKSHD.EXE
C:\PROGRAM FILES\MCAFEE.COM\PERSONAL FIREWALL\MPFTRAY.EXE
C:\WINDOWS\SYSTEM\SISTRAY.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\MCAFEE.COM\PERSONAL FIREWALL\MPFAGENT.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAM FILES\OUTLOOK EXPRESS\MSIMN.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\HIJACKTHIS\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8080
R3 - Default URLSearchHook is missing
O2 - BHO: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
O2 - BHO: (no name) - {EA32FB3B-21C9-42cc-B8EF-01A9B28EDB0D} - C:\WINDOWS\SYSTEM\DDABX.DLL
O2 - BHO: ATLDistrib Object - {83A5F7B7-DC75-44CE-9195-264F41709FA9} - C:\WINDOWS\SYSTEM\AWVVW.DLL
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSSHL.DLL
O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [IrMon] IrMon.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [3Cmlink] C:\WINDOWS\SYSTEM\3cmlnkW.exe
O4 - HKLM\..\Run: [Adaptec DirectCD] C:\PROGRA~1\HPCD-W~1\DIRECTCD\DIRECTCD.EXE
O4 - HKLM\..\Run: [HP CD-Writer] C:\Program Files\HP CD-Writer\Mmenu\hpcdtray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\MCAFEE.COM\VSO\MCMNHDLR.EXE" /checktask
O4 - HKLM\..\Run: [MCAgentExe] C:\PROGRA~1\MCAFEE.COM\AGENT\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\MCAFEE.COM\AGENT\MCUPDATE.EXE
O4 - HKLM\..\Run: [MCTskShd] C:\PROGRA~1\MCAFEE.COM\AGENT\mctskshd.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\MCAFEE.COM\PERSON~1\MpfTray.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] C:\WINDOWS\SYSTEM\mstask.exe
O4 - HKLM\..\RunServices: [McShld9x] C:\Program Files\McAfee.com\VSO\mcshld9x.exe
O4 - HKLM\..\RunOnce: [*AWVVW] rundll32.exe C:\WINDOWS\SYSTEM\AWVVW.DLL,CreateProtectProc rerun
O4 - HKCU\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: Utility Tray.lnk = C:\WINDOWS\SYSTEM\sistray.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O13 - DefaultPrefix:
O13 - WWW Prefix:
O14 - IERESET.INF: START_PAGE_URL=http://www.aol.com
O16 - DPF: {6BF52A52-394A-11D3-B153-00C04F79FAA6} (Windows Media Player 7) - http://activex.microsoft.com/activex/contr...en/nsmp2inf.cab
O16 - DPF: {1E2941E3-8E63-11D4-9D5A-00902742D6E0} (iNotes Class) - https://mygmgw.gm.com/http://usabhma06.mail....com/iNotes.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgreens.com/WalgreensActivia.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab

BC AdBot (Login to Remove)

 


#2 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:10:36 PM

Posted 04 February 2006 - 10:08 AM

Hello redhead71 and welcome to the BC HijackThis forum. After reviewing your log I see a few items that require our attention. Please print these directions and then proceed with the following steps in order.

Since you are having problems downloading the vundo fix utilities let's try removing the files manually in DOS (that's what's nice about Win98). Please print these directions and then proceed with the following steps in order.

Step #1

Reboot the computer and start tapping the F8 key to bring up the boot menu. Choose Command Prompt Only from the selections to boot to DOS.

Step #2

You should now be at the c:\ prompt in a DOS window. Type the following commands exactly as they appear and press the Enter key after each command:cd\windows\system
attrib dbabx.dll -s -h -r
attrib xbabd.* -s -h -r
attrib awvvw.dll -s -h -r
attrib wvvwa.* -s -h -r
del dbabx.dll
del xbabd.*
del awvvw.dll
del wvvwa.*

Now reboot the computer normally back into Windows. You may receive a message regarding the system not being able to find some of the files that we just deleted. That is normally and you can ignore the messages.

Step #3

Start HijackThis and click the Scan button to perform a scan. Look for the following items and click in the checkbox in front of each item to select it:R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {EA32FB3B-21C9-42cc-B8EF-01A9B28EDB0D} - C:\WINDOWS\SYSTEM\DDABX.DLL
O2 - BHO: ATLDistrib Object - {83A5F7B7-DC75-44CE-9195-264F41709FA9} - C:\WINDOWS\SYSTEM\AWVVW.DLL
O4 - HKLM\..\RunOnce: [*AWVVW] rundll32.exe C:\WINDOWS\SYSTEM\AWVVW.DLL,CreateProtectProc rerun
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O13 - DefaultPrefix:
O13 - WWW Prefix:

Now close ALL open windows except HijackThis and click the Fix Checked button to finish the repair.

Step #4

Download CCleaner and install it. Start CCleaner and click on the Run Cleaner button in the lower right-hand corner. When it is finished close CCleaner.

Step #5

Reboot normally and run at least 2 of the following on-line virus scans:Bitdefender <<<Add a check by 'Autoclean'.
RAV <<<Add a check by 'Autoclean', leave everything else as is.
eTrust <<<'Cure' whatever is found, then delete if unsuccessful
Housecall <<<Put on 'Autoclean' and delete what it can't clean.
Panda ActiveScan <<<Accept default settings
If there are any files that cannot be automatically disinfected or quarantined then you will need to delete them manually.

Step #6

If you do not already have Ad-Aware SE 1.06 then follow these download and setup instructions: Ad-Aware SE Setup. Otherwise, just check for updates.

Start Ad-aware SE, click the Start button and choose Perform Full System Scan. Click the Next button and wait for the scan to complete. If anything was found, right-click on the list and choose Select All and remove all it finds.

Step #7

OK. Reboot your computer normally, start HijackThis and perform a new scan. Use the Add Reply button to post your new log file back here along with details of any problems you encountered performing the above steps and I will review it when it comes in.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#3 redhead71

redhead71
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Location:Michigan
  • Local time:09:36 PM

Posted 04 February 2006 - 02:26 PM

OldTimer - so glad to get your message and thanks for the detailed instructions.

I will start on this right away!!! I am excited to wrestle control of my computer away from this thing!!! Thanks for your help.... :thumbsup:

#4 redhead71

redhead71
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Location:Michigan
  • Local time:09:36 PM

Posted 04 February 2006 - 09:57 PM

OK - I have completed all the steps :thumbsup: ...

Crossing my fingers, toes and anything else hoping this vundo is gone...

I went into DOS and typed in the information - it deleted the awvvw.dll and wvvwa files - the other two were not found.

I then did the hijack this scan and fixed checked items - only one of the ones on the list in your message was not there (can't remember which one for sure but I think it was the 04.....runonce etc)

I installed the CCleaner - rebooted and then did the bitdefender.

Tried RAV but it was not available from the link in the message

I did the Panda Activescan and it found some things but would not delete them unless I paid for the Panda firwall and scan software - which I am already running McAfee so i figured I would leave that alone.

I did the eTrust.

I then did the ad-aware which I had installed last week before to prepare for the hijack log. I did an update to make sure it was the latest and greatest. It found a bunch of stuff which I deleted. It did freeze at the end when it was deleting - but seemed like it had finished.

I also ran my spybot for good measure and immunized and then ran the spyblaster and activated protection for internet explorer and restricted sites (not sure what that does but it sound good :flowers: )

Then I shut everything down - restarted and ran hijackthis - here is my log:

Logfile of HijackThis v1.99.1
Scan saved at 9:42:56 PM, on 2/4/06
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v5.50 (5.50.4134.0600)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\MCAFEE.COM\VSO\MCSHLD9X.EXE
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\MCAFEE.COM\VSO\OASCLNT.EXE
C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSSHLD.EXE
C:\PROGRAM FILES\MCAFEE.COM\AGENT\MCAGENT.EXE
C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSESCN.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\IRMON.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\SYSTEM\3CMLNKW.EXE
C:\PROGRAM FILES\HP CD-WRITER\DIRECTCD\DIRECTCD.EXE
C:\PROGRAM FILES\HP CD-WRITER\MMENU\HPCDTRAY.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\MCAFEE.COM\AGENT\MCTSKSHD.EXE
C:\PROGRAM FILES\MCAFEE.COM\PERSONAL FIREWALL\MPFTRAY.EXE
C:\WINDOWS\SYSTEM\SISTRAY.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\MCAFEE.COM\PERSONAL FIREWALL\MPFAGENT.EXE
C:\PROGRAM FILES\HIJACKTHIS\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8080
O2 - BHO: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSSHL.DLL
O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [IrMon] IrMon.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [3Cmlink] C:\WINDOWS\SYSTEM\3cmlnkW.exe
O4 - HKLM\..\Run: [Adaptec DirectCD] C:\PROGRA~1\HPCD-W~1\DIRECTCD\DIRECTCD.EXE
O4 - HKLM\..\Run: [HP CD-Writer] C:\Program Files\HP CD-Writer\Mmenu\hpcdtray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\MCAFEE.COM\VSO\MCMNHDLR.EXE" /checktask
O4 - HKLM\..\Run: [MCAgentExe] C:\PROGRA~1\MCAFEE.COM\AGENT\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\MCAFEE.COM\AGENT\MCUPDATE.EXE
O4 - HKLM\..\Run: [MCTskShd] C:\PROGRA~1\MCAFEE.COM\AGENT\mctskshd.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\MCAFEE.COM\PERSON~1\MpfTray.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] C:\WINDOWS\SYSTEM\mstask.exe
O4 - HKLM\..\RunServices: [McShld9x] C:\Program Files\McAfee.com\VSO\mcshld9x.exe
O4 - HKCU\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: Utility Tray.lnk = C:\WINDOWS\SYSTEM\sistray.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.aol.com
O16 - DPF: {6BF52A52-394A-11D3-B153-00C04F79FAA6} (Windows Media Player 7) - http://activex.microsoft.com/activex/contr...en/nsmp2inf.cab
O16 - DPF: {1E2941E3-8E63-11D4-9D5A-00902742D6E0} (iNotes Class) - https://mygmgw.gm.com/http://usabhma06.mail....com/iNotes.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgreens.com/WalgreensActivia.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab


I am exhausted :huh:

#5 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:10:36 PM

Posted 05 February 2006 - 09:29 AM

Congratulations redhead71, your log is clean! You did an excellent job :thumbsup:

The real test is, how are things running? Any more popups or issues with WinFixer and Vundo?

Thanks for letting me know about RAV's online scan. I went to the site and see that it is now shut down.

Now that you are clean, to help protect your computer in the future I recommend the following free programs (it sounds like you might have most of them already but it's always good to review occasionally):
  • SpywareBlaster to help prevent spyware from installing in the first place.
  • SpywareGuard to catch and block spyware before it can execute.
  • IESpy-Ad to block access to malicious websites so you cannot be redirected to them from an infected site or email.
You already have a good firewall and a good antivirus application intalled and running. It is important to have both to protect your system, and to keep them updated.

To keep your operating system up to date visit Microsoft Windows Update monthly. Microsoft puts out new updates on the 2nd Tuesday of every month so be sure to check regularly.

And to keep your system clean be aware of what emails you open, what websites you visit, and update and run these free malware scanners once a week:To learn more about how to protect yourself while on the internet read this article by Tony Klien: So how did I get infected in the first place?

Have a safe and happy computing day!

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#6 redhead71

redhead71
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Location:Michigan
  • Local time:09:36 PM

Posted 05 February 2006 - 02:15 PM

THANK YOU!!! THANK YOU!!! THANK YOU!!! THANK YOU!!! THANK YOU!!! THANK YOU!!! THANK YOU!!!

I can't believe how much faster my computer is running now - and I feel so CLEAN!!! I went and did the windows update - first installed IE6.0 which made it all EVEN FASTER!!!! And then did the other windows updates. I had 25 of them :huh: looked at that stuff before and was too afraid to do the updates and figured I might hurt the computer - now I am almost FEARLESS :thumbsup:

OK - I know I sound like a nut but I am so excited to get this fixed - it was really starting to be a problem with getting work done for work - so i had to stay in the office much later to make sure everything got done - which is not fun at all...

Anyway - I have the spyblaster running and I put the Spywareguard on. The IESpyAd redirected me to another website: http://www.spywarewarrior.com/uiuc/resource.htm Not sure if I should trust it or not since it has a whole different software name and all....

Noticed you are not far from us - did you get a lot of snow in Holland?? That is a nice area - my husband I used to live in Kzoo before we moved back to this side of the state - had to drive up to Holland for a couple of classes - always used to go to this pizza place after class that had all these fish tanks - can't remember the name but it was great pizza!!!

Anyway - stay warm :flowers: and enjoy the superbowl if that is your cuppa tea :huh:

Thanks again for your help!!!

#7 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:10:36 PM

Posted 06 February 2006 - 05:18 PM

Hi redhead71, you are very welcome. Glad to hear that things are running better. It appears that Eric has moved his site to Spyware Warrior so that is safe if you want to use his IE-SPYAD list. I have it installed and update it every couple of months and it is great for blocking ads (even those that appear on most web pages). I have updated my links to reflect the new location. Thanks for the info.

I can't think of any pizza places with fish tanks. IMHO the best pizza is Fricano's but Skiles, Salad Bowl and Village Inn also make a terrific pie (we're so lucky here). If you haven't been around for a while the downtown has changed quite a bit. There's a great Irish pub and a couple of new micro-breweries that have great food and suds. Come on down, we're always happy to have visitors in Holland!

I did watch the Super Bowl. I'm a Steelers fan from way back (don't ask me why I just always liked them). I was glad to see them win and was thrilled for "The Bus". What a way to end a career!

Anyway, now that your malware issues have been resolved I will close this topic. If you have any new issues in the future then please start a new topic. And don't be a stranger around the forums.

Cheers.

Keep on computing!

OT :thumbsup:
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users