Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HJT Log jim


  • This topic is locked This topic is locked
12 replies to this topic

#1 Mitch1

Mitch1

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:15 AM

Posted 02 January 2005 - 09:52 AM

I had the same problem as Timothy and followed your instructions, things are running much smoother, but would you look at my log file and let me know what you think. Thanks, Jim


Logfile of HijackThis v1.99.0
Scan saved at 8:45:45 AM, on 01/02/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Roxio\GoBack\GBPoll.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Microsoft SQL Server\MSSQL$ACT7\Binn\sqlservr.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Online Backup\OnlineBackup.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\AIM\aim.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\Roxio\GoBack\GBTray.exe
C:\Palm\HOTSYNC.EXE
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\system32\winlogon.exe
C:\PROGRA~1\Grisoft\AVG7\avgw.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
C:\DOCUME~1\JIMMIT~1\LOCALS~1\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://channels.aimtoday.com/search/aimtoolbar.jsp
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://forums.jlconline.com/forums/forumdisplay.php?f=3
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Act.UI.InternetExplorer.Plugins.AttachFile.CAttachFile - {D5233FCD-D258-4903-89B8-FB1568E7413D} - mscoree.dll (file missing)
O4 - HKLM\..\Run: [@BackupScheduler] C:\Program Files\Online Backup\OnlineBackup.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: GoBack.lnk = C:\Program Files\Roxio\GoBack\GBTray.exe
O4 - Global Startup: HotSync Manager.lnk = C:\Palm\HOTSYNC.EXE
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: Attach Web page to ACT! contact - {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - mscoree.dll (file missing)
O9 - Extra 'Tools' menuitem: Attach Web page to ACT! contact... - {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - mscoree.dll (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://imgfarm.com/images/nocache/funwebpr...etup1.0.0.8.cab
O16 - DPF: {4125262D-2E47-11D3-9387-00C04F5B12B1} (WRXCtl Class) - https://secure10.backup.com/downloads/WRX.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1104634192596
O16 - DPF: {9184D21C-9835-42C5-A883-EA8BE7FC048D} (Downloader Class) - http://www.shop.intuit.com/commerce/accoun...bles/ie/IDA.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{297E29DF-098B-4142-9787-6E0FADECFB1C}: NameServer = 69.154.14.10 69.154.14.23
O17 - HKLM\System\CS1\Services\Tcpip\..\{297E29DF-098B-4142-9787-6E0FADECFB1C}: NameServer = 69.154.14.10 69.154.14.23
O23 - Service: AVG7 Alert Manager Server - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: GBPoll - Roxio, Inc. - C:\Program Files\Roxio\GoBack\GBPoll.exe
O23 - Service: Kodak Camera Connection Software - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: ScsiAccess - Unknown - C:\WINDOWS\System32\ScsiAccess.EXE
O23 - Service: ZipToA - Iomega Corporation - C:\WINDOWS\System32\ZipToA.exe

BC AdBot (Login to Remove)

 


#2 penmore

penmore

    Malware Sniffer


  • Members
  • 757 posts
  • OFFLINE
  •  
  • Location:West Coast of Scotland
  • Local time:01:15 PM

Posted 02 January 2005 - 10:41 AM

Hi jim@capbuilding.com,

There are a few things that need tidying up in your log but before we do that I would like you to move HijackThis from its current temp folder.
  • You are running HijackThis from a temporary folder. When run from a temporary folder, the backups HijackThis
    makes may accidentally get deleted, so please put HijackThis into a permanent folder.
    Full instructions on how to do this can be found here:Detailed Explanation
    Brief instructions to create a permanent folder are:
    • Click My Computer, then C:\
    • In the menu bar, File->New->Folder.
    • That will create a folder named New Folder, which you can rename to "HJT" or "HijackThis".
    • Now you have C:\HJT\ folder.
    • Put your HijackThis.exe there.
  • Run HijackThis and post a new log here for review using the Add Reply button.


#3 Mitch1

Mitch1
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:15 AM

Posted 05 January 2005 - 03:01 PM

Revised Log file

Logfile of HijackThis v1.99.0
Scan saved at 1:57:56 PM, on 01/05/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Roxio\GoBack\GBPoll.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Microsoft SQL Server\MSSQL$ACT7\Binn\sqlservr.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Online Backup\OnlineBackup.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\AIM\aim.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\Roxio\GoBack\GBTray.exe
C:\Palm\HOTSYNC.EXE
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
C:\Program Files\Microsoft Office\Office\WINWORD.EXE
C:\Program Files\ACT\act.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://channels.aimtoday.com/search/aimtoolbar.jsp
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://forums.jlconline.com/forums/forumdisplay.php?f=3
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Act.UI.InternetExplorer.Plugins.AttachFile.CAttachFile - {D5233FCD-D258-4903-89B8-FB1568E7413D} - mscoree.dll (file missing)
O4 - HKLM\..\Run: [@BackupScheduler] C:\Program Files\Online Backup\OnlineBackup.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: GoBack.lnk = C:\Program Files\Roxio\GoBack\GBTray.exe
O4 - Global Startup: HotSync Manager.lnk = C:\Palm\HOTSYNC.EXE
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: Attach Web page to ACT! contact - {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - mscoree.dll (file missing)
O9 - Extra 'Tools' menuitem: Attach Web page to ACT! contact... - {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - mscoree.dll (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://imgfarm.com/images/nocache/funwebpr...etup1.0.0.8.cab
O16 - DPF: {4125262D-2E47-11D3-9387-00C04F5B12B1} (WRXCtl Class) - https://secure10.backup.com/downloads/WRX.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1104634192596
O16 - DPF: {9184D21C-9835-42C5-A883-EA8BE7FC048D} (Downloader Class) - http://www.shop.intuit.com/commerce/accoun...bles/ie/IDA.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{297E29DF-098B-4142-9787-6E0FADECFB1C}: NameServer = 69.154.14.10 69.154.14.23
O17 - HKLM\System\CS1\Services\Tcpip\..\{297E29DF-098B-4142-9787-6E0FADECFB1C}: NameServer = 69.154.14.10 69.154.14.23
O23 - Service: AVG7 Alert Manager Server - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: GBPoll - Roxio, Inc. - C:\Program Files\Roxio\GoBack\GBPoll.exe
O23 - Service: Kodak Camera Connection Software - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: ScsiAccess - Unknown - C:\WINDOWS\System32\ScsiAccess.EXE
O23 - Service: ZipToA - Iomega Corporation - C:\WINDOWS\System32\ZipToA.exe

#4 penmore

penmore

    Malware Sniffer


  • Members
  • 757 posts
  • OFFLINE
  •  
  • Location:West Coast of Scotland
  • Local time:01:15 PM

Posted 06 January 2005 - 08:40 AM

Hello jim@capbuilding.com,

I'm not familiar with Timothy's problems or how you fixed it on your machine. If you can let me know when you reply this will help me better understand what we are trying to do. You have an IP address in the O17 entry for SBC Internet Services - Southwest and I'm assuming that this is you ISP, please let me know if it isnt. It may be easier if you print these instructions as you won't have access to the Internet in Safe mode. Please carry out the following:
  • Download System Security Suite here:
    System Security Suite Download & Tutorial. Unzip it to your desktop.
    Install the program. Don't use it yet.

  • Reboot your computer into Safe Mode.

  • Run HijackThis
    Click on the Scan button and when complete
    Put a check beside all of the items listed belowOptional RemoveO4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE Resource hog that launches common MS Office components to help speed up the launch of Office programs. There are doubts that there is any difference with it loaded.
    Close all open Explorer windows and browsers
    Click on the "Fix Checked" button
    When complete and all files removed, close the application.

  • Close all windows and browsers that are open.
    Clean out Temporary Folders and Temporary Internet Files as follows:
    • Open System Security Suite I had you download earlier.
    • In the Items to Clear tab check:
      - Internet Explorer (left pane): Cookies & Temporary files
      - My Computer (right pane): Temporary files & Recycle Bin
    Click the Clear Selected Items button.
    Close the program.

  • Reboot your machine in normal mode.

  • Please download and run Ad-Aware and SpybotS&D to remove any lingering malware infections on your machine.

    Download Spybot and Ad-Aware from the following locations and install them. You should run both programs and clean up what they find. This is to gaurantee that you find the most malware you can installed on your computer.Download both programs from the following locations:Spybot Search and Destroy
    Ad-aware Personal SE
    Before running the scans on both programs, it is mandatory that you update the programs. There are update options in each program when you run them.

    If you would like to learn more about how to use these two programs with the proper settings you can read the tutorials below:Using Ad-aware to remove Spyware, Malware, & Hijackers from Your Computer.

    Using Spybot - Search & Destroy to remove Spyware, Malware, & Hijackers from Your Computer.
    When you scan with both programs, fix everything that they find.
[*]Reboot your machine, run HijackThis and post a new log here using the Add Reply button. Please include details of your previous infection and your fix for it.
[/list]

#5 Mitch1

Mitch1
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:15 AM

Posted 06 January 2005 - 05:12 PM

Here are my log files with one attached and another attached to a different post, I also added my AVG log as it shows that I have a virus and I wanted your suggestions on how to remove it



ADAWARE
ArchiveData(auto-quarantine- 2005-01-06 15-30-57.bckp)
Referencefile : SE1R24 29.12.2004
======================================================

TRACKING COOKIE

obj[0]=IECache Entry : C:\Documents and Settings\Beth\Cookies\beth@ads.pointroll[2].txt
obj[1]=IECache Entry : C:\Documents and Settings\Beth\Cookies\beth@atdmt[2].txt
obj[2]=IECache Entry : C:\Documents and Settings\Jacy\Cookies\jacy@2o7[2].txt
obj[3]=IECache Entry : C:\Documents and Settings\Jacy\Cookies\jacy@advertising[1].txt
obj[4]=IECache Entry : C:\Documents and Settings\Jacy\Cookies\jacy@atdmt[2].txt
obj[5]=IECache Entry : C:\Documents and Settings\Jacy\Cookies\jacy@cgi-bin[1].txt
obj[6]=IECache Entry : C:\Documents and Settings\Jacy\Cookies\jacy@counter12.sextracker[1].txt
obj[7]=IECache Entry : C:\Documents and Settings\Jacy\Cookies\jacy@counter14.sextracker[1].txt
obj[8]=IECache Entry : C:\Documents and Settings\Jacy\Cookies\jacy@counter7.sextracker[1].txt
obj[9]=IECache Entry : C:\Documents and Settings\Jacy\Cookies\jacy@cs.sexcounter[2].txt
obj[10]=IECache Entry : C:\Documents and Settings\Jacy\Cookies\jacy@paycounter[1].txt
obj[11]=IECache Entry : C:\Documents and Settings\Jacy\Cookies\jacy@servedby.advertising[2].txt
obj[12]=IECache Entry : C:\Documents and Settings\Jacy\Cookies\jacy@sextracker[2].txt
obj[13]=IECache Entry : C:\Documents and Settings\Jordan\Cookies\jordan@ads.addynamix[1].txt
obj[14]=IECache Entry : C:\Documents and Settings\Jordan\Cookies\jordan@atdmt[2].txt
obj[15]=IECache Entry : C:\Documents and Settings\Jordan\Cookies\jordan@centrport[1].txt
obj[16]=IECache Entry : C:\Documents and Settings\Jordan\Cookies\jordan@doubleclick[1].txt
obj[17]=IECache Entry : C:\Documents and Settings\Jordan\Cookies\jordan@fastclick[2].txt
obj[18]=IECache Entry : C:\Documents and Settings\Jordan\Cookies\jordan@realmedia[2].txt
obj[19]=IECache Entry : C:\Documents and Settings\Jordan\Cookies\jordan@servedby.advertising[2].txt
obj[20]=IECache Entry : C:\Documents and Settings\Jordan\Cookies\jordan@tribalfusion[1].txt
obj[21]=IECache Entry : C:\Documents and Settings\Jordan\Local Settings\Temp\Cookies\jordan@ads.pointroll[2].txt
obj[22]=IECache Entry : C:\Documents and Settings\Jordan\Local Settings\Temp\Cookies\jordan@advertising[1].txt
obj[23]=IECache Entry : C:\Documents and Settings\Jordan\Local Settings\Temp\Cookies\jordan@atdmt[2].txt
obj[24]=IECache Entry : C:\Documents and Settings\Jordan\Local Settings\Temp\Cookies\jordan@realmedia[1].txt
obj[25]=IECache Entry : C:\Documents and Settings\Jordan\Local Settings\Temp\Cookies\jordan@servedby.advertising[2].txt
obj[26]=IECache Entry : C:\Documents and Settings\Jordan\Local Settings\Temp\Cookies\jordan@tribalfusion[1].txt
obj[27]=IECache Entry : C:\Documents and Settings\Lauren\Cookies\lauren@advertising[1].txt
obj[28]=IECache Entry : C:\Documents and Settings\Lauren\Cookies\lauren@atdmt[2].txt
obj[29]=IECache Entry : C:\Documents and Settings\Lauren\Cookies\lauren@bluestreak[2].txt
obj[30]=IECache Entry : C:\Documents and Settings\Lauren\Cookies\lauren@centrport[1].txt
obj[31]=IECache Entry : C:\Documents and Settings\Lauren\Cookies\lauren@doubleclick[1].txt
obj[32]=IECache Entry : C:\Documents and Settings\Lauren\Cookies\lauren@realmedia[1].txt
obj[33]=IECache Entry : C:\Documents and Settings\Lauren\Cookies\lauren@servedby.advertising[2].txt
obj[34]=IECache Entry : C:\Documents and Settings\Lauren\Cookies\lauren@tribalfusion[1].txt
obj[35]=IECache Entry : C:\Documents and Settings\Lauren\Cookies\lauren@z1.adserver[1].txt





Logfile of HijackThis v1.99.0
Scan saved at 4:11:50 PM, on 01/06/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Roxio\GoBack\GBPoll.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Microsoft SQL Server\MSSQL$ACT7\Binn\sqlservr.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Online Backup\OnlineBackup.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\AIM\aim.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\Roxio\GoBack\GBTray.exe
C:\Palm\HOTSYNC.EXE
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\ACT\act.exe
C:\Program Files\Adobe\Acrobat 5.0\Acrobat\Acrobat.exe
C:\Program Files\Common Files\Adobe\Web\AOM.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://forums.jlconline.com/forums/forumdisplay.php?f=3
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [@BackupScheduler] C:\Program Files\Online Backup\OnlineBackup.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl
O4 - Global Startup: GoBack.lnk = C:\Program Files\Roxio\GoBack\GBTray.exe
O4 - Global Startup: HotSync Manager.lnk = C:\Palm\HOTSYNC.EXE
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: Attach Web page to ACT! contact - {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - mscoree.dll (file missing)
O9 - Extra 'Tools' menuitem: Attach Web page to ACT! contact... - {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - mscoree.dll (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {4125262D-2E47-11D3-9387-00C04F5B12B1} (WRXCtl Class) - https://secure10.backup.com/downloads/WRX.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1104634192596
O16 - DPF: {9184D21C-9835-42C5-A883-EA8BE7FC048D} (Downloader Class) - http://www.shop.intuit.com/commerce/accoun...bles/ie/IDA.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{297E29DF-098B-4142-9787-6E0FADECFB1C}: NameServer = 69.154.14.10 69.154.14.23
O17 - HKLM\System\CS1\Services\Tcpip\..\{297E29DF-098B-4142-9787-6E0FADECFB1C}: NameServer = 69.154.14.10 69.154.14.23
O23 - Service: AVG7 Alert Manager Server - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: GBPoll - Roxio, Inc. - C:\Program Files\Roxio\GoBack\GBPoll.exe
O23 - Service: ScsiAccess - Unknown - C:\WINDOWS\System32\ScsiAccess.EXE

Attached Files



#6 Mitch1

Mitch1
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:15 AM

Posted 06 January 2005 - 05:14 PM

AVG file attached

Attached Files



#7 penmore

penmore

    Malware Sniffer


  • Members
  • 757 posts
  • OFFLINE
  •  
  • Location:West Coast of Scotland
  • Local time:01:15 PM

Posted 07 January 2005 - 10:14 AM

Hello jim@capbuilding.com,

Thanks for getting back to me with the logs. It appears that you are running multiple users on this machine so to remove the temporary files that are showing in your AVG log you need to log on to the Jacy account and run the System Security Suite as per the instructions I gave you in an earlier post. That should clear the Java/ByteVerify files from that temporary location. Once you have run that use Windows Explorer and navigate to the Temporary folder that is listed in the AVG report and make sure it is clear.

Then open AVG by clicking on the Desktop Icon and click on the Virus Vault button. Using the Action link on the top menu bar you should be able to empty the vault.

Reboot your machine and log back onto the Jacy account and do a full scan to check if it has gone.


With respect to the DSO Exploit showing on the Sybot report please read the following Self Help Guide and make sure you have the latest updates, then you will be protected.


It would still be helpful if you could let me know what the original infection was and how you fixed it.


Run HijackThis and post a new log here, letting me know if you have cleared the Java/ByteVerify files and information about the original infection.

#8 Mitch1

Mitch1
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:15 AM

Posted 10 January 2005 - 11:04 AM

Hi Penmore
I apoligize thet I am not sure how to use the quote function

Quote Penmore:
I'm not familiar with Timothy's problems or how you fixed it on your machine. If you can let me know when you reply this will help me better understand what we are trying to do.

the problem that Timothy posted which is was the same problem I had originally posted about:
I keep getting in the Win task manager WinServSuit and WinserveAd running..
they keep trying to load until I am depleted of memory.

The instructions for that were:
Please uninstall from Add\Remove Programs:
TSA
Windows ServeAd

Using Ad-Aware SE to remove Spyware & Hijackers from Your Computer


Download System Security Suite here:
System Security Suite Download & Tutorial. Unzip it to your desktop.
Install the program. Don't use it yet.

Download, install and UPDATE SpyBot Search & Destroy.
Using Spybot - Search & Destroy to remove Spyware from Your Computer


Download, install and update Spyware Blaster.
Using SpywareBlaster to protect your computer from Spyware, Hijackers, and Malware

REBOOT into SafeMode by tapping F8 key repeatedly at bootup: Starting your computer in Safe mode

Run AdAware, press the "Start" button, uncheck "Scan for negligible risk entries", select "Perform full system scan" and press "Next". Let AdAware remove anything it finds.

Run SpyBot Search & Destroy and remove anything it finds.

With all windows and browsers closed.
Clean out temporary and Temporary Internet Files.
A. Open System Security Suite.
B. In the Items to Clear tab thick:
- Internet Explorer (left pane): Cookies & Temporary files
- My Computer (right pane): Temporary files & Recycle Bin
Press the Clear Selected Items button.
Close the program.

REBOOT normally.

! This is very important !: Update your Windows. Doing this will make your computer more secure. Please visit Windows Update (follow this link: http://www.windowsupdate.com) to update Windows. Follow the instructions on the screen. You may have to visit more then once Windows Update to install all updates.
Not updating Windows will leave your computer vulnerable to malware and attacks.


Update Sun Java: latest version = J2SE v 1.4.2_06 JRE - http://java.sun.com/j2se/1.4.2/download.html

After the installation of the last update make sure you REBOOT the computer, run HijackThis again and post a new log please.

This post has been edited by cryo on Dec 23 2004, 05:49 AM




This was wonderful it not only fixed the problem but my computer ran so much faster. With adaware I found hundreds of bugs.


Logfile of HijackThis v1.99.0
Scan saved at 9:37:50 AM, on 01/10/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Roxio\GoBack\GBPoll.exe
C:\Program Files\Microsoft SQL Server\MSSQL$ACT7\Binn\sqlservr.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Online Backup\OnlineBackup.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\AIM\aim.exe
C:\Program Files\Roxio\GoBack\GBTray.exe
C:\Palm\HOTSYNC.EXE
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Outlook Express\msimn.exe
C:\WINDOWS\system32\winlogon.exe
C:\Program Files\ACT\act.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\PROGRA~1\ACT\ActEmail.exe
C:\WINDOWS\system32\winlogon.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Program Files\Microsoft Office\Office\WINWORD.EXE
C:\Program Files\Internet Explorer\Iexplore.exe
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://forums.jlconline.com/forums/forumdisplay.php?f=3
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Google.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://forums.jlconline.com/forums/forumdisplay.php?f=3
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [@BackupScheduler] C:\Program Files\Online Backup\OnlineBackup.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\RunOnce: [MicrosoftAntiSpywareCleaner] C:\Program Files\Microsoft AntiSpyware\gcASCleaner.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl
O4 - Global Startup: GoBack.lnk = C:\Program Files\Roxio\GoBack\GBTray.exe
O4 - Global Startup: HotSync Manager.lnk = C:\Palm\HOTSYNC.EXE
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: Attach Web page to ACT! contact - {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - mscoree.dll (file missing)
O9 - Extra 'Tools' menuitem: Attach Web page to ACT! contact... - {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - mscoree.dll (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=34738&clcid=0x409
O16 - DPF: {4125262D-2E47-11D3-9387-00C04F5B12B1} (WRXCtl Class) - https://secure10.backup.com/downloads/WRX.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1104634192596
O16 - DPF: {9184D21C-9835-42C5-A883-EA8BE7FC048D} (Downloader Class) - http://www.shop.intuit.com/commerce/accoun...bles/ie/IDA.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{297E29DF-098B-4142-9787-6E0FADECFB1C}: NameServer = 69.154.14.10 69.154.14.23
O17 - HKLM\System\CS1\Services\Tcpip\..\{297E29DF-098B-4142-9787-6E0FADECFB1C}: NameServer = 69.154.14.10 69.154.14.23
O23 - Service: AVG7 Alert Manager Server - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: GBPoll - Roxio, Inc. - C:\Program Files\Roxio\GoBack\GBPoll.exe
O23 - Service: ScsiAccess - Unknown - C:\WINDOWS\System32\ScsiAccess.EXE




Here is the AVG history:

11/11/2004 131002 0
11/12/2004 131077 0
11/14/2004 131978 0
11/15/2004 46309 0
11/16/2004 134217 0
11/17/2004 134522 0
11/18/2004 134515 0
11/19/2004 134591 0
11/21/2004 135097 1 I-worm/bofra
11/22/2004 134446 1 I-worm/bofra
11/23/2004 134195 1 I-worm/bofra
11/24/2004 134571 2 I-worm/bofra
11/25/2004 134769 1 I-worm/bofra
11/26/2004 26750 0
11/27/2004 135903 1 I-worm/bofra
11/28/2004 136207 1 I-worm/bofra
11/30/2004 136735 1 I-worm/bofra
12/01/2004 136900 1 I-worm/bofra
12/03/2004 137161 1 I-worm/bofra
12/05/2004 137995 1 I-worm/bofra
12/06/2004 137875 1 I-worm/bofra
12/06/2004 138129 0
12/07/2004 138344 0
12/07/2004 138357 0
12/08/2004 138675 0
12/09/2004 139037 0
12/10/2004 139314 1 I-worm/bofra
12/11/2004 139949 0
12/12/2004 141084 0
12/13/2004 142755 0
12/14/2004 142961 0
12/15/2004 143734 0
12/16/2004 144150 0
12/17/2004 144472 0
12/18/2004 145102 0
12/19/2004 145904 0
12/20/2004 146518 0
12/22/2004 143638 0
12/24/2004 147133 0
12/26/2004 50816 0
12/26/2004 148188 0
12/27/2004 148846 0
12/28/2004 132041 0
12/29/2004 9506 3 java/byte verify
12/30/2004 144856 3 java/byte verify
01/01/2005 236 0
01/02/2005 129658 3 java/byte verify
01/03/2005 130239 3 java/byte verify
01/04/2005 130786 3 java/byte verify
01/05/2005 130792 3 java/byte verify
01/06/2005 131645 3 java/byte verify
01/07/2005 131332 3 java/byte verify
01/08/2005 131683 3 java/byte verify
01/08/2005 126299 0
01/09/2005 126716 0
01/10/2005 126913 0




I was wondering how AVG can let viruses on a computer and then detect them later?

[/QUOTE]You have an IP address in the O17 entry for SBC Internet Services - Southwest and I'm assuming that this is you ISP

This is not my ISP, I have dialup but will switch to Roadrunner in a few months

Do you have any suggestions on how I can make all these hijack detectors automatic, and should I be using a router for dialup.

#9 Mitch1

Mitch1
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:15 AM

Posted 10 January 2005 - 11:09 AM

Hi Penmore


Quote from Penmore
I'm not familiar with Timothy's problems or how you fixed it on your machine. If you can let me know when you reply this will help me better understand what we are trying to do.

the problem that Timothy posted which is was the same problem I had originally posted about:
I keep getting in the Win task manager WinServSuit and WinserveAd running..
they keep trying to load until I am depleted of memory.

The instructions for that were, in short:
Please uninstall from Add\Remove Programs:
TSA
Windows ServeAd

Using Ad-Aware SE to remove Spyware & Hijackers from Your Computer


Download System Security Suite here:
System Security Suite Download & Tutorial. Unzip it to your desktop.
Install the program. Don't use it yet.

Download, install and UPDATE SpyBot Search & Destroy.
Using Spybot - Search & Destroy to remove Spyware from Your Computer


Download, install and update Spyware Blaster.
Using SpywareBlaster to protect your computer from Spyware, Hijackers, and Malware

REBOOT into SafeMode by tapping F8 key repeatedly at bootup: Starting your computer in Safe mode

Run AdAware, press the "Start" button, uncheck "Scan for negligible risk entries", select "Perform full system scan" and press "Next". Let AdAware remove anything it finds.

Run SpyBot Search & Destroy and remove anything it finds.

With all windows and browsers closed.
Clean out temporary and Temporary Internet Files.
A. Open System Security Suite.
B. In the Items to Clear tab thick:
- Internet Explorer (left pane): Cookies & Temporary files
- My Computer (right pane): Temporary files & Recycle Bin
Press the Clear Selected Items button.
Close the program.

REBOOT normally.

! This is very important !: Update your Windows. Doing this will make your computer more secure. Please visit Windows Update (follow this link: http://www.windowsupdate.com) to update Windows. Follow the instructions on the screen. You may have to visit more then once Windows Update to install all updates.
Not updating Windows will leave your computer vulnerable to malware and attacks.


Update Sun Java: latest version = J2SE v 1.4.2_06 JRE - http://java.sun.com/j2se/1.4.2/download.html

After the installation of the last update make sure you REBOOT the computer, run HijackThis again and post a new log please.

This post has been edited by cryo on Dec 23 2004, 05:49 AM




This was wonderful it not only fixed the problem but my computer ran so much faster. With adaware I found hundreds of bugs.


Logfile of HijackThis v1.99.0
Scan saved at 9:37:50 AM, on 01/10/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Roxio\GoBack\GBPoll.exe
C:\Program Files\Microsoft SQL Server\MSSQL$ACT7\Binn\sqlservr.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Online Backup\OnlineBackup.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\AIM\aim.exe
C:\Program Files\Roxio\GoBack\GBTray.exe
C:\Palm\HOTSYNC.EXE
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Outlook Express\msimn.exe
C:\WINDOWS\system32\winlogon.exe
C:\Program Files\ACT\act.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\PROGRA~1\ACT\ActEmail.exe
C:\WINDOWS\system32\winlogon.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Program Files\Microsoft Office\Office\WINWORD.EXE
C:\Program Files\Internet Explorer\Iexplore.exe
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://forums.jlconline.com/forums/forumdisplay.php?f=3
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Google.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://forums.jlconline.com/forums/forumdisplay.php?f=3
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [@BackupScheduler] C:\Program Files\Online Backup\OnlineBackup.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\RunOnce: [MicrosoftAntiSpywareCleaner] C:\Program Files\Microsoft AntiSpyware\gcASCleaner.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl
O4 - Global Startup: GoBack.lnk = C:\Program Files\Roxio\GoBack\GBTray.exe
O4 - Global Startup: HotSync Manager.lnk = C:\Palm\HOTSYNC.EXE
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: Attach Web page to ACT! contact - {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - mscoree.dll (file missing)
O9 - Extra 'Tools' menuitem: Attach Web page to ACT! contact... - {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - mscoree.dll (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=34738&clcid=0x409
O16 - DPF: {4125262D-2E47-11D3-9387-00C04F5B12B1} (WRXCtl Class) - https://secure10.backup.com/downloads/WRX.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1104634192596
O16 - DPF: {9184D21C-9835-42C5-A883-EA8BE7FC048D} (Downloader Class) - http://www.shop.intuit.com/commerce/accoun...bles/ie/IDA.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{297E29DF-098B-4142-9787-6E0FADECFB1C}: NameServer = 69.154.14.10 69.154.14.23
O17 - HKLM\System\CS1\Services\Tcpip\..\{297E29DF-098B-4142-9787-6E0FADECFB1C}: NameServer = 69.154.14.10 69.154.14.23
O23 - Service: AVG7 Alert Manager Server - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: GBPoll - Roxio, Inc. - C:\Program Files\Roxio\GoBack\GBPoll.exe
O23 - Service: ScsiAccess - Unknown - C:\WINDOWS\System32\ScsiAccess.EXE




Here is the AVG history:

11/11/2004 131002 0
11/12/2004 131077 0
11/14/2004 131978 0
11/15/2004 46309 0
11/16/2004 134217 0
11/17/2004 134522 0
11/18/2004 134515 0
11/19/2004 134591 0
11/21/2004 135097 1 I-worm/bofra
11/22/2004 134446 1 I-worm/bofra
11/23/2004 134195 1 I-worm/bofra
11/24/2004 134571 2 I-worm/bofra
11/25/2004 134769 1 I-worm/bofra
11/26/2004 26750 0
11/27/2004 135903 1 I-worm/bofra
11/28/2004 136207 1 I-worm/bofra
11/30/2004 136735 1 I-worm/bofra
12/01/2004 136900 1 I-worm/bofra
12/03/2004 137161 1 I-worm/bofra
12/05/2004 137995 1 I-worm/bofra
12/06/2004 137875 1 I-worm/bofra
12/06/2004 138129 0
12/07/2004 138344 0
12/07/2004 138357 0
12/08/2004 138675 0
12/09/2004 139037 0
12/10/2004 139314 1 I-worm/bofra
12/11/2004 139949 0
12/12/2004 141084 0
12/13/2004 142755 0
12/14/2004 142961 0
12/15/2004 143734 0
12/16/2004 144150 0
12/17/2004 144472 0
12/18/2004 145102 0
12/19/2004 145904 0
12/20/2004 146518 0
12/22/2004 143638 0
12/24/2004 147133 0
12/26/2004 50816 0
12/26/2004 148188 0
12/27/2004 148846 0
12/28/2004 132041 0
12/29/2004 9506 3 java/byte verify
12/30/2004 144856 3 java/byte verify
01/01/2005 236 0
01/02/2005 129658 3 java/byte verify
01/03/2005 130239 3 java/byte verify
01/04/2005 130786 3 java/byte verify
01/05/2005 130792 3 java/byte verify
01/06/2005 131645 3 java/byte verify
01/07/2005 131332 3 java/byte verify
01/08/2005 131683 3 java/byte verify
01/08/2005 126299 0
01/09/2005 126716 0
01/10/2005 126913 0




I was wondering how AVG can let viruses on a computer in the first place and then detect them later?

Quote from Penmore:
You have an IP address in the O17 entry for SBC Internet Services - Southwest and I'm assuming that this is you ISP

This is not my ISP, I have dialup but will switch to Roadrunner in a few months

Do you have any suggestions on how I can make all these hijack detectors automatic, and should I be using a router for dialup.

#10 penmore

penmore

    Malware Sniffer


  • Members
  • 757 posts
  • OFFLINE
  •  
  • Location:West Coast of Scotland
  • Local time:01:15 PM

Posted 11 January 2005 - 05:16 AM

Hi Jim,

Thanks for getting back to me with that information. I've provided a brief response to your questions, some of them will be answered with the list of protection measures that I will give you later.
  • Java/Byte Verify - This should explain and cure things: http://java.com/en/download/help/cache_virus.jsp

  • The AVG issue is most likely because of the time-lag between the virus release and the updating of the AVG database. We do find that there are differences between virus checking/removal software and that is why we normally run three online virus scans.

  • The O17 ISP entry - I am informed that it is common in your country for some ISP companies to actually use other ISPs to actually provide the service. This entry does look legit so I'm suggesting that we leave it for the timebeing.

  • Automatic protection comes from firewalls and Antivirus software. Please see this tutorial and look at the section that deals with TeaTimer: http://www.bleepingcomputer.com/forums/ind...showtutorial=43

  • You can experiment with things like the Quote tabs in this forum http://www.bleepingcomputer.com/forums/f/35/tests-and-scribbles/

  • Your log mscoree.dll (file missing) entries. It seems to be associated with a program on your computer called Onfolio. As long as that program continues to work as it should then I wouldn't worry too much about it. But just in case, here's a place where you can download a copy of that file should you need to. http://www.dll-files.com/dllindex/dll-files.shtml?mscoree

  • Run HijackThis
    Click on the Scan button and when complete
    Put a check beside all of the items listed belowClose all open Explorer windows and browsers
    Click on the "Fix Checked" button
    When complete and all files removed, close the application

  • Run HijackThis and post a new log here. Also let me know how your machine is now.


#11 penmore

penmore

    Malware Sniffer


  • Members
  • 757 posts
  • OFFLINE
  •  
  • Location:West Coast of Scotland
  • Local time:01:15 PM

Posted 11 January 2005 - 02:30 PM

Hi Jim,

I've been doing a some more research on those mscoree.dll missing file entries. What I am reading says that then can be related to a number of programs and it would appear that perhaps your entries relate to http://www.act.com/docs/pop/sysreq.htm. If this is the case then you perhaps have uninstalled that software. For completeness could you add the two lines listed below to the removal instructions in the HijackThis run. Then if you wish to re-install the software, the entries will be recreated and the log will be correct.

O9 - Extra button: Attach Web page to ACT! contact - {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - mscoree.dll (file missing)
O9 - Extra 'Tools' menuitem: Attach Web page to ACT! contact... - {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - mscoree.dll (file missing)

Peter

#12 Mitch1

Mitch1
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:15 AM

Posted 12 January 2005 - 06:58 AM

My computer is running better all the time.
I can't seem to find the Spybot tea timer does it have to be downloaded separately



Logfile of HijackThis v1.99.0
Scan saved at 5:49:45 AM, on 01/12/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Roxio\GoBack\GBPoll.exe
C:\Program Files\Microsoft SQL Server\MSSQL$ACT7\Binn\sqlservr.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Online Backup\OnlineBackup.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\PROGRA~1\AIM\aim.exe
C:\Program Files\Roxio\GoBack\GBTray.exe
C:\Palm\HOTSYNC.EXE
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Microsoft Office\Office\EXCEL.EXE
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\ACT\act.exe
C:\WINDOWS\system32\winlogon.exe
C:\PROGRA~1\ACT\DrvWd6.wpi
C:\Program Files\Microsoft Office\Office\WINWORD.EXE
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://forums.jlconline.com/forums/forumdisplay.php?f=3
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Google.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://forums.jlconline.com/forums/forumdisplay.php?f=3
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [@BackupScheduler] C:\Program Files\Online Backup\OnlineBackup.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl
O4 - Global Startup: GoBack.lnk = C:\Program Files\Roxio\GoBack\GBTray.exe
O4 - Global Startup: HotSync Manager.lnk = C:\Palm\HOTSYNC.EXE
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=34738&clcid=0x409
O16 - DPF: {4125262D-2E47-11D3-9387-00C04F5B12B1} (WRXCtl Class) - https://secure10.backup.com/downloads/WRX.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1104634192596
O16 - DPF: {9184D21C-9835-42C5-A883-EA8BE7FC048D} (Downloader Class) - http://www.shop.intuit.com/commerce/accoun...bles/ie/IDA.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{297E29DF-098B-4142-9787-6E0FADECFB1C}: NameServer = 69.154.14.10 69.154.14.23
O17 - HKLM\System\CS1\Services\Tcpip\..\{297E29DF-098B-4142-9787-6E0FADECFB1C}: NameServer = 69.154.14.10 69.154.14.23
O23 - Service: AVG7 Alert Manager Server - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: GBPoll - Roxio, Inc. - C:\Program Files\Roxio\GoBack\GBPoll.exe
O23 - Service: ScsiAccess - Unknown - C:\WINDOWS\System32\ScsiAccess.EXE

#13 penmore

penmore

    Malware Sniffer


  • Members
  • 757 posts
  • OFFLINE
  •  
  • Location:West Coast of Scotland
  • Local time:01:15 PM

Posted 13 January 2005 - 02:30 PM

Hi Jim,

Your log is clean, well done!! To answer your question about TeaTimer, please have a look at Installing Spybot - Search & Destroy in the tutorial I linked you to earlier. In the screen shot you'll see the Tea Timer box highlighted in red and information on what it does further down.

I know you have some of the prevention/removal software already installed however, I have itemized below my full list of prevention and removal measures that will best ensure that your machine stays clean.

Please take the time to review the list and implement any of the software or settings that you don't have already.
  • Disable and Enable System Restore. - If you are using Windows ME or XP then you should disable and reenable system restore to make sure there are no infected files found in a restore point. You can find instructions on how to enable and reenable system restore here:Renable system restore with instructions from tutorial above.

  • Make your Internet Explorer more secure - This can be done by following these simple instructions:
    • From within Internet Explorer click on the Tools menu and then click on Options.
    • Click once on the Security tab
    • Click once on the Internet icon so it becomes highlighted.
    • Click once on the Custom Level button.
      • Change the Download signed ActiveX controls to Prompt
      • Change the Download unsigned ActiveX controls to Disable
      • Change the Initialize and script ActiveX controls not marked as safe to Disable
      • Change the Installation of desktop items to Prompt
      • Change the Launching programs and files in an IFRAME to Prompt
      • Change the Navigate sub-frames across different domains to Prompt
      • When all these settings have been made, click on the OK button.
      • If it prompts you as to whether or not you want to save the settings, press the Yes button.
    • Next press the Apply button and then the OK to exit the Internet Properties page.
  • Use an AntiVirus Software - It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future.
    See this link for a listing of some online & their stand-alone antivirus programs:Virus, Spyware, and Malware Protection and Removal Resources
  • Update your AntiVirus Software - It is imperative that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.

  • Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is susceptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.
    For a tutorial on Firewalls and a listing of some available ones see the link below:Understanding and Using Firewalls
  • Visit Microsoft's Windows Update Site Frequently - It is important that you visit Windows Update Site regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

  • Install Spybot - Search and Destroy - Install and download Spybot - Search and Destroy with its TeaTimer option. This will provide realtime spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with program on a regular basis just as you would an antivirus software.
    A tutorial on installing & using this product can be found here:Using Spybot - Search & Destroy to remove Spyware , Malware, and Hijackers
  • Install Ad-Aware - Install and download Ad-Aware. You should also scan your computer with program on a regular basis just as you would an antivirus software in conjunction with Spybot.
    A tutorial on installing & using this product can be found here:Using Ad-aware to remove Spyware, Malware, & Hijackers from Your Computer
  • Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.
    A tutorial on installing & using this product can be found here:Using SpywareBlaster to protect your computer from Spyware and Malware
  • Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Follow this list and your potential for being infected again will reduce dramatically.

Edited by penmore, 13 January 2005 - 02:31 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users