Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Myspace Link Through Aim


  • Please log in to reply
11 replies to this topic

#1 hithereitstim

hithereitstim

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:02:03 AM

Posted 14 June 2006 - 09:40 AM

So my sister told me that she clicked on a link to myspace from AIM and it was a nasty one or something like that, i never saw it so i don't know. The friend who sent it also sent it to her other people on the buddy list and she didnt even know she sent it. There seems to be nothing wrong with the computer but I just wanna make sure.

This is her logfile on her account:

Logfile of HijackThis v1.99.1
Scan saved at 9:34:50 AM, on 6/14/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe
C:\Program Files\Kodak\Kodak EasyShare Software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [IPInSightLAN 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe" -l
O4 - HKLM\..\Run: [IPInSightMonitor 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe"
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare Software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {072039AB-2117-4ED5-A85F-9B9EB903E021} - http://www.clubbox.co.kr/neo.fld/NowStarter.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {36F46B1E-11B7-4221-B4F7-F1FC9687E7F6} (MBox Control) - http://kr.music.yahoo.com/m_box/component/mbox.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1136565255437
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} -
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

Thanks for helping. :thumbsup:

BC AdBot (Login to Remove)

 


#2 hithereitstim

hithereitstim
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:02:03 AM

Posted 15 June 2006 - 06:39 PM

Sorry for bumping this but my sister has been getting numerous pop-ups lately from Strawberry-red Info or something like that. Please help.

#3 Whisperer

Whisperer

  • Members
  • 405 posts
  • OFFLINE
  •  
  • Local time:08:03 AM

Posted 25 June 2006 - 03:19 AM

Hi Tim and welcome to the Bleeping Computer forums. My name is Whisperer and I will be helping you with your problem. Although I am experienced with computers, I am currently a Trainee in Malware removal and, as such, ALL of my replies will be vetted by malware experts. Please accept our apologies for the delay.

If you have not done so already, please do the initial cleanup steps in the following instructions before posting your new log: Preparation Guide For Use Before Posting a HijackThis Log

In addition, I would like you to produce a list of installed programs to assist me in any cleanup.
  • To do this open your HijackThis
    • Click on Open the Misc Tools section or Config… button, depending on how you are set up.
    • If you used the Config... option then click the Misc Tools tab
    • Select Open Uninstall Manager , a list of your installed programs will be displayed. Please do not be tempted to edit the contents!
    • Select the Save List… button and save the file to your desktop.
  • Please post a copy of this list, together with the new HJT log in your next reply
GT :thumbsup:

#4 hithereitstim

hithereitstim
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:02:03 AM

Posted 30 June 2006 - 10:32 AM

Thanks for helping Whisperer. :thumbsup:

Here's the information you requested:

3D Groove Playback Engine
AC3Filter (remove only)
Ad-Aware SE Personal
Adobe Photoshop CS
Adobe Reader 7.0
Agere Systems PCI Soft Modem
AOL Instant Messenger
Audacity 1.2.3
avast! Antivirus
BroadJump Client Foundation
CardRd81
CCHelp
CCScore
Compaq Connections
Compaq Instant Support
Compaq Organize
CR2
DivX Player
DivX Pro Codec Adware
Elecard MPEG-2 Decoder&Streaming Pack
ESSAdpt
ESSANUP
ESSBrwr
ESSCAM
ESSCDBK
ESScore
ESSCT
ESSgui
ESShelp
ESSini
ESSPCD
ESSPDock
ESSSONIC
ESSTUTOR
ESSvpaht
ESSvpot
GoldWave v5.10
GSpot Codec Information Appliance
HighMAT Extension to Microsoft Windows XP CD Writing Wizard
HijackThis 1.99.1
HLPCCTR
HLPIndex
HLPPDOCK
HLPRFO
HP CRT Monitor INF Software 3.30
HP Image Zone 4.2
HP Memories Disc
HP Photo and Imaging 2.0 - Deskjet Series
hp print screen utility
HP PSC & OfficeJet 4.2
HP Software Update
IntelliMover Data Transfer Demo
InterVideo WinDVD Player
iPod for Windows 2006-03-23
iTunes
Java 2 Runtime Environment, SE v1.4.2_03
Java 2 Runtime Environment, SE v1.4.2_04
Kaspersky On-line Scanner
KBD
KC Softwares VideoInspector
Kodak EasyShare software
KSU
LiveUpdate 1.90 (Symantec Corporation)
Logitech MouseWare 9.79.1
Macromedia Flash Player 8
Macromedia Shockwave Player
MEDUSA - Subtitling Station (remove only)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft AntiSpyware
Microsoft Data Access Components KB870669
Microsoft Money 2004
Microsoft Money 2004 System Pack
Microsoft Office XP Professional
Microsoft Works 7.0
Mozilla Firefox (1.5.0.4)
MSN
MSN Messenger 7.5
Nero 6 Ultra Edition
Notifier
OTtBP
OTtBPSDK
Panda ActiveScan
PCDLNCH
PC-Doctor for Windows
PopCap Browser Plugin
PS2
Python 2.2 combined Win32 extensions
Python 2.2.1
Quicken 2004
QuickTime Alternative 1.68 beta
Real Alternative 1.46
RTC Client API v1.2
S3 S3Display
S3 S3Gamma2
S3 S3Info2
S3 S3Overlay
SBC Self Support Tool
SBC Yahoo! Applications
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893066)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918439)
SFR
SFR2
Spybot - Search & Destroy 1.4
SpywareBlaster v3.5.1
Trillian
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB910437)
VCAMCEN
Ventrilo Client
VIA Rhine-Family Fast Ethernet Adapter
VIA/S3G Display Driver
Visual IP InSight(SBC)
VobSub v2.23 (Remove Only)
VPRINTOL
Winamp (remove only)
Windows Genuine Advantage v1.3.0254.0
Windows Installer 3.1 (KB893803)
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893086
Windows XP Service Pack 2
WinRAR archiver
XviD MPEG-4 Video Codec
Yahoo! Anti-Spy
Yahoo! Toolbar

Logfile of HijackThis v1.99.1
Scan saved at 10:31:19 AM, on 6/30/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe
C:\Program Files\Kodak\Kodak EasyShare Software\bin\EasyShare.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [IPInSightLAN 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe" -l
O4 - HKLM\..\Run: [IPInSightMonitor 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe"
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare Software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {072039AB-2117-4ED5-A85F-9B9EB903E021} - http://www.clubbox.co.kr/neo.fld/NowStarter.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {36F46B1E-11B7-4221-B4F7-F1FC9687E7F6} (MBox Control) - http://kr.music.yahoo.com/m_box/component/mbox.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1136565255437
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} -
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

#5 Whisperer

Whisperer

  • Members
  • 405 posts
  • OFFLINE
  •  
  • Local time:08:03 AM

Posted 01 July 2006 - 04:09 PM

Back as soon as I can get my fix approved.

GT :thumbsup:

Edited by Whisperer, 01 July 2006 - 04:10 PM.


#6 Whisperer

Whisperer

  • Members
  • 405 posts
  • OFFLINE
  •  
  • Local time:08:03 AM

Posted 02 July 2006 - 08:24 AM

Thanks Tim,

The computer appears clean of actual malware BUT has some loopholes that need to be addressed, there are also a couple of programs that use more than their fair share of your resources and some of the programs that are installed are also questionable. We will start by making your computer more secure and then carry out two scans to remove detectable malware and rubbish, finishing with a new HJT log.
  • I do not see any obvious firewall installed. If you only have the Microsoft Firewall running then be advised that this is a one-way protection in that it 'prevents' incoming malware but does not prevent anything already on your computer from 'phoning home'. If this is the case then I can not stress too much how important this is in your protection against malware. There are many paid and free versions available for your use but in the interim I would suggest that you install the following free program
  • Your Java installation is out of date as the current release is Update 7.
  • Use Add or Remove programs to remove the following files.
    • Java 2 Runtime Environment, SE v1.4.2_03
    • Java 2 Runtime Environment, SE v1.4.2_04
    We will now do a basic clean of the computer using CCleaner and Ewido
  • Download CCleaner
    • Select the Download Latest Version link (top of green column) and save to your desktop
    • Right-click the ccsetup127.exe file on your desktop and select Open
    • Follow the on-screen instructions through to the Install Options page. I suggest you only retain the following 2 options
      • Add Desktop Shortcut
      • Automatically check for updates etc…
    • Click Install
      To setup CCleaner
    • Click on the CCleaner icon on your desktop.
    • From the menu on the left select Options
    • Now select Advanced. On the right remove the check against Only delete files in Windows Temp folders older than 48 hours.
    • Select Cookies. When CCleaner is run it will remove all of the cookies in the left window; if there are cookies that you wish to retain then select them and transfer them to the right window. Multiple selections can be made by holding down the Ctrl key before selecting.
    • Select Cleaner from the left menu and the Windows tab
      • Under Internet Explorer place ticks in all but the last box
      • Under Windows Explorer tick the last two only
      • Under System tick all boxes
      • There is no need to tick anything under Advanced
    • From the menu on the left click on Analyze
    • When the analysis is complete, click on Run Cleaner and OK at the next screen.
    • Close CCleaner
  • Now download the Ewido security suite here the suite is fully functional on a trial basis
    • When installing, under Additional Options REMOVE the checks on Install background guard and Install scan via context menu
    • Launch ewido, there should be a big e icon on your desktop, double-click it.
    • The program will prompt you to update; click the "OK" button. The program will now go to the main screen
    • On the left hand side of the main screen click Update and then click Start update
    • The update will start and a progress bar will show the updates being installed.
    • When the update has completed click on scanner
      • Click on Settings
      • Confirm that all check boxes are ticked
      • and scan every file is selected
      • Click OK
    • Exit ewido for now.

    I suggest that you print out the following instructions or highlight the remainder and save to a WordPad file on your desktop as you will no longer have an internet connection until we have finished this phase of the clean up
  • Physically disconnect your computer from the internet by unplugging the lead.
  • Reboot the computer into safe mode using a clean boot sequence
    • Select the Start button and Turn Off Computer
    • Select the Turn Off option, when the computer has shut down switch off the power supply.
    • After 10 seconds, restore the power supply and switch on the computer
      • Some computers have a progress bar that refers to the word BIOS. Others may not let you know what is happening.
      • As soon as the BIOS loads, or a single Beep is heard then begin tapping the F8 key on your keyboard. Do so until the Windows Advanced Options menu appears.
      • If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. If this happens, restart the computer and try again.
      • Using the arrow keys on the keyboard, select Safe mode and then press Enter.
    • When in Safe mode you will have your desktop with the word ‘Safe’ in the 4 corners.
  • To reduce the chance of AntiSpyware interfering with the fixes, please stop all antispyware on your computer. If you right-click on the icon in the systems tray you will find an option to ‘exit’. When you reboot, this will all return to normal.
  • I would now like you to run the Ewido program
    • Close all open windows/programs/folders. Have nothing else open while ewido performs its scan!
    • Open the programme by clicking on the large e
      • Click on the scanner button
      • Select Complete system scan and let the program scan the machine
    • If Ewido finds anything, it will pop up a notification.
      NOTE: Occasionally, ewido may produce a false positive, so we need to step through the fixes one-by-one. If ewido finds something that you KNOW is legitimate, for example... somthing related to your antivirus software, your ISP, or a recognized program - in
      particular keep watch for alerts that have the word "Heuristic" in them - if you recognize the file name as "friendly," these may actually be false positives, select "none" as the action. DO NOT check "Perform action with all infections." If you are unsure of an entry, select none for the time being. I'll see that in the log you will post later and will let you know if ewido needs to be run again.
    • Click on the Save Report button at the bottom of the screen and save the file to the desktop.
    • Repeat the scan until there is no detected malware
    • When you have the clean result from Ewido Exit Ewido
  • That will do for starters so please post the following information
    • The Ewido report
    • A new HijackThis log
GT :thumbsup:

#7 hithereitstim

hithereitstim
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:02:03 AM

Posted 02 July 2006 - 11:25 AM

Thanks again helping Whisperer.

I'll download the firewall on my account.

Here are the logs you requested:
---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 11:17:57 AM 7/2/2006

+ Scan result:



:mozilla.100:C:\Documents and Settings\Tracey\Application Data\Mozilla\Firefox\Profiles\qs6c48tb.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.101:C:\Documents and Settings\Tracey\Application Data\Mozilla\Firefox\Profiles\qs6c48tb.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.102:C:\Documents and Settings\Tracey\Application Data\Mozilla\Firefox\Profiles\qs6c48tb.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.98:C:\Documents and Settings\Tracey\Application Data\Mozilla\Firefox\Profiles\qs6c48tb.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.99:C:\Documents and Settings\Tracey\Application Data\Mozilla\Firefox\Profiles\qs6c48tb.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.113:C:\Documents and Settings\Tracey\Application Data\Mozilla\Firefox\Profiles\qs6c48tb.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.243:C:\Documents and Settings\Tracey\Application Data\Mozilla\Firefox\Profiles\qs6c48tb.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.244:C:\Documents and Settings\Tracey\Application Data\Mozilla\Firefox\Profiles\qs6c48tb.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.245:C:\Documents and Settings\Tracey\Application Data\Mozilla\Firefox\Profiles\qs6c48tb.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.246:C:\Documents and Settings\Tracey\Application Data\Mozilla\Firefox\Profiles\qs6c48tb.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.247:C:\Documents and Settings\Tracey\Application Data\Mozilla\Firefox\Profiles\qs6c48tb.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.237:C:\Documents and Settings\Tracey\Application Data\Mozilla\Firefox\Profiles\qs6c48tb.default\cookies.txt -> TrackingCookie.Adserver : Cleaned.
:mozilla.238:C:\Documents and Settings\Tracey\Application Data\Mozilla\Firefox\Profiles\qs6c48tb.default\cookies.txt -> TrackingCookie.Adserver : Cleaned.
:mozilla.21:C:\Documents and Settings\Tracey\Application Data\Mozilla\Firefox\Profiles\qs6c48tb.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.20:C:\Documents and Settings\Tracey\Application Data\Mozilla\Firefox\Profiles\qs6c48tb.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.131:C:\Documents and Settings\Tracey\Application Data\Mozilla\Firefox\Profiles\qs6c48tb.default\cookies.txt -> TrackingCookie.Centrport : Cleaned.
:mozilla.108:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\fx2q0yux.Tim\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.60:C:\Documents and Settings\Tracey\Application Data\Mozilla\Firefox\Profiles\qs6c48tb.default\cookies.txt -> TrackingCookie.Com : Cleaned.
C:\Documents and Settings\Tracey\Cookies\tracey@com[1].txt -> TrackingCookie.Com : Cleaned.
:mozilla.140:C:\Documents and Settings\Tracey\Application Data\Mozilla\Firefox\Profiles\qs6c48tb.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.141:C:\Documents and Settings\Tracey\Application Data\Mozilla\Firefox\Profiles\qs6c48tb.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.142:C:\Documents and Settings\Tracey\Application Data\Mozilla\Firefox\Profiles\qs6c48tb.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.143:C:\Documents and Settings\Tracey\Application Data\Mozilla\Firefox\Profiles\qs6c48tb.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.144:C:\Documents and Settings\Tracey\Application Data\Mozilla\Firefox\Profiles\qs6c48tb.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.187:C:\Documents and Settings\Tracey\Application Data\Mozilla\Firefox\Profiles\qs6c48tb.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.114:C:\Documents and Settings\Tracey\Application Data\Mozilla\Firefox\Profiles\qs6c48tb.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.115:C:\Documents and Settings\Tracey\Application Data\Mozilla\Firefox\Profiles\qs6c48tb.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.116:C:\Documents and Settings\Tracey\Application Data\Mozilla\Firefox\Profiles\qs6c48tb.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.191:C:\Documents and Settings\Tracey\Application Data\Mozilla\Firefox\Profiles\qs6c48tb.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.130:C:\Documents and Settings\Tracey\Application Data\Mozilla\Firefox\Profiles\qs6c48tb.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.209:C:\Documents and Settings\Tracey\Application Data\Mozilla\Firefox\Profiles\qs6c48tb.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.210:C:\Documents and Settings\Tracey\Application Data\Mozilla\Firefox\Profiles\qs6c48tb.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.211:C:\Documents and Settings\Tracey\Application Data\Mozilla\Firefox\Profiles\qs6c48tb.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.212:C:\Documents and Settings\Tracey\Application Data\Mozilla\Firefox\Profiles\qs6c48tb.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.216:C:\Documents and Settings\Tracey\Application Data\Mozilla\Firefox\Profiles\qs6c48tb.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.217:C:\Documents and Settings\Tracey\Application Data\Mozilla\Firefox\Profiles\qs6c48tb.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.219:C:\Documents and Settings\Tracey\Application Data\Mozilla\Firefox\Profiles\qs6c48tb.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.64:C:\Documents and Settings\Tracey\Application Data\Mozilla\Firefox\Profiles\qs6c48tb.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.65:C:\Documents and Settings\Tracey\Application Data\Mozilla\Firefox\Profiles\qs6c48tb.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.66:C:\Documents and Settings\Tracey\Application Data\Mozilla\Firefox\Profiles\qs6c48tb.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.67:C:\Documents and Settings\Tracey\Application Data\Mozilla\Firefox\Profiles\qs6c48tb.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.68:C:\Documents and Settings\Tracey\Application Data\Mozilla\Firefox\Profiles\qs6c48tb.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.69:C:\Documents and Settings\Tracey\Application Data\Mozilla\Firefox\Profiles\qs6c48tb.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.71:C:\Documents and Settings\Tracey\Application Data\Mozilla\Firefox\Profiles\qs6c48tb.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.72:C:\Documents and Settings\Tracey\Application Data\Mozilla\Firefox\Profiles\qs6c48tb.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.73:C:\Documents and Settings\Tracey\Application Data\Mozilla\Firefox\Profiles\qs6c48tb.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.


::Report end

Logfile of HijackThis v1.99.1
Scan saved at 11:24:33 AM, on 7/2/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe
C:\Program Files\Kodak\Kodak EasyShare Software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [IPInSightLAN 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe" -l
O4 - HKLM\..\Run: [IPInSightMonitor 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe"
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare Software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {072039AB-2117-4ED5-A85F-9B9EB903E021} - http://www.clubbox.co.kr/neo.fld/NowStarter.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {36F46B1E-11B7-4221-B4F7-F1FC9687E7F6} (MBox Control) - http://kr.music.yahoo.com/m_box/component/mbox.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1136565255437
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} -
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

#8 Whisperer

Whisperer

  • Members
  • 405 posts
  • OFFLINE
  •  
  • Local time:08:03 AM

Posted 03 July 2006 - 12:12 PM

Ewido has done its job - working on the logs now
GT :thumbsup:

#9 Whisperer

Whisperer

  • Members
  • 405 posts
  • OFFLINE
  •  
  • Local time:08:03 AM

Posted 07 July 2006 - 04:03 PM

Hi Tim,

I can not see a Firewall in the log, did it get overlooked?
  • I would like you to start by ensuring that any hidden and system files are visible.
  • Select the Start button and from the available options
  • Right-click the My Computer option.
  • Select Explore from the drop-down menu
  • Select the Tools menu and click Folder Options. from the new window
  • Select the View Tab.
  • Under the Hidden files and folders heading select Show hidden files and folders by clicking in the check-box to its left
  • Remove the check against Hide protected operating system files (recommended) option, again by clicking the check-box to its left.
  • Click Yes to confirm.
  • Click OK.
  • Windows does not search for hidden or system files by default so
  • Click the Start button and select Search choosing For Files or Folders
  • From the dialogue box select All files and folders and at the bottom select More Advanced Options
  • Place selection ticks in the check-boxes for
  • Search system folders
  • Search hidden files and folders
  • Search subfolders
[*]Now I would like you to do a search for a file so scroll to the top and enter ccHelp.hta in the top search box. It may not find the file but if it does make a note of the files path.
[*]Close the search dialogue box
[/list][*]Next I would like you to remove some of the programs that have been installed on the computer. I stress that these are recommended fixes and as such are entirely optional.
  • Click Start, select Control Panel and then Add or Remove Programs
  • Locate each of the following programs, click on them and select Remove . Do not worry if any of them are missing. This next one contains Adware, were you aware of this, if you are happy then ignore it
  • DivX Pro Codec Adware

    These two are old Java installations and as such are vulnerable to attack
  • Java 2 Runtime Environment, SE v1.4.2_03
  • Java 2 Runtime Environment, SE v1.4.2_04

    This one depends upon the results of the search, if you found ccHelp.hta then remove this one as well
  • ccHelp
[*]With all other windows closed, start your HijackThis and click on Scan
  • Click in the check-box to the left of each of the following entries, if found
    • The Kodak updater software is often used by hackers so it is recommended that you update manually rather than using this facility
    • O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe

      These three are resource hogs and optional removals
    • O4 - HKLM\..\Run: [IPInSightMonitor 02] "C:\Program Files\Visual Networks\Visual IP
    • O4 - HKLM\..\Run: [IPInSightLAN 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe" -l
    • O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

      Finally these links are Adware/Popup related
    • O16 - DPF: {072039AB-2117-4ED5-A85F-9B9EB903E021} - http://www.clubbox.co.kr/neo.fld/NowStarter.cab
    • O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} -
  • Select Fix Checked
[*]There is one program that I can not find any information on and that is ccScore, if you know anything about it please advise me. It just could be related to ccHelp
[*]Please post
  • A fresh HijackThis log
  • Comment on how the computer is now behaving
  • Information about ccHelp.hta and anything that you know about ccScore
[/list]GT :thumbsup:

#10 hithereitstim

hithereitstim
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:02:03 AM

Posted 08 July 2006 - 10:24 AM

Well this is my sister's account and I'm hesitant to install anything on hers so I was going to wait until we were done cleaning to install a firewall. The only running firewall I current have is the Windows one.

Hmmm I haven't had any problems with the DivX Codec and I think I need it to view some of my videos.

I removed the Java apps the last time you told me to do so and they aren't in the Remove list anymore.

I didn't find ccHelp.hta in the Search and I have no idea what that or ccScore are.

Actually, my computer has been behaving really well for the last month. I guess that link that my sister clicked on had nothing bad related. It's still good to get a check up though. :thumbsup:

Here's the HJT log:
Logfile of HijackThis v1.99.1
Scan saved at 10:23:11 AM, on 7/8/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe
C:\Program Files\Kodak\Kodak EasyShare Software\bin\EasyShare.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare Software\bin\EasyShare.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {36F46B1E-11B7-4221-B4F7-F1FC9687E7F6} (MBox Control) - http://kr.music.yahoo.com/m_box/component/mbox.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1136565255437
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

#11 Whisperer

Whisperer

  • Members
  • 405 posts
  • OFFLINE
  •  
  • Local time:08:03 AM

Posted 09 July 2006 - 07:45 AM

Hi Tim,

Clean Log

The computer is clean so go get that Firewall installed! Switch the Microsoft Firewall off once you have another installed. Now it is just a tidy up that is required.
  • Run CCleaner again to remove any loose ends
  • Next we make sure that any files in a System Restore point can not reinfect your computer by removing all old system restore points.
    • Select the Start button and from the available options
    • Right-click the My Computer option and select Properties.
    • Click on the System Restore tab.
    • Check the box against Turn off System Restore on all drives. Click OK
    • Click Yes to confirm, then restart the computer
    • After the restart, re-enable System Restore by following steps a-c, but in step c, click to clear the Turn off System Restore on all drives. check box.
  • Restore your Hidden & System files to their normal state by
    • Select the Start button and from the available options
    • Right-click the My Computer option.
    • Select Explore from the drop-down menu
    • Select the Tools menu and click Folder Options. from the new window
    • Select the View Tab.
    • Under the Hidden files and folders heading remove the tick from Show hidden files and folders by clicking in the check-box to its left
    • Replace the check against Hide protected operating system files (recommended) option, again by clicking the check-box to its left.
    • Click Yes to confirm.
    • Click OK.
  • Finally, HijackThis makes backups of all corrections made in a sub-folder of your HJT folder called Backups. Please navigate to this Backups folder and delete the contents
Preventative measures
  • Please retain the Ewido program and run it at regular intervals after updating it. When the trial period is up it will still retain most of its functionality
  • In addition I would suggest that you install the following 3 free programs, keep these updated as they are background tools
    • SpywareBlaster - Excellent prevention tool to keep Malware from installing on your system.
    • SpywareGuard provides a shield against infection
    • IE-SpyAd puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all. A tutorial is available here
  • Windows Updates – It is very important to ensure that Internet Explorer and Windows are kept up to date with the latest critical security patches from Microsoft. Click on the Start button and select Windows Update, follow the online instructions from there.
  • On a similar vein do ensure that all of your Anti-Virus and Anti-Malware software are also kept up to date.
  • To find out more information about how you got infected in the first place and some excellent guide lines to follow to prevent future infections you should read this by Lawrence Abrams
Best wishes and safe surfing
GT :thumbsup:

#12 hithereitstim

hithereitstim
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:02:03 AM

Posted 11 July 2006 - 09:29 AM

All done!

Thanks so much Whisperer. :thumbsup:




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users