Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Love Some Help Here!


  • This topic is locked This topic is locked
5 replies to this topic

#1 Kevin Doyle

Kevin Doyle

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:07:13 PM

Posted 23 February 2007 - 07:37 AM

Hi guys,

Basically my machine has been getting slower by the day for the last few weeks. I have carried out plenty of spyware and Av scans and having a running firewall but its not helping. The spyware scans always find a good few items and thats after only a few days after the last scan. It at least picks up 50 items/files at a time. I have done a Hi-jack this log to see if their is anytihng noticable in there.....

Logfile of HijackThis v1.99.1
Scan saved at 12:32:03, on 23/02/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\slserv.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
C:\WINDOWS\system32\wwSecure.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sitecom Europe BV\Sitecom WL-117 Utility\SitecomUSB.EXE
C:\Program Files\AutoInstall\ZD1211_Auto_Install_CD_Only_Gen_0ACE2031\AutoEJCD.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Documents and Settings\Tony\Desktop\Hijack\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Freeserve
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\apps\Adobe\Acrobat 5.1\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Need2Find Bar BHO - {4D1C4E81-A32A-416b-BCDB-33B3EF3617D3} - C:\Program Files\Need2Find\bar\1.bin\ND2FNBAR.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Alcohol Toolbar Helper - {8126A4A5-BFD3-46FE-BBDF-BFB5CF78E489} - C:\Program Files\Alcohol Toolbar\v3.1.0.0\Alcohol_Toolbar.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: (no name) - {8B68564D-53FD-4293-B80C-993A9F3988EE} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Alcohol Toolbar - {ED4BD629-C1B6-4399-8A34-02CCAA921DC9} - C:\Program Files\Alcohol Toolbar\v3.1.0.0\Alcohol_Toolbar.dll
O4 - HKLM\..\Run: [SmcService] "C:\PROGRA~1\Sygate\SPF\smc.exe" -startgui
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Sitecom WL-117 WLan_Utility] "C:\Program Files\Sitecom Europe BV\Sitecom WL-117 Utility\SitecomUSB.EXE"
O4 - HKLM\..\Run: [AutoEJCD_0ACE2031] C:\Program Files\AutoInstall\ZD1211_Auto_Install_CD_Only_Gen_0ACE2031\AutoEJCD.EXE /VID=0ACE /PID=2031
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Global Startup: Privoxy.lnk = C:\Program Files\Privoxy\privoxy.exe
O8 - Extra context menu item: &Search - http://kl.bar.need2find.com/KL/menusearch.html?p=KL
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Eek! Adder Crack - file://C:\\WINDOWS\\ekacrav.htm
O8 - Extra context menu item: Search with Freeserve - res://C:\PROGRA~1\FREESE~1\FSBar\FSBar.dll/VSearch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Tony\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.freeserve.com/
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1148922130257
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1148935706781
O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://static.photobox.co.uk/sg/common/uploader_uni.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Virtual CD v4 Security service (SDK - Version) (VCSSecS) - H+H Software GmbH - C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
O23 - Service: Washer Security Access (wwSecSvc) - Webroot Software, Inc. - C:\WINDOWS\system32\wwSecure.exe

BC AdBot (Login to Remove)

 


m

#2 Kevin Doyle

Kevin Doyle
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:07:13 PM

Posted 25 February 2007 - 05:06 AM

Still waiting for help. Is there any reason why no one's answered? had the same trouble a few weeks back.

#3 amateur

amateur

    Malware Fighter


  • Malware Response Team
  • 2,775 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:01:13 PM

Posted 25 February 2007 - 02:32 PM

Hello Kevindoyle and welcome to BC.

Please go to Start>Control Panel>Add/Remove Programs and remove Need2Find , if present.

I see that you're using LimeWire. Lime wire is a p2p file sharing program. I think the nature of P2P filesharing is so that even if one is using a "clean" program, many of the files downloaded from non-documented sources have the potential of being infected. So, regardless of whether one is using a "clean" program, one may still be prone to infection by malware. I recommend that you remove it.

IMVU has been known to cause problems and, unless it is something you really want to keep, should also be removed.

You might like to print these instructions so that you'll have access to them while you are in Safe Mode later.

=====================================

Please download Posted ImageAVG Anti-Spyware to your Desktop or to your usual Download Folder.
http://www.ewido.net/en/download/
  • Install AVG Anti-Spyware by double clicking the installer.
  • Follow the prompts. Make sure that Launch AVG Anti-Spyware is checked.
  • On the main screen under Your Computer's security.
    • Click on Change state next to Resident shield. It should now change to inactive.
    • Click on Change state next to Automatic updates. It should now change to inactive.
    • Next to Last Update, click on Update now. (You will need an active internet connection to perform this)
    • Wait until you see the Update succesfull message.
  • Right-click the AVG Anti-Spyware Tray Icon and uncheck Start with Windows.
  • Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.
If you are having problems with the updater, you can use this link to manually update AVG Anti Spyware.
AVG Anti-Spyware manual updates.
Download the Full database to your Desktop or to your usual Download Folder and install it by double clicking the file. Make sure that AVG Anti-Spyware is closed before installing the update.

=======================================

Please download Ccleaner and save it to your desktop.
Tutorial for CCleaner
During the installation be sure to UN-check the box for "Ccleaner Yahoo Toolbar" unless you want it. Do not scan with it yet.

=======================================

Scan with HijackThis and put a checkmark against the following entries:

O2 - BHO: Need2Find Bar BHO - {4D1C4E81-A32A-416b-BCDB-33B3EF3617D3} - C:\Program Files\Need2Find\bar\1.bin\ND2FNBAR.DLL
O3 - Toolbar: (no name) - {8B68564D-53FD-4293-B80C-993A9F3988EE} - (no file)

O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe<==== if you removed it.
O8 - Extra context menu item: &Search - http://kl.bar.need2find.com/KL/menusearch.html?p=KL
O8 - Extra context menu item: Eek! Adder Crack - file://C:\\WINDOWS\\ekacrav.htm[/color]<==== could you enlighten me about this entry please? Anything with the word "crack" in it really concerns me.
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Tony\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)<===== if you removed it
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -

I cannot get much info about the following entry: Is this something you know and knowingly installed? If not, you can check this too.

O4 - HKLM\..\Run: [AutoEJCD_0ACE2031] C:\Program Files\AutoInstall\ZD1211_Auto_Install_CD_Only_Gen_0ACE2031\AutoEJCD.EXE /VID=0ACE /PID=2031

Close all windows/applications/email, etc., including this one and click on "fix checked". Exit HijackThis.

========================================

Reboot your computer in Safe Mode using the F8 method below.
a. If the computer is running, shut down Windows, and then turn off the power.
b. Wait 30 seconds, and then turn the computer on.
c. Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
d. Ensure that the Safe Mode option is selected.
e. Press Enter. The computer then begins to start in Safe mode.

========================================

From Safe Mode run Ccleaner
  • Click on Options,
  • Select Advanced
  • Now UNCHECK "Only delete files in Windows Temp folders older than 48 hours"
  • Make sure the Cleaner block on the left is selected.
  • Do not use the "Issues" block . It's meant for professionals.
  • Choose the Windows tab.
  • Check everything EXCEPT Advanced part of the Menu.
  • Click on "Analyze". This process could take a while.
  • If you don't want to loose your login passwords to certain sites, click on Options
  • Select cookies and move the ones you want to keep to the "cookies to keep" section, by highlighting and using the arrows in the middle.
  • Choose Run Cleaner.
When CCleaner shows how much has been removed, cleaning is finished. Click Exit.
If you have more than one users, run Ccleaner for every user

========================================

Close ALL open Windows / Programs / Folders. Please start AVG Anti-Spyware and run a full scan.
  • Click on Scanner on the toolbar.
  • Click on the Settings tab.
    • Under How to act?
      • Click on Recommended Action and choose Quarantine from the popup menu.
    • Under How to scan?
      • All checkboxes should be ticked.
    • Under Possibly unwanted software:
      • All checkboxes should be ticked.
    • Under Reports:
      • Select Automatically generate report after every scan and uncheck Only if threats were found.
    • Under What to scan?
      • Select Scan every file.
  • Click on the Scan tab.
  • Click on Complete System Scan to start the scan process.
  • Let the program scan the machine.
  • When the scan has finished, follow the instructions below.
    IMPORTANT : Don't click on the "Save Scan Report" button before you did hit the "Apply all Actions" button.
    • Make sure that Set all elements to: shows Quarantine (1), if not click on the link and choose Quarantine from the popup menu. (2)
    • At the bottom of the window click on the Apply all Actions button. (3)
      Posted Image
  • When done, click the Save Scan Report button. (4)
    • Click the Save Report as button.
    • Save the report to your Desktop.
  • Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.
Reboot in Normal Mode.

================================

Perform an online scan using Internet Explorer with [color="red"]Panda ActiveScan
  • Click on Posted Image located at the bottom of the page.
  • A "pop up" window will appear. Please ensure that your pop up blocker doesn't block it
  • Enter your e-mail address, country, and state & click "Free Online Scan" The download of the 8 MB Panda's ActiveX control will take place
Begin the scan by selecting Posted Image
  • If it finds any malware, it will offer you a report.
  • Please ignore any entry it finds and the offer to buy the program to remove the entry, as we will address this later.
  • Click on Posted Image then click Posted Image and post back the contents please.
* You needn't remain online while it's doing the scan but you have to re-connect after it has finished to see the report.
* Turn off the real time scanner of any existing antivirus program while performing the online scan


==================================

Please post back the results from AVG Anti Spyware and Panda scans along with a fresh HijackThis log taken after restart.

#4 Kevin Doyle

Kevin Doyle
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:07:13 PM

Posted 26 February 2007 - 04:35 PM

Thanks for your help acppreciate it. That Eek Crack was some a bittorent crack for a little bot programme, I intsalled it but dont use it anymore. I followed every step and removed all the recomended programmes aswell, thank youa nd here is the results from the scans.


--------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 19:35:11 26/02/2007

+ Scan result:



C:\System Volume Information\_restore{98E46F0A-9DA1-4258-92C4-7CCAE5D21E6E}\RP294\A0061858.DLL -> Adware.IESearch : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{98E46F0A-9DA1-4258-92C4-7CCAE5D21E6E}\RP294\A0061872.dll -> Adware.IESearch : Cleaned with backup (quarantined).
C:\WINDOWS\system32\P2P Networking v126.cpl -> Adware.P2PNet : Cleaned with backup (quarantined).
C:\Program Files\DAEMON Tools\SetupDTSB.exe -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\Documents and Settings\Tony\Desktop\Randomhag\Source Metamod\sourcemm\installer\upx.exe -> Backdoor.Ciadoor.13 : Cleaned with backup (quarantined).
C:\Documents and Settings\Tony\Desktop\MSN messanger\IceCold ReLoaded.exe -> Not-A-Virus.HackTool.Win32.Homac : Cleaned with backup (quarantined).
C:\Documents and Settings\Tony\Desktop\MSN messanger\icecold_reloaded.zip/IceCold ReLoaded.exe -> Not-A-Virus.HackTool.Win32.Homac : Cleaned with backup (quarantined).
C:\Documents and Settings\Tony\Desktop\Brutus\BrutusA2.exe -> Not-A-Virus.PSWTool.Win32.Brutus : Cleaned with backup (quarantined).
C:\Documents and Settings\Tony\Desktop\Brutus\brutus-aet2.zip/BrutusA2.exe -> Not-A-Virus.PSWTool.Win32.Brutus : Cleaned with backup (quarantined).
C:\Documents and Settings\Tony\Desktop\Hotmail Hack\BrutusA2.exe -> Not-A-Virus.PSWTool.Win32.Brutus : Cleaned with backup (quarantined).
C:\Documents and Settings\Tony\Desktop\Hotmail Hack\brutus-aet2.zip/BrutusA2.exe -> Not-A-Virus.PSWTool.Win32.Brutus : Cleaned with backup (quarantined).
C:\Documents and Settings\Tony\Desktop\Hotmail Hack\f5b24db0f1a832385caa7809a912cef1.zip/mspass.exe -> Not-A-Virus.PSWTool.Win32.Messen.104 : Cleaned with backup (quarantined).
C:\Documents and Settings\Tony\Desktop\Hotmail Hack\mspass.exe -> Not-A-Virus.PSWTool.Win32.Messen.104 : Cleaned with backup (quarantined).
:mozilla.24:C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\ey6ewqdc.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.32:C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Firefox\Profiles\tvkn6vmx.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Dad\Cookies\dad@2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Dad\Cookies\dad@premiumtv.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Steph\Cookies\steph@int.adocean[1].txt -> TrackingCookie.Adocean : Cleaned.
C:\Documents and Settings\Dad\Cookies\dad@adrevolver[1].txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.6:C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\ey6ewqdc.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.7:C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\ey6ewqdc.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
C:\Documents and Settings\Dad\Cookies\dad@adtech[2].txt -> TrackingCookie.Adtech : Cleaned.
C:\Documents and Settings\Dad\Cookies\dad@advertising[1].txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.14:C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Firefox\Profiles\tvkn6vmx.default\cookies.txt -> TrackingCookie.Adviva : Cleaned.
C:\Documents and Settings\Dad\Cookies\dad@adviva[2].txt -> TrackingCookie.Adviva : Cleaned.
C:\Documents and Settings\Dad\Cookies\dad@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Dad\Cookies\dad@bluestreak[2].txt -> TrackingCookie.Bluestreak : Cleaned.
C:\Documents and Settings\Dad\Cookies\dad@burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\Dad\Cookies\dad@www.burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\Steph\Cookies\steph@burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\Steph\Cookies\steph@www.burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\Dad\Cookies\dad@com[1].txt -> TrackingCookie.Com : Cleaned.
C:\Documents and Settings\Steph\Cookies\steph@com[1].txt -> TrackingCookie.Com : Cleaned.
C:\Documents and Settings\Dad\Cookies\dad@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\Dad\Cookies\dad@adopt.euroclick[1].txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.23:C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Firefox\Profiles\tvkn6vmx.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.24:C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Firefox\Profiles\tvkn6vmx.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.25:C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Firefox\Profiles\tvkn6vmx.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.26:C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Firefox\Profiles\tvkn6vmx.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
C:\Documents and Settings\Dad\Cookies\dad@fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned.
C:\Documents and Settings\Dad\Cookies\dad@ehg-bskyb.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Dad\Cookies\dad@ehg-independent.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Dad\Cookies\dad@ehg-mgnlimited.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Dad\Cookies\dad@hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Steph\Cookies\steph@ehg-dig.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Dad\Cookies\dad@server.lon.liveperson[1].txt -> TrackingCookie.Liveperson : Cleaned.
C:\Documents and Settings\Steph\Cookies\steph@sales.liveperson[2].txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.18:C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Firefox\Profiles\tvkn6vmx.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\Dad\Cookies\dad@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\Steph\Cookies\steph@www.myaffiliateprogram[1].txt -> TrackingCookie.Myaffiliateprogram : Cleaned.
C:\Documents and Settings\Dad\Cookies\dad@need2find[1].txt -> TrackingCookie.Need2find : Cleaned.
C:\Documents and Settings\Dad\Local Settings\Temp\Cookies\dad@need2find[2].txt -> TrackingCookie.Need2find : Cleaned.
C:\Documents and Settings\Steph\Cookies\steph@need2find[1].txt -> TrackingCookie.Need2find : Cleaned.
C:\Documents and Settings\Steph\Cookies\steph@data2.perf.overture[2].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\Dad\Cookies\dad@questionmarket[2].txt -> TrackingCookie.Questionmarket : Cleaned.
C:\Documents and Settings\Dad\Cookies\dad@realmedia[1].txt -> TrackingCookie.Realmedia : Cleaned.
C:\Documents and Settings\Dad\Cookies\dad@revsci[2].txt -> TrackingCookie.Revsci : Cleaned.
C:\Documents and Settings\Dad\Cookies\dad@bs.serving-sys[1].txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\Dad\Cookies\dad@serving-sys[1].txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\Dad\Cookies\dad@statcounter[2].txt -> TrackingCookie.Statcounter : Cleaned.
C:\Documents and Settings\Steph\Cookies\steph@anad.tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Dad\Cookies\dad@tradedoubler[2].txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.8:C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Firefox\Profiles\tvkn6vmx.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned.
:mozilla.9:C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Firefox\Profiles\tvkn6vmx.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned.
C:\Documents and Settings\Dad\Cookies\dad@statse.webtrendslive[1].txt -> TrackingCookie.Webtrendslive : Cleaned.
C:\Documents and Settings\Dad\Cookies\dad@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned.


::Report end


Hijackthis

Logfile of HijackThis v1.99.1
Scan saved at 21:30:08, on 26/02/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\slserv.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
C:\WINDOWS\system32\wwSecure.exe
C:\Program Files\Sitecom Europe BV\Sitecom WL-117 Utility\SitecomUSB.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Documents and Settings\Tony\Desktop\Hijack\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Freeserve
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\apps\Adobe\Acrobat 5.1\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Alcohol Toolbar Helper - {8126A4A5-BFD3-46FE-BBDF-BFB5CF78E489} - C:\Program Files\Alcohol Toolbar\v3.1.0.0\Alcohol_Toolbar.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Alcohol Toolbar - {ED4BD629-C1B6-4399-8A34-02CCAA921DC9} - C:\Program Files\Alcohol Toolbar\v3.1.0.0\Alcohol_Toolbar.dll
O4 - HKLM\..\Run: [SmcService] "C:\PROGRA~1\Sygate\SPF\smc.exe" -startgui
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Sitecom WL-117 WLan_Utility] "C:\Program Files\Sitecom Europe BV\Sitecom WL-117 Utility\SitecomUSB.EXE"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Privoxy.lnk = C:\Program Files\Privoxy\privoxy.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Search with Freeserve - res://C:\PROGRA~1\FREESE~1\FSBar\FSBar.dll/VSearch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.freeserve.com/
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1148922130257
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1148935706781
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://static.photobox.co.uk/sg/common/uploader_uni.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Virtual CD v4 Security service (SDK - Version) (VCSSecS) - H+H Software GmbH - C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
O23 - Service: Washer Security Access (wwSecSvc) - Webroot Software, Inc. - C:\WINDOWS\system32\wwSecure.exe


Active Scan


Incident Status Location

Potentially unwanted tool:application/bestoffer Not disinfected c:\windows\smdat32m.sys
Potentially unwanted tool:application/need2find Not disinfected c:\program files\Need2Find
Potentially unwanted tool:application/altnet Not disinfected hkey_local_machine\software\microsoft\windows\currentversion\app management\arpcache\AltnetDM
Adware:adware/instafinder Not disinfected Windows Registry
Spyware:Cookie/888 Not disinfected C:\Documents and Settings\Dad\Cookies\dad@888[1].txt
Spyware:Cookie/888 Not disinfected C:\Documents and Settings\Dad\Cookies\dad@888[2].txt
Spyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\Dad\Cookies\dad@adopt.hbmediapro[2].txt
Spyware:Cookie/NewMedia Not disinfected C:\Documents and Settings\Dad\Cookies\dad@anm.co[1].txt
Spyware:Cookie/Cassava Not disinfected C:\Documents and Settings\Dad\Cookies\dad@cassava[1].txt
Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\Dad\Cookies\dad@cgi-bin[3].txt
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Dad\Cookies\dad@drivecleaner[2].txt
Spyware:Cookie/GoStats Not disinfected C:\Documents and Settings\Dad\Cookies\dad@gostats[1].txt
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Dad\Cookies\dad@go[2].txt
Spyware:Cookie/Screensavers Not disinfected C:\Documents and Settings\Dad\Cookies\dad@i.screensavers[1].txt
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Dad\Cookies\dad@stats.drivecleaner[2].txt
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Dad\Cookies\dad@www.drivecleaner[1].txt
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Dad\Cookies\dad@xiti[1].txt
Spyware:Cookie/NewMedia Not disinfected C:\Documents and Settings\Dad\Local Settings\Temp\Cookies\dad@anm.co[1].txt
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Steph\Application Data\Mozilla\Firefox\Profiles\z62rsqn2.default\cookies.txt[.apmebf.com/]
Spyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\Steph\Cookies\steph@adopt.hbmediapro[2].txt
Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\Steph\Cookies\steph@cgi-bin[1].txt
Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\Steph\Cookies\steph@cgi-bin[2].txt
Spyware:Cookie/Kazaa Networks Not disinfected C:\Documents and Settings\Steph\Cookies\steph@desktop.kazaa[1].txt
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Steph\Cookies\steph@drivecleaner[2].txt
Spyware:Cookie/fe.lea.lycos Not disinfected C:\Documents and Settings\Steph\Cookies\steph@fe.lea.lycos[1].txt
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Steph\Cookies\steph@go[1].txt
Spyware:Cookie/Screensavers Not disinfected C:\Documents and Settings\Steph\Cookies\steph@i.screensavers[2].txt
Spyware:Cookie/OfferOptimizer Not disinfected C:\Documents and Settings\Steph\Cookies\steph@offeroptimizer[1].txt
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Steph\Cookies\steph@stats.drivecleaner[2].txt
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Steph\Cookies\steph@www.drivecleaner[2].txt
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Steph\Cookies\steph@xiti[1].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Tony\Cookies\tony@atdmt[2].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Tony\Cookies\tony@doubleclick[1].txt
Hacktool:HackTool/Unsecure.A Not disinfected C:\Documents and Settings\Tony\Desktop\Hotmail Hack\Uns12.exe
Hacktool:HackTool/Unsecure.A Not disinfected C:\Documents and Settings\Tony\Desktop\Hotmail Hack\Unsecurev1.2.zip[Uns12.exe]
Potentially unwanted tool:Application/Need2Find Not disinfected C:\Program Files\Mozilla Firefox\plugins\NPNd2fn.dll
Potentially unwanted tool:Application/Pskill.A Not disinfected C:\WINDOWS\RESTORE.INS[C:/OEMCUST/TOOLS/WIN32/PSKILL.EXE]
Potentially unwanted tool:Application/Pskill.A Not disinfected C:\WINDOWS\system\RESTORE.INS[C:/OEMCUST/TOOLS/WIN32/PSKILL.EXE]

#5 amateur

amateur

    Malware Fighter


  • Malware Response Team
  • 2,775 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:01:13 PM

Posted 27 February 2007 - 05:21 PM

Hi,

We are almost done.

Go to My Computer> Tools> Folder Options> View>"Uncheck" Hide protected operating system files. Click Apply>OK.

=============================

Reboot your computer into Safe mode as before

=============================

and using Windows Explorer (right click on Start, click on Explore) delete the following files and folders:

c:\windows\smdat32m.sys
C:\Program Files\Mozilla Firefox\plugins\NPNd2fn.dll

c:\program files\Need2Find
C:\Documents and Settings\Tony\Desktop\Hotmail Hack

==============================

Run Ccleaner again this time in Normal Mode and for every user on the Computer, i.e. Tony, Dad, Steph. You can use the "Applications" tab to clean the cookies in FireFox/Mozilla

==============================

Copy/paste the following text inside the quote box into a new notepad document. It must be Notepad, not wordpad. Make sure the "wordwrap" is unchecked in Format menu.

REGEDIT4

[-HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app management\arpcache\AltnetDM]


Save it to your desktop as fixme.reg Save it as File Type All Files. Double click fixme.reg and answer yes when asked to merge it into the registry.

Note: Make sure that there is no space before REGEDIT4, and there is a single space after the last line.

================================

Scan with Panda again.

===============================

Post back the Panda online scan results and a fresh HijackThis log. Also let me know how the computer is running now.

#6 amateur

amateur

    Malware Fighter


  • Malware Response Team
  • 2,775 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:01:13 PM

Posted 04 March 2007 - 08:16 AM

Since your problem appears to be resolved, this thread will now be closed. If you need this topic reopened, please PM me with the address of the thread, and we will reopen it for you. This applies only to the original topic starter. Everyone else please begin a New Topic.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users