Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Any Help Please...hjt Log


  • This topic is locked This topic is locked
7 replies to this topic

#1 spagtscully

spagtscully

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Colorado
  • Local time:06:42 AM

Posted 31 March 2006 - 03:19 AM

I'm a little freaked out because, logically, my computer should not be infected. I haven't downloaded any files or anything. I wasn't even doing anything on it when it started to just install programs. So, any help in fixing this will be highly appreciated! Ran a few things already but I'm still getting popups and virus/trojan warnings! I know there are a fewthings on this log that are not supposed to be there. I'm gonna keep running adaware again until it comes out clean.

Here's my HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 1:12:28 AM, on 3/31/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe
C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe
C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Webshots\webshots.scr
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\explorer.exe
D:\my documents D\programs\misc programs\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll
O2 - BHO: CoTGT_BHO Class - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [AcctMgr] C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe /startup
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [QD FastAndSafe] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Get Flash by FlashKeeper - C:\Program Files\FlashKeeper\GetFlash.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1125522066517
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1141541192240
O17 - HKLM\System\CCS\Services\Tcpip\..\{D1C62878-0583-405A-B652-4768CE3B2818}: NameServer = 208.39.158.2,64.56.37.246
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: GridIron X-Factor After Effects Peer #1 (XFACTORAE1) - Unknown owner - C:\Program Files\XLR8\xlr8d.exe" --ae --pm 1 (file missing)
O23 - Service: GridIron XLR8 Peer Manager (XLR8) - Unknown owner - C:\Program Files\XLR8\xlr8d.exe" --ae --sm (file missing)
O23 - Service: GridIron XLR8 Peer #1 (XLR8PEER1) - Unknown owner - C:\Program Files\XLR8\xlr8d.exe" --pm 1 (file missing)

BC AdBot (Login to Remove)

 


m

#2 Jag11

Jag11

  • Members
  • 1,027 posts
  • OFFLINE
  •  
  • Location:127.0.0.1
  • Local time:08:42 PM

Posted 31 March 2006 - 03:29 AM

Please follow the instructions provided, you may want to print out these instructions and use them as a reference. If you have any questions regarding the fix, please ask us before proceeding. Please make sure that you follow this in the right order as I have listed.

===================================================

Download ATF Cleaner to your Desktop. We will use this later.

===================================================

Download CWShredder
  • Save it to its own folder.
  • Open CWShredder.
  • Click I Agree.
  • Click Check For Update.
  • Close CWShredder.
===================================================

Run HijackThis

Please open HJT, click Do a system scan only, and then place a checkmark beside each of these entries:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com


After placing all the checkmarks, close all windows (except HJT), and then hit Fix Checked. When it finishes, exit HJT.

===================================================

Boot into Safe Mode. Please restart your computer and as soon as it starts to boot, tap F8 repeatedly. A menu should appear, select Safe Mode from the menu and then hit Enter on your keyboard. (this will take a while, so don't worry, just wait)

===================================================

Run CWShredder
  • Open CWShredder.
  • Click I Agree.
  • Click Fix.
  • Click Next (let it fix everything it asks about).
  • Reboot afterwards.
===================================================

Run ATF Cleaner
  • Double-click ATF-Cleaner.exe to run the program.
  • Click Select All found at the bottom of the list.
  • Click the Empty Selected button.
If you use Firefox browser, do this also:
  • Click Firefox at the top and choose Select All from the list.
  • Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser, do this also:
  • Click Opera at the top and choose Select All from the list.
  • Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.

===================================================

Restart your computer

===================================================

Run an online scan at Panda's ActiveScan
  • Please go here and perform a full system scan.
  • Once you are on the Panda site click the Scan your PC button.
  • A new window will open...click the big Check Now button.
  • Enter your Country.
  • Enter your State/Province.
  • Enter your Valid Email and click send.
  • Select either Home User or Company.
  • Click the big Scan Now button.
  • If it wants to install an ActiveX component allow it.
  • It will start downloading the files it requires for the scan.
  • Click on Local Disks to start the scan.
  • Save the log file created to your Desktop.
NOTE: Please ignore any entry it finds and the offer to buy the program to remove the entry, as we will address this later.

===================================================

Just a review of the log(s) we need to see on your next reply:
  • HijackThis (new)
  • Panda
Please also provide details of any problems you encountered while performing the above steps and update us on how the computer behaves now.
Posted Image
Proud member of ASAP and UNITE since 2006.
Everyone wants to go to heaven, but no one wants to die.

.

#3 spagtscully

spagtscully
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Colorado
  • Local time:06:42 AM

Posted 31 March 2006 - 09:46 PM

Thank you for the help here. I didn't have any real problems with teh programs and directions you gave so far. Ok, here's the logs you asked for:

Logfile of HijackThis v1.99.1
Scan saved at 7:43:13 PM, on 3/31/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe
C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe
C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Webshots\webshots.scr
C:\Program Files\Yahoo!\Messenger\ypager.exe
C:\WINDOWS\system32\NOTEPAD.EXE
D:\my documents D\programs\misc programs\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll
O2 - BHO: CoTGT_BHO Class - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [AcctMgr] C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe /startup
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [QD FastAndSafe] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Get Flash by FlashKeeper - C:\Program Files\FlashKeeper\GetFlash.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1125522066517
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1141541192240
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D1C62878-0583-405A-B652-4768CE3B2818}: NameServer = 208.39.158.2,64.56.37.246
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: GridIron X-Factor After Effects Peer #1 (XFACTORAE1) - Unknown owner - C:\Program Files\XLR8\xlr8d.exe" --ae --pm 1 (file missing)
O23 - Service: GridIron XLR8 Peer Manager (XLR8) - Unknown owner - C:\Program Files\XLR8\xlr8d.exe" --ae --sm (file missing)
O23 - Service: GridIron XLR8 Peer #1 (XLR8PEER1) - Unknown owner - C:\Program Files\XLR8\xlr8d.exe" --pm 1 (file missing)







Incident Status Location

Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Dana\Cookies\dana@com[2].txt
Spyware:spyware/surfsidekick Not disinfected C:\Documents and Settings\Jamie Warren\Application Data\Sskknwrd.dll
Spyware:Cookie/888 Not disinfected C:\Documents and Settings\Jamie Warren\Cookies\jamie warren@888[1].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Jamie Warren\Cookies\jamie warren@ad.yieldmanager[2].txt
Spyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\Jamie Warren\Cookies\jamie warren@adopt.hbmediapro[2].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Jamie Warren\Cookies\jamie warren@atwola[1].txt
Spyware:Cookie/SearchingBooth Not disinfected C:\Documents and Settings\Jamie Warren\Cookies\jamie warren@aycm5[1].txt
Spyware:Cookie/Azjmp Not disinfected C:\Documents and Settings\Jamie Warren\Cookies\jamie warren@azjmp[2].txt
Spyware:Cookie/nCase Not disinfected C:\Documents and Settings\Jamie Warren\Cookies\jamie warren@banners.searchingbooth[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Jamie Warren\Cookies\jamie warren@belnk[1].txt
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Jamie Warren\Cookies\jamie warren@burstnet[1].txt
Spyware:Cookie/Cassava Not disinfected C:\Documents and Settings\Jamie Warren\Cookies\jamie warren@cassava[1].txt
Spyware:Cookie/Cd Freaks Not disinfected C:\Documents and Settings\Jamie Warren\Cookies\jamie warren@cdfreaks[2].txt
Spyware:Cookie/Cd Freaks Not disinfected C:\Documents and Settings\Jamie Warren\Cookies\jamie warren@club.cdfreaks[1].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Jamie Warren\Cookies\jamie warren@com[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Jamie Warren\Cookies\jamie warren@dist.belnk[2].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Jamie Warren\Cookies\jamie warren@doubleclick[1].txt
Spyware:Cookie/go Not disinfected C:\Documents and Settings\Jamie Warren\Cookies\jamie warren@go[1].txt
Spyware:Cookie/Kmpads Not disinfected C:\Documents and Settings\Jamie Warren\Cookies\jamie warren@kmpads[2].txt
Spyware:Cookie/Microsofte Not disinfected C:\Documents and Settings\Jamie Warren\Cookies\jamie warren@microsofteup.112.2o7[2].txt
Spyware:Cookie/Paypopup Not disinfected C:\Documents and Settings\Jamie Warren\Cookies\jamie warren@paypopup[1].txt
Spyware:Cookie/Reliablestats Not disinfected C:\Documents and Settings\Jamie Warren\Cookies\jamie warren@stats1.reliablestats[2].txt
Spyware:Cookie/Target Not disinfected C:\Documents and Settings\Jamie Warren\Cookies\jamie warren@target[2].txt
Spyware:Cookie/Tucows Not disinfected C:\Documents and Settings\Jamie Warren\Cookies\jamie warren@tucows[1].txt
Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\Jamie Warren\Cookies\jamie warren@www.burstbeacon[1].txt
Spyware:Cookie/myaffiliateprogram Not disinfected C:\Documents and Settings\Jamie Warren\Cookies\jamie warren@www.myaffiliateprogram[2].txt
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Jamie Warren\Cookies\jamie warren@xiti[1].txt
Spyware:Cookie/Yadro Not disinfected C:\Documents and Settings\Jamie Warren\Cookies\jamie warren@yadro[1].txt
Adware:Adware/Qoologic Not disinfected C:\installerwnus.exe
Spyware:Spyware/New.net Not disinfected C:\NNSCAA638.EXE
Adware:Adware/Maxifiles Not disinfected C:\Program Files\InetGet2\gimmysmileysB.exe
Adware:Adware/PurityScan Not disinfected C:\Program Files\iroe\osob.exe
Spyware:Cookie/Doubleclick Not disinfected C:\RECYCLER\NPROTECT\00194126.TXT
Spyware:Cookie/Doubleclick Not disinfected C:\RECYCLER\NPROTECT\00194127.TXT
Spyware:Cookie/Com.com Not disinfected C:\RECYCLER\NPROTECT\00194130.TXT
Adware:Adware/WebHancer Not disinfected C:\RECYCLER\NPROTECT\00196199.EXE
Adware:Adware/WebHancer Not disinfected C:\RECYCLER\NPROTECT\00196199.EXE[whAgent.exe]
Adware:Adware/WebHancer Not disinfected C:\RECYCLER\NPROTECT\00196199.EXE[whInstaller.exe]
Adware:Adware/WebHancer Not disinfected C:\RECYCLER\NPROTECT\00196199.EXE[whSurvey.exe]
Adware:Adware/WebHancer Not disinfected C:\RECYCLER\NPROTECT\00196199.EXE[webhdll.dll]
Adware:Adware/WebHancer Not disinfected C:\RECYCLER\NPROTECT\00196199.EXE[whiehlpr.dll]
Spyware:Spyware/SurfSideKick Not disinfected C:\RECYCLER\NPROTECT\00196242.dll
Spyware:Spyware/SurfSideKick Not disinfected C:\RECYCLER\NPROTECT\00196244.exe
Adware:Adware/WebHancer Not disinfected C:\RECYCLER\NPROTECT\00196251.dll
Adware:Adware/WebHancer Not disinfected C:\RECYCLER\NPROTECT\00196252.exe
Adware:Adware/WebHancer Not disinfected C:\RECYCLER\NPROTECT\00196258.EXE
Spyware:Spyware/New.net Not disinfected C:\RECYCLER\NPROTECT\00196273.EXE
Spyware:Spyware/New.net Not disinfected C:\RECYCLER\NPROTECT\00196274.EXE
Adware:Adware/PurityScan Not disinfected C:\RECYCLER\NPROTECT\00196308.exe
Adware:Adware/PurityScan Not disinfected C:\RECYCLER\NPROTECT\00196309.000
Adware:Adware/PurityScan Not disinfected C:\RECYCLER\NPROTECT\00196311.dll
Adware:Adware/Mirar Not disinfected C:\RECYCLER\NPROTECT\00196342.dll
Adware:Adware/Look2Me Not disinfected C:\RECYCLER\NPROTECT\00196354.DLL
Adware:Adware/Qoologic Not disinfected C:\RECYCLER\NPROTECT\00196413.exe
Spyware:Cookie/Doubleclick Not disinfected C:\RECYCLER\NPROTECT\00196425.TXT
Virus:Trj/VB.MC Not disinfected C:\RECYCLER\NPROTECT\00196627.exe
Virus:Trj/SCBop.E Not disinfected C:\RECYCLER\NPROTECT\00196628.exe
Adware:Adware/DollarRevenue Not disinfected C:\RECYCLER\NPROTECT\00196629.exe
Adware:Adware/DollarRevenue Not disinfected C:\RECYCLER\NPROTECT\00196630.EXE
Adware:Adware/DollarRevenue Not disinfected C:\RECYCLER\NPROTECT\00196631.EXE
Adware:Adware/DollarRevenue Not disinfected C:\RECYCLER\NPROTECT\00196633.EXE
Adware:Adware/Dyfuca Not disinfected C:\RECYCLER\NPROTECT\00196882.exe
Adware:Adware/WebHancer Not disinfected C:\RECYCLER\NPROTECT\00196885.exe
Adware:Adware/WebHancer Not disinfected C:\RECYCLER\NPROTECT\00196886.dll
Adware:Adware/WebHancer Not disinfected C:\RECYCLER\NPROTECT\00196887.inf
Virus:Trj/Downloader.AYV Not disinfected C:\Temp\KB887472-x86.exe
Adware:adware/startpage.bbc Not disinfected C:\w.exe
Spyware:Spyware/Media-motor Not disinfected C:\WINDOWS\2040.exe
Spyware:Spyware/Media-motor Not disinfected C:\WINDOWS\2040.exe[eee2.exe]
Adware:adware/secure32 Not disinfected C:\WINDOWS\country.exe
Spyware:Spyware/Media-motor Not disinfected C:\WINDOWS\mm63.ocx
Spyware:Spyware/New.net Not disinfected C:\WINDOWS\NDNuninstall6_38.exe
Spyware:Spyware/New.net Not disinfected C:\WINDOWS\NDNuninstall7_22.exe
Adware:Adware/Dyfuca Not disinfected C:\WINDOWS\optimize.exe
Virus:Trj/Downloader.HPZ Not disinfected C:\WINDOWS\pms111x.exe
Adware:Adware/CommAd Not disinfected C:\WINDOWS\SmFtaWUgV2FycmVu\mAIQuqo0pZIVwApR.vbs
Adware:Adware/Deskwizz Not disinfected C:\WINDOWS\system32\ad.html
Adware:Adware/Qoologic Not disinfected C:\WINDOWS\system32\installer.exe
Adware:Adware/ISearch Not disinfected C:\WINDOWS\system32\MTE2ODI6ODoxNg.exe
Virus:Trj/Downloader.AYV Not disinfected C:\WINDOWS\system32\q.exe
Virus:Trj/Downloader.AYV Not disinfected C:\WINDOWS\system32\q3.exe
Virus:Trj/Downloader.AYV Not disinfected C:\WINDOWS\system32\q5.exe
Adware:Adware/DigInk Not disinfected C:\WINDOWS\system32\Setup94.exe
Adware:Adware/PurityScan Not disinfected C:\WINDOWS\system32\xuae.dll
Virus:Trj/Downloader.AYV Not disinfected C:\WINDOWS\system32\xxx2.exe
Virus:Trj/Downloader.AYV Not disinfected C:\WINDOWS\system32\z1.exe
Virus:Trj/Downloader.AYV Not disinfected C:\WINDOWS\system32\z3.exe
Adware:adware/cws.searchmeup Not disinfected C:\WINDOWS\tool1.exe
Adware:adware/cws Not disinfected C:\WINDOWS\tool2.exe
Virus:Trj/Downloader.HPZ Not disinfected C:\WINDOWS\win32091107649174.exe
Adware:Adware/Qoologic Not disinfected D:\my documents D\programs\misc programs\backups\backup-20060330-224203-418-vchia.exe
Adware:Adware/Mirar Not disinfected D:\my documents D\programs\misc programs\backups\backup-20060330-224204-520.dll
Adware:Adware/Qoologic Not disinfected D:\my documents D\programs\misc programs\backups\backup-20060330-230249-130-vchia.exe

Edited by spagtscully, 31 March 2006 - 09:48 PM.


#4 Jag11

Jag11

  • Members
  • 1,027 posts
  • OFFLINE
  •  
  • Location:127.0.0.1
  • Local time:08:42 PM

Posted 01 April 2006 - 12:12 AM

Please follow the instructions provided, you may want to print out these instructions and use them as a reference. If you have any questions regarding the fix, please ask us before proceeding. Please make sure that you follow this in the right order as I have listed.

===================================================

Download Ewido Anti-Malware
  • Install Ewido.
  • When installing, under Additional Options, uncheck:
    • Install background guard
    • Install scan via context menu
  • Launch Ewido.
  • The program will now open the main screen.
  • You will need to update ewido to the latest definition files
    • On the left hand side of the main screen click update.
    • Then click on the Start Update button.
  • The update will start and a progress bar will show the updates being installed.
  • After it has finished, close Ewido, we will use it later.
  • If you are having problems with the updater, you can use this link to manually update ewido » Ewido manual updates.
===================================================

Download Killbox
  • Save it to your Desktop.
  • Double-click Killbox.exe to run it.
  • Select Delete on Reboot.
  • Click on the All Files button.
  • Copy the words below by highlighting all of them and pressing Ctrl + C on your keyboard.

    C:\Documents and Settings\Jamie Warren\Application Data\Sskknwrd.dll
    C:\installerwnus.exe
    C:\NNSCAA638.EXE
    C:\Temp\KB887472-x86.exe
    C:\w.exe
    C:\WINDOWS\2040.exe
    C:\WINDOWS\country.exe
    C:\WINDOWS\mm63.ocx
    C:\WINDOWS\NDNuninstall6_38.exe
    C:\WINDOWS\NDNuninstall7_22.exe
    C:\WINDOWS\optimize.exe
    C:\WINDOWS\pms111x.exe
    C:\WINDOWS\system32\ad.html
    C:\WINDOWS\system32\installer.exe
    C:\WINDOWS\system32\MTE2ODI6ODoxNg.exe
    C:\WINDOWS\system32\q.exe
    C:\WINDOWS\system32\q3.exe
    C:\WINDOWS\system32\q5.exe
    C:\WINDOWS\system32\Setup94.exe
    C:\WINDOWS\system32\xuae.dll
    C:\WINDOWS\system32\xxx2.exe
    C:\WINDOWS\system32\z1.exe
    C:\WINDOWS\system32\z3.exe
    C:\WINDOWS\tool1.exe
    C:\WINDOWS\tool2.exe
    C:\WINDOWS\win32091107649174.exe


  • Return to Killbox, go to the File menu, and choose Paste from Clipboard.
  • Click the red-and-white Delete File button. Click Yes when prompted to restart your computer.
===================================================

Show Hidden Files and Folders

Click Start » My Computer » Tools » Folder Options. Select the View tab.
  • Check - Show hidden files and folders
  • Uncheck - Hide file extensions for known types
  • Uncheck - Hide protected operating system files
Click Yes to confirm, then OK to exit.

===================================================

Boot into Safe Mode. Please restart your computer and as soon as it starts to boot, tap F8 repeatedly. A menu should appear, select Safe Mode from the menu and then hit Enter on your keyboard. (this will take a while, so don't worry, just wait)

===================================================

Uninstall Programs

Click Start » Control Panel » Add/Remove Programs, and then Uninstall these programs (if present): InetGet2
===================================================

Please find and delete these folders:

C:\Program Files\InetGet2\
C:\Program Files\iroe\
C:\WINDOWS\SmFtaWUgV2FycmVu\

===================================================

Run ATF Cleaner
  • Double-click ATF-Cleaner.exe to run the program.
  • Click Select All found at the bottom of the list.
  • Click the Empty Selected button.
If you use Firefox browser, do this also:
  • Click Firefox at the top and choose Select All from the list.
  • Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser, do this also:
  • Click Opera at the top and choose Select All from the list.
  • Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.

===================================================

Run Ewido
  • Open Ewido.
  • Click on scanner at the left side, then click on Complete System Scan.
    • Please don't use the computer while scanning
    • Sometimes Ewido reports legit files as malware, so you need to Remove these one-by-one, if you see a legit file being reported, just select None.
  • Once the scan has completed, click the button located on the bottom of the screen named Save report.
  • Save the report as .txt file to your Desktop.
  • Close Ewido.
===================================================

Restart your computer

===================================================

Just a review of the log(s) we need to see on your next reply:
  • HijackThis (new)
  • Ewido
Please also provide details of any problems you encountered while performing the above steps and update us on how the computer behaves now.

Edited by Jag11, 01 April 2006 - 12:13 AM.

Posted Image
Proud member of ASAP and UNITE since 2006.
Everyone wants to go to heaven, but no one wants to die.

.

#5 spagtscully

spagtscully
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Colorado
  • Local time:06:42 AM

Posted 01 April 2006 - 08:16 PM

All the directions have been done. Here's the new logs:

Logfile of HijackThis v1.99.1
Scan saved at 6:13:22 PM, on 4/1/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe
C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe
C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Yahoo!\Messenger\ypager.exe
C:\Program Files\Webshots\webshots.scr
C:\Program Files\Symantec\LiveUpdate\AUpdate.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
D:\my documents D\programs\misc programs\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll
O2 - BHO: CoTGT_BHO Class - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [AcctMgr] C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe /startup
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [QD FastAndSafe] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Get Flash by FlashKeeper - C:\Program Files\FlashKeeper\GetFlash.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1125522066517
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1141541192240
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D1C62878-0583-405A-B652-4768CE3B2818}: NameServer = 208.39.158.2,64.56.37.246
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: GridIron X-Factor After Effects Peer #1 (XFACTORAE1) - Unknown owner - C:\Program Files\XLR8\xlr8d.exe" --ae --pm 1 (file missing)
O23 - Service: GridIron XLR8 Peer Manager (XLR8) - Unknown owner - C:\Program Files\XLR8\xlr8d.exe" --ae --sm (file missing)
O23 - Service: GridIron XLR8 Peer #1 (XLR8PEER1) - Unknown owner - C:\Program Files\XLR8\xlr8d.exe" --pm 1 (file missing)





---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 6:03:33 PM, 4/1/2006
+ Report-Checksum: A59BC27D

+ Scan result:

HKLM\SOFTWARE\Classes\CLSID\{00000000-0000-0000-0000-000000000010} -> Adware.Generic : Cleaned with backup
C:\!KillBox\2040.exe/eee2.exe -> Adware.MediaMotor : Cleaned with backup
C:\!KillBox\ad.html -> Hijacker.Agent.e : Cleaned with backup
C:\!KillBox\country.exe -> Not-A-Virus.Exploit.HTML.Mht : Cleaned with backup
C:\!KillBox\installer.exe -> Downloader.Qoologic.at : Cleaned with backup
C:\!KillBox\installerwnus.exe -> Downloader.Qoologic.at : Cleaned with backup
C:\!KillBox\KB887472-x86.exe -> Dropper.Agent.hl : Cleaned with backup
C:\!KillBox\mm63.ocx -> Adware.MediaMotor : Cleaned with backup
C:\!KillBox\MTE2ODI6ODoxNg.exe -> Downloader.Small.buy : Cleaned with backup
C:\!KillBox\NDNuninstall6_38.exe -> Adware.NewDotNet : Cleaned with backup
C:\!KillBox\NDNuninstall7_22.exe -> Adware.NewDotNet : Cleaned with backup
C:\!KillBox\NNSCAA638.EXE -> Adware.NewDotNet : Cleaned with backup
C:\!KillBox\optimize.exe -> Downloader.Dyfuca.ex : Cleaned with backup
C:\!KillBox\pms111x.exe -> Downloader.VB.tw : Cleaned with backup
C:\!KillBox\q.exe -> Dropper.Agent.hl : Cleaned with backup
C:\!KillBox\q3.exe -> Dropper.Agent.hl : Cleaned with backup
C:\!KillBox\q5.exe -> Dropper.Agent.hl : Cleaned with backup
C:\!KillBox\tool1.exe -> Not-A-Virus.Exploit.HTML.Mht : Cleaned with backup
C:\!KillBox\tool2.exe -> Not-A-Virus.Exploit.HTML.Mht : Cleaned with backup
C:\!KillBox\win32091107649174.exe -> Downloader.VB.tw : Cleaned with backup
C:\!KillBox\xxx2.exe -> Dropper.Agent.hl : Cleaned with backup
C:\!KillBox\z1.exe -> Dropper.Agent.hl : Cleaned with backup
C:\!KillBox\z3.exe -> Dropper.Agent.hl : Cleaned with backup
C:\Documents and Settings\Dana\Cookies\dana@com[2].txt -> TrackingCookie.Com : Cleaned with backup
C:\Documents and Settings\Dana\Cookies\dana@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Jamie Warren\Cookies\jamie warren@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Jamie Warren\Cookies\jamie warren@adopt.euroclick[2].txt -> TrackingCookie.Euroclick : Cleaned with backup
C:\Documents and Settings\Jamie Warren\Cookies\jamie warren@adopt.specificclick[2].txt -> TrackingCookie.Specificclick : Cleaned with backup
C:\Documents and Settings\Jamie Warren\Cookies\jamie warren@adrevolver[2].txt -> TrackingCookie.Adrevolver : Cleaned with backup
C:\Documents and Settings\Jamie Warren\Cookies\jamie warren@ads.addynamix[1].txt -> TrackingCookie.Addynamix : Cleaned with backup
C:\Documents and Settings\Jamie Warren\Cookies\jamie warren@ads.pointroll[2].txt -> TrackingCookie.Pointroll : Cleaned with backup
C:\Documents and Settings\Jamie Warren\Cookies\jamie warren@ads.realcastmedia[1].txt -> TrackingCookie.Realcastmedia : Cleaned with backup
C:\Documents and Settings\Jamie Warren\Cookies\jamie warren@ads1.revenue[1].txt -> TrackingCookie.Revenue : Cleaned with backup
C:\Documents and Settings\Jamie Warren\Cookies\jamie warren@advertising[1].txt -> TrackingCookie.Advertising : Cleaned with backup
C:\Documents and Settings\Jamie Warren\Cookies\jamie warren@affiliates.x10[1].txt -> TrackingCookie.X10 : Cleaned with backup
C:\Documents and Settings\Jamie Warren\Cookies\jamie warren@anat.tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned with backup
C:\Documents and Settings\Jamie Warren\Cookies\jamie warren@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned with backup
C:\Documents and Settings\Jamie Warren\Cookies\jamie warren@banners.searchingbooth[1].txt -> TrackingCookie.Searchingbooth : Cleaned with backup
C:\Documents and Settings\Jamie Warren\Cookies\jamie warren@bellglobemediapublishing.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Jamie Warren\Cookies\jamie warren@bluestreak[1].txt -> TrackingCookie.Bluestreak : Cleaned with backup
C:\Documents and Settings\Jamie Warren\Cookies\jamie warren@burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned with backup
C:\Documents and Settings\Jamie Warren\Cookies\jamie warren@casalemedia[1].txt -> TrackingCookie.Casalemedia : Cleaned with backup
C:\Documents and Settings\Jamie Warren\Cookies\jamie warren@cbs.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Jamie Warren\Cookies\jamie warren@com[2].txt -> TrackingCookie.Com : Cleaned with backup
C:\Documents and Settings\Jamie Warren\Cookies\jamie warren@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned with backup
C:\Documents and Settings\Jamie Warren\Cookies\jamie warren@data4.perf.overture[2].txt -> TrackingCookie.Overture : Cleaned with backup
C:\Documents and Settings\Jamie Warren\Cookies\jamie warren@doubleclick[2].txt -> TrackingCookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\Jamie Warren\Cookies\jamie warren@fastclick[1].txt -> TrackingCookie.Fastclick : Cleaned with backup
C:\Documents and Settings\Jamie Warren\Cookies\jamie warren@goldenpalace[2].txt -> TrackingCookie.Goldenpalace : Cleaned with backup
C:\Documents and Settings\Jamie Warren\Cookies\jamie warren@hswmedia.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Jamie Warren\Cookies\jamie warren@hypertracker[2].txt -> TrackingCookie.Hypertracker : Cleaned with backup
C:\Documents and Settings\Jamie Warren\Cookies\jamie warren@kmpads[2].txt -> TrackingCookie.Kmpads : Cleaned with backup
C:\Documents and Settings\Jamie Warren\Cookies\jamie warren@login.tracking101[2].txt -> TrackingCookie.Tracking101 : Cleaned with backup
C:\Documents and Settings\Jamie Warren\Cookies\jamie warren@media.fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned with backup
C:\Documents and Settings\Jamie Warren\Cookies\jamie warren@media.top-banners[1].txt -> TrackingCookie.Top-banners : Cleaned with backup
C:\Documents and Settings\Jamie Warren\Cookies\jamie warren@microsofteup.112.2o7[2].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Jamie Warren\Cookies\jamie warren@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Jamie Warren\Cookies\jamie warren@partygaming.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Jamie Warren\Cookies\jamie warren@paypopup[1].txt -> TrackingCookie.Paypopup : Cleaned with backup
C:\Documents and Settings\Jamie Warren\Cookies\jamie warren@pinnaclesystems.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Jamie Warren\Cookies\jamie warren@questionmarket[1].txt -> TrackingCookie.Questionmarket : Cleaned with backup
C:\Documents and Settings\Jamie Warren\Cookies\jamie warren@revenue[1].txt -> TrackingCookie.Revenue : Cleaned with backup
C:\Documents and Settings\Jamie Warren\Cookies\jamie warren@stats1.reliablestats[2].txt -> TrackingCookie.Reliablestats : Cleaned with backup
C:\Documents and Settings\Jamie Warren\Cookies\jamie warren@tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned with backup
C:\Documents and Settings\Jamie Warren\Cookies\jamie warren@techrepublic.com[1].txt -> TrackingCookie.Com : Cleaned with backup
C:\Documents and Settings\Jamie Warren\Cookies\jamie warren@trafficmp[1].txt -> TrackingCookie.Trafficmp : Cleaned with backup
C:\Documents and Settings\Jamie Warren\Cookies\jamie warren@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : Cleaned with backup
C:\Documents and Settings\Jamie Warren\Cookies\jamie warren@web-stat[2].txt -> TrackingCookie.Web-stat : Cleaned with backup
C:\Documents and Settings\Jamie Warren\Cookies\jamie warren@www.burstbeacon[1].txt -> TrackingCookie.Burstbeacon : Cleaned with backup
C:\Documents and Settings\Jamie Warren\Cookies\jamie warren@www.myaffiliateprogram[2].txt -> TrackingCookie.Myaffiliateprogram : Cleaned with backup
C:\Documents and Settings\Jamie Warren\Cookies\jamie warren@yadro[1].txt -> TrackingCookie.Yadro : Cleaned with backup
C:\Documents and Settings\Jamie Warren\Cookies\jamie warren@yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Jamie Warren\Cookies\jamie warren@z1.adserver[1].txt -> TrackingCookie.Adserver : Cleaned with backup
C:\Documents and Settings\Jamie Warren\Cookies\jamie warren@zedo[2].txt -> TrackingCookie.Zedo : Cleaned with backup
C:\RECYCLER\NPROTECT\00196133.exe -> Dropper.PurityScan.ad : Cleaned with backup
C:\RECYCLER\NPROTECT\00196150.exe -> Adware.MediaTickets : Cleaned with backup
C:\RECYCLER\NPROTECT\00196199.EXE/whAgent.exe -> Adware.WebHancer : Cleaned with backup
C:\RECYCLER\NPROTECT\00196244.exe -> Adware.SurfSide : Cleaned with backup
C:\RECYCLER\NPROTECT\00196251.dll -> Adware.WebHancer : Cleaned with backup
C:\RECYCLER\NPROTECT\00196252.exe -> Adware.WebHancer : Cleaned with backup
C:\RECYCLER\NPROTECT\00196258.EXE -> Adware.WebHancer : Cleaned with backup
C:\RECYCLER\NPROTECT\00196259.exe -> Dropper.PurityScan.ad : Cleaned with backup
C:\RECYCLER\NPROTECT\00196261.exe -> Dropper.VB.kk : Cleaned with backup
C:\RECYCLER\NPROTECT\00196273.EXE -> Adware.NewDotNet : Cleaned with backup
C:\RECYCLER\NPROTECT\00196274.EXE -> Adware.NewDotNet : Cleaned with backup
C:\RECYCLER\NPROTECT\00196308.exe -> Downloader.PurityScan.bw : Cleaned with backup
C:\RECYCLER\NPROTECT\00196309.000 -> Downloader.PurityScan.cc : Cleaned with backup
C:\RECYCLER\NPROTECT\00196342.dll -> Adware.Mirar : Cleaned with backup
C:\RECYCLER\NPROTECT\00196354.DLL -> Adware.Look2Me : Cleaned with backup
C:\RECYCLER\NPROTECT\00196413.exe -> Downloader.Qoologic.bj : Cleaned with backup
C:\RECYCLER\NPROTECT\00196424.TXT -> TrackingCookie.Hitbox : Cleaned with backup
C:\RECYCLER\NPROTECT\00196425.TXT -> TrackingCookie.Doubleclick : Cleaned with backup
C:\RECYCLER\NPROTECT\00196627.exe -> Trojan.VB.tg : Cleaned with backup
C:\RECYCLER\NPROTECT\00196628.exe -> Trojan.VB.tg : Cleaned with backup
C:\RECYCLER\NPROTECT\00196629.exe -> Downloader.Adload.ae : Cleaned with backup
C:\RECYCLER\NPROTECT\00196630.EXE -> Downloader.VB.zo : Cleaned with backup
C:\RECYCLER\NPROTECT\00196631.EXE -> Hijacker.VB.ly : Cleaned with backup
C:\RECYCLER\NPROTECT\00196633.EXE -> Downloader.Adload.ah : Cleaned with backup
C:\RECYCLER\NPROTECT\00196635.exe -> Not-A-Virus.Exploit.HTML.Mht : Cleaned with backup
C:\RECYCLER\NPROTECT\00196882.exe -> Downloader.Dyfuca.ex : Cleaned with backup
C:\RECYCLER\NPROTECT\00196885.exe -> Adware.WebHancer : Cleaned with backup
C:\RECYCLER\NPROTECT\00196886.dll -> Adware.WebHancer : Cleaned with backup
C:\RECYCLER\NPROTECT\00196889.exe -> Not-A-Virus.Exploit.HTML.Mht : Cleaned with backup
C:\visfx500.exe -> Dropper.Agent.aie : Cleaned with backup
C:\WINDOWS\kl1.exe -> Not-A-Virus.Exploit.HTML.Mht : Cleaned with backup
C:\WINDOWS\REGLOCS.OLD:rbewj -> Downloader.Agent.bc : Cleaned with backup
C:\WINDOWS\sms112x.exe -> Downloader.VB.tw : Cleaned with backup
C:\WINDOWS\sys036491741107.exe -> Downloader.VB.tw : Cleaned with backup
C:\WINDOWS\system32\ps.exe -> Dropper.Agent.mf : Cleaned with backup
C:\WINDOWS\tool3.exe -> Not-A-Virus.Exploit.HTML.Mht : Cleaned with backup
C:\WINDOWS\tool4.exe -> Not-A-Virus.Exploit.HTML.Mht : Cleaned with backup
C:\WINDOWS\toolbar.exe -> Not-A-Virus.Exploit.HTML.Mht : Cleaned with backup
C:\WINDOWS\unin101.exe -> Trojan.VB.tg : Cleaned with backup
C:\WINDOWS\uniq -> Not-A-Virus.Exploit.HTML.Mht : Cleaned with backup
C:\WINDOWS\uni_eh.exe -> Trojan.VB.tg : Cleaned with backup
C:\WINDOWS\~GLC0000.TMP:pdftz -> Downloader.Agent.td : Cleaned with backup


::Report End

#6 Jag11

Jag11

  • Members
  • 1,027 posts
  • OFFLINE
  •  
  • Location:127.0.0.1
  • Local time:08:42 PM

Posted 01 April 2006 - 09:12 PM

Good. Thanks for the new logs.

===================================================

I see that you have Viewpoint, we recommend to remove Viewpoint produts because:

Viewpoint components are installed as a side effect of installing other software, most notably AOL and AOL Instant Messenger (AIM). Viewpoint Manager is responsible for managing and updating Viewpoint Media Player’s components. You can disable this using the Viewpoint Manager Control Panel found in the Windows Control Panel menu. By selecting "Disable auto-updating for the Viewpoint Manager" -- the player will no longer attempt to check for updates. Anything that is installed without your consent is suspect. Read what Viewpoint says and make your own decision.

To provide a satisfying consumer experience and to operate effectively, the Viewpoint Media Player periodically sends information to servers at Viewpoint. Each installation of the Viewpoint Media Player is identifiable to Viewpoint via a Customer Unique Identifier (CUID), an alphanumeric identifier embedded in the Viewpoint Media Player. The Viewpoint Media Player randomly generates the CUID during installation and uses it to indicate a unique installation of the product. A CUID is never connected to a user's name, email address, or other personal contact information. CUIDs are used for the sole purpose of filtering redundant information. Each of these information exchanges occurs anonymously.

It's optional, so it's up to you if you want to remove it or not. But in the case that you decided to remove Viewpoint, you can follow these steps:

1. Go to Control Panel > Add/Remove Programs and then Viewpoint and uninstall it there.
2. Open HJT and then fix this entry with it:

O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

3. Find and delete this folder: C:\Program Files\Viewpoint\

===================================================

You can now delete this folder:

C:\!KillBox\

===================================================

Ok, other than that, your log looks clean now!

If have any other questions or problems, just ask them here so we can know. :thumbsup:
-------

Congratulations!

Before I leave you with the steps to keep your computer clean and prevent re-infection, please post one more time to confirm that you don't have any more problems - so we can mark this thread as SOLVED. Posted Image

Have a good day!

==========================================================

1.) Re-Hide System Files and Folders:
  • Click Start
  • Open My Computer
  • Select the Tools menu and click Folder Options
  • Select the View tab
  • Deselect the Show hidden files and folders option
  • Select the Hide protected operating system files option
  • Click Yes to confirm
  • Click OK
2.) Reset and Re-enable your System Restore

We need to do this to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs from changing those files. This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected)
  • Click Start » Run » ( type: SYSDM.CPL ) » OK
  • Click the System Restore tab.
  • Check - Turn off System Restore.
  • Click Apply.
  • Uncheck - Turn off System Restore.
  • Click OK.
3.) How to Prevent Re-Infection

Please take your time reading on this list, it is full of great tools and utilities to help you understand how you got infected and how to keep from getting infected again.
  • Windows Updates (a must!) - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this, open Internet Explorer, then and select Tools » Windows Update, and follow the online instructions from there.
  • Spybot Search & Destroy - Uber powerful tool which can search and annhilate nasties that make it onto your system. Now with an Immunize section that will help prevent future infections.
  • AdAware - Another very powerful tool which searches and kills nasties that infect your system. AdAware and Spybot Search & Destroy compliment each other very well.
  • SpywareBlaster - Great prevention tool to keep nasties from installing on your system.
  • SpywareGuard - Works as a Spyware "Shield" to protect your computer from getting malware in the first place.
  • IE-SpyAd - puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.
  • CleanUP! - Cleans temporary files from IE and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out those nasties that like to reside in the temp folders.
  • Firewall (a must!) - It is definitely a must have. Two good free versions are Kerio and ZoneAlarm.
  • Anti-Virus (a must!) - It is also a must have. Two good programs are Avast and AVG, they're both free.
    Note: You must only use 1 (one) AV because if you have 2 AVs, it will conflict with each other and will only make your system slow.
To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Tony Klein.
Posted Image
Proud member of ASAP and UNITE since 2006.
Everyone wants to go to heaven, but no one wants to die.

.

#7 spagtscully

spagtscully
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Colorado
  • Local time:06:42 AM

Posted 01 April 2006 - 10:50 PM

Everything looks and works great! Thank you so much for your help! I appreciate this forum beyond belief :thumbsup: !

#8 Jag11

Jag11

  • Members
  • 1,027 posts
  • OFFLINE
  •  
  • Location:127.0.0.1
  • Local time:08:42 PM

Posted 02 April 2006 - 06:12 AM

Glad we could help spagtscully! :thumbsup:

Since this issue appears resolved... this topic is closed.

If you need this topic reopened, please request this by sending the moderating team
a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.

Jet Ian
Posted Image
Proud member of ASAP and UNITE since 2006.
Everyone wants to go to heaven, but no one wants to die.

.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users