Freeprod [RESOLVED]

Need a geek? You've come to the right place! Geeks to Go offers free, quality technical support, in a non-technical way. Volunteers are waiting to help. Friendly, technology experts who have knowledge to share, and find reward in helping others. Feel free to browse the site as a guest. However, to reply to a topic, or start a new one, you'll need to register (also removes advertising). New here? Visit our Welcome Guide. Infected with a Virus, Spyware, or Trojan? Read our Malware and Spyware Cleaning Guide.

> Geeks to Go! » Security » Virus, Spyware and Trojan Removal

Freeprod [RESOLVED], ewido scan log and HiJackThis log inside

Options

jzt03 View Member Profile	Sep 29 2005, 08:58 PM Post #1
New Member Posts: 9 OS: Windows XP	--------------------------------------------------------- ewido security suite - Scan report --------------------------------------------------------- + Created on: 10:56:39 PM, 9/29/2005 + Report-Checksum: 636BEF4 + Scan result: HKLM\SOFTWARE\Altnet -> Spyware.Altnet : Error during cleaning HKLM\SOFTWARE\Altnet\Dashboard -> Spyware.Altnet : Error during cleaning HKLM\SOFTWARE\Altnet\Dashboard\Messages -> Spyware.Altnet : Error during cleaning HKLM\SOFTWARE\Altnet\Dashboard\Settings -> Spyware.Altnet : Error during cleaning :mozilla.13:C:\Documents and Settings\Jordan Tetro\Application Data\Mozilla\Firefox\Profiles\slzgev8b.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup C:\Documents and Settings\Jordan Tetro\Cookies\jordan tetro@2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup C:\Documents and Settings\Jordan Tetro\Cookies\jordan tetro@advertising[2].txt -> Spyware.Cookie.Advertising : Cleaned with backup C:\Documents and Settings\Jordan Tetro\Cookies\jordan tetro@doubleclick[1].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup C:\Documents and Settings\Jordan Tetro\Cookies\jordan tetro@servedby.advertising[2].txt -> Spyware.Cookie.Advertising : Cleaned with backup C:\Program Files\ProSiteFinder\ProSiteFinder.dll -> Spyware.ClearSearch : Cleaned with backup ::Report End Logfile of HijackThis v1.99.1 Scan saved at 10:04:36 PM, on 9/29/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRAM FILES\AVPERSONAL\AVGUARD.EXE C:\Program Files\AVPersonal\AVWUPSRV.EXE C:\Program Files\ewido\security suite\ewidoctrl.exe C:\Program Files\ewido\security suite\ewidoguard.exe C:\WINDOWS\system32\slserv.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\wanmpsvc.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\mHotkey.exe C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE C:\WINDOWS\kdx\KHost.exe C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\AVPersonal\AVSched32.EXE C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\AVPersonal\AVGNT.EXE C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\QuickTime\qttask.exe C:\WINDOWS\system32\windir32.exe C:\Program Files\ProSiteFinder\ProSiteFinder.exe C:\Program Files\Common Files\AOL\1124233303\ee\AOLHostManager.exe C:\Program Files\Common Files\AOL\1124233303\ee\AOLServiceHost.exe C:\PROGRA~1\WHATPU~1\WHATPU~1.EXE C:\WINDOWS\system32\windir32.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\ProSiteFinder\ProSiteFinder.exe C:\Documents and Settings\Jordan Tetro\Desktop\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.emachines.com R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file) F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\Windows\System32\wsaupdater.exe, O2 - BHO: (no name) - {00000000-0000-4609-9C48-6D79CDDDE4B5} - C:\Program Files\ProSiteFinder\ProSiteFinder.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Internet Explorer Web Content Catcher - {FFF4E223-7019-4ce7-BE03-D7D3C8CCE884} - C:\Program Files\DNS\Catcher.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [CHotkey] mHotkey.exe O4 - HKLM\..\Run: [AltnetPointsManager] c:\program files\altnet\points manager\points manager.exe -s O4 - HKLM\..\Run: [S3TRAY2] S3tray2.exe O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE O4 - HKLM\..\Run: [updater] C:\Program Files\Common files\updater\wupdater.exe O4 - HKLM\..\Run: [kdx] C:\WINDOWS\kdx\KHost.exe O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe O4 - HKLM\..\Run: [BearShare] "C:\Program Files\BearShare\BearShare.exe" /pause O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Kasper Antivirus] KASPERANTIVIRUS.EXE O4 - HKLM\..\Run: [AVSCHED32] C:\Program Files\AVPersonal\AVSched32.EXE /min O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [AVGCtrl] "C:\Program Files\AVPersonal\AVGNT.EXE" /min O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1124233303\ee\AOLHostManager.exe O4 - HKLM\..\Run: [Microsoft Windows DLL Services Configuration] windir32.exe O4 - HKLM\..\Run: [ProSiteFinder] "C:\Program Files\ProSiteFinder\ProSiteFinder.exe" O4 - HKLM\..\RunServices: [Microsoft Windows DLL Services Configuration] windir32.exe O4 - HKCU\..\Run: [AIM] C:\Program Files\aim\aim.exe -cnetwait.odl O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe" O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h O4 - HKCU\..\Run: [WhatPulse] C:\PROGRA~1\WHATPU~1\WHATPU~1.EXE O4 - HKCU\..\Run: [Microsoft Windows DLL Services Configuration] windir32.exe O4 - HKCU\..\Run: [services32] C:\Program Files\Common Files\Windows\mc-110-12-0000080.exe O4 - HKCU\..\Run: [DNS] C:\Program Files\Common Files\mc-110-12-0000080.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm O8 - Extra context menu item: &AOL Toolbar Search - res://c:\program files\aol\aol toolbar 2.0\aoltbhtml.dll/search.html O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll (file missing) O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll (file missing) O9 - Extra button: Freeprod Toolbar - {77FBF9B8-1D37-4FF2-9CED-192D8E3ABA6F} - C:\Program Files\Freeprod Toolbar\freeprod.dll O9 - Extra 'Tools' menuitem: Freeprod Toolbar - {77FBF9B8-1D37-4FF2-9CED-192D8E3ABA6F} - C:\Program Files\Freeprod Toolbar\freeprod.dll O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\aim\aim.exe O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/hamsterball/raptisoftgameloader.cab O16 - DPF: {084F552D-19EB-4668-9788-984CBC781A8F} (AsyncDownloader Class) - http://survey.otxresearch.com/Preloader.dll O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F98} (CR64Loader Object) - http://www.miniclip.com/bestfriends/miniclipGameLoader.dll O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} (WebGameLoader Class) - http://www.miniclip.com/ricochet/ReflexiveWebGameLoader.cab O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200305...meInstaller.exe O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/082ba5f166f30f81ca02/...ip/RdxIE601.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1123645516531 O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://134.29.41.185/activex/AxisCamControl.cab O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.peter-griffin.com/nsvplayx_vp3_mp3.cab O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.shockwave.com/content/zuma/popcaploader_v5.cab O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...312/mcfscan.cab O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX22/download/kdx.cab O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/_media/dalaillama/ampx.cab O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\PROGRAM FILES\AVPERSONAL\AVGUARD.EXE O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

Buckeye_Sam View Member Profile	Oct 3 2005, 08:41 PM Post #2
Malware Expert Posts: 10,017 OS: XP	Hi and welcome to GeeksToGo! My name is Sam and I will be helping you. Before we can get started on fixing your problem you must change the location of Hijackthis. It should not run directly from your desktop or a temp directory. Please create a directory on your c: drive called c:\hijackthis and download and unzip hijackthis into that directory. Run the program from that directory from now on. It is essential that you follow these steps or certain important features of the program will not function correctly. Once you have Hijackthis running from a permanent folder, please reboot and post a new hijackthis log.

jzt03 View Member Profile	Oct 3 2005, 09:46 PM Post #3
New Member Posts: 9 OS: Windows XP	Logfile of HijackThis v1.99.1 Scan saved at 11:45:01 PM, on 10/3/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRAM FILES\AVPERSONAL\AVGUARD.EXE C:\Program Files\AVPersonal\AVWUPSRV.EXE C:\Program Files\ewido\security suite\ewidoctrl.exe C:\Program Files\ewido\security suite\ewidoguard.exe C:\WINDOWS\system32\slserv.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\wanmpsvc.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\mHotkey.exe C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE C:\WINDOWS\kdx\KHost.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\AVPersonal\AVSched32.EXE C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\AVPersonal\AVGNT.EXE C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\aim\aim.exe C:\Program Files\Common Files\AOL\1124233303\ee\AOLHostManager.exe C:\Program Files\Common Files\AOL\1124233303\ee\AOLServiceHost.exe C:\PROGRA~1\WHATPU~1\WHATPU~1.EXE C:\Program Files\Common Files\AOL\1124233303\ee\AOLServiceHost.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Hijackthis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.emachines.com R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\Windows\System32\wsaupdater.exe, O2 - BHO: (no name) - {00000000-0000-43E1-B5E6-760767A67B4A} - C:\Program Files\ProSiteFinder\ProSiteFinder.dll (file missing) O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Internet Explorer Web Content Catcher - {FFF4E223-7019-4ce7-BE03-D7D3C8CCE884} - C:\Program Files\DNS\Catcher.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [CHotkey] mHotkey.exe O4 - HKLM\..\Run: [S3TRAY2] S3tray2.exe O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE O4 - HKLM\..\Run: [kdx] C:\WINDOWS\kdx\KHost.exe O4 - HKLM\..\Run: [BearShare] "C:\Program Files\BearShare\BearShare.exe" /pause O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Kasper Antivirus] KASPERANTIVIRUS.EXE O4 - HKLM\..\Run: [AVSCHED32] C:\Program Files\AVPersonal\AVSched32.EXE /min O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [AVGCtrl] "C:\Program Files\AVPersonal\AVGNT.EXE" /min O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1124233303\ee\AOLHostManager.exe O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck O4 - HKCU\..\Run: [AIM] C:\Program Files\aim\aim.exe -cnetwait.odl O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe" O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h O4 - HKCU\..\Run: [WhatPulse] C:\PROGRA~1\WHATPU~1\WHATPU~1.EXE O4 - HKCU\..\Run: [services32] C:\Program Files\Common Files\Windows\mc-110-12-0000080.exe O4 - HKCU\..\Run: [DNS] C:\Program Files\Common Files\mc-110-12-0000080.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm O8 - Extra context menu item: &AOL Toolbar Search - res://c:\program files\aol\aol toolbar 2.0\aoltbhtml.dll/search.html O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll (file missing) O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll (file missing) O9 - Extra button: Freeprod Toolbar - {77FBF9B8-1D37-4FF2-9CED-192D8E3ABA6F} - C:\Program Files\Freeprod Toolbar\freeprod.dll (file missing) O9 - Extra 'Tools' menuitem: Freeprod Toolbar - {77FBF9B8-1D37-4FF2-9CED-192D8E3ABA6F} - C:\Program Files\Freeprod Toolbar\freeprod.dll (file missing) O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\aim\aim.exe O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/hamsterball/raptisoftgameloader.cab O16 - DPF: {084F552D-19EB-4668-9788-984CBC781A8F} (AsyncDownloader Class) - http://survey.otxresearch.com/Preloader.dll O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F98} (CR64Loader Object) - http://www.miniclip.com/bestfriends/miniclipGameLoader.dll O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} (WebGameLoader Class) - http://www.miniclip.com/ricochet/ReflexiveWebGameLoader.cab O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200305...meInstaller.exe O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://207.188.7.150/082ba5f166f30f81ca02/...ip/RdxIE601.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1123645516531 O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://134.29.41.185/activex/AxisCamControl.cab O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.peter-griffin.com/nsvplayx_vp3_mp3.cab O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.shockwave.com/content/zuma/popcaploader_v5.cab O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...312/mcfscan.cab O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX22/download/kdx.cab O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/_media/dalaillama/ampx.cab O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\PROGRAM FILES\AVPERSONAL\AVGUARD.EXE O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

Buckeye_Sam View Member Profile	Oct 4 2005, 05:46 AM Post #4
Malware Expert Posts: 10,017 OS: XP	Please follow these steps: Please make sure that you can View Hidden Files Click Start -> My Computer Select Tools -> Folder options Select the View tab and make sure that 'Show hidden files and folders' (or 'Show all files') is enabled. Also make sure that 'Display the contents of system folders' is checked. For more info on how to show hidden files click here. Run Hijackthis again, click scan, and Put a checkmark next to each of these. Then close all other windows--you should only see HijackThis on your Desktop--and click the Fix Checked button. F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\Windows\System32\wsaupdater.exe, O2 - BHO: (no name) - {00000000-0000-43E1-B5E6-760767A67B4A} - C:\Program Files\ProSiteFinder\ProSiteFinder.dll (file missing) O2 - BHO: Internet Explorer Web Content Catcher - {FFF4E223-7019-4ce7-BE03-D7D3C8CCE884} - C:\Program Files\DNS\Catcher.dll O4 - HKLM\..\Run: [Kasper Antivirus] KASPERANTIVIRUS.EXE O4 - HKCU\..\Run: [services32] C:\Program Files\Common Files\Windows\mc-110-12-0000080.exe O4 - HKCU\..\Run: [DNS] C:\Program Files\Common Files\mc-110-12-0000080.exe O9 - Extra button: Freeprod Toolbar - {77FBF9B8-1D37-4FF2-9CED-192D8E3ABA6F} - C:\Program Files\Freeprod Toolbar\freeprod.dll (file missing) O9 - Extra 'Tools' menuitem: Freeprod Toolbar - {77FBF9B8-1D37-4FF2-9CED-192D8E3ABA6F} - C:\Program Files\Freeprod Toolbar\freeprod.dll (file missing) O16 - DPF: {084F552D-19EB-4668-9788-984CBC781A8F} (AsyncDownloader Class) - http://survey.otxresearch.com/Preloader.dll O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://207.188.7.150/082ba5f166f30f81ca02/...ip/RdxIE601.cab Please reboot your computer in SafeMode by doing the following: Restart your computer After hearing your computer beep once during startup, but before the Windows icon appears, press F8. Instead of Windows loading as normal, a menu should appear Select the first option, to run Windows in Safe Mode. If you have trouble getting into Safe mode go here for more info. Once in Safe mode, delete these files or directories (Do not be concerned if they do not exist): C:\Windows\System32\wsaupdater.exe, KASPERANTIVIRUS.EXE <-- search for this file C:\Program Files\Common Files\Windows\mc-110-12-0000080.exe C:\Program Files\Common Files\mc-110-12-0000080.exe C:\Program Files\Freeprod Toolbar <-- delete this folder C:\Program Files\ProSiteFinder <-- delete this folder C:\Program Files\DNS <-- delete this folder Reboot your computer to go back to normal mode. Please run Panda Online Virus Scan You must allow the active-x control to run when asked. There may be files that this scan will not remove. Please include that information in your next post. Reboot and post a new hijackthis log and the info from your virus scan.

jzt03 View Member Profile	Oct 4 2005, 02:09 PM Post #5
New Member Posts: 9 OS: Windows XP	I don't know why, but every time I attempted to run Panda Scan Internet Explorer would freeze up. Any suggestions? I went ahead and rebooted anyways. Here is my most recent HijackThis log. Logfile of HijackThis v1.99.1 Scan saved at 4:06:37 PM, on 10/4/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\PROGRAM FILES\AVPERSONAL\AVGUARD.EXE C:\Program Files\AVPersonal\AVWUPSRV.EXE C:\Program Files\ewido\security suite\ewidoctrl.exe C:\Program Files\ewido\security suite\ewidoguard.exe C:\WINDOWS\system32\slserv.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\wanmpsvc.exe C:\WINDOWS\mHotkey.exe C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE C:\WINDOWS\kdx\KHost.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\AVPersonal\AVSched32.EXE C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\AVPersonal\AVGNT.EXE C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\aim\aim.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Common Files\AOL\1124233303\ee\AOLHostManager.exe C:\Program Files\Common Files\AOL\1124233303\ee\AOLServiceHost.exe C:\Program Files\Common Files\AOL\1124233303\ee\AOLServiceHost.exe C:\PROGRA~1\WHATPU~1\WHATPU~1.EXE C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Hijackthis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.emachines.com R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [CHotkey] mHotkey.exe O4 - HKLM\..\Run: [S3TRAY2] S3tray2.exe O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE O4 - HKLM\..\Run: [kdx] C:\WINDOWS\kdx\KHost.exe O4 - HKLM\..\Run: [BearShare] "C:\Program Files\BearShare\BearShare.exe" /pause O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [AVSCHED32] C:\Program Files\AVPersonal\AVSched32.EXE /min O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [AVGCtrl] "C:\Program Files\AVPersonal\AVGNT.EXE" /min O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1124233303\ee\AOLHostManager.exe O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck O4 - HKCU\..\Run: [AIM] C:\Program Files\aim\aim.exe -cnetwait.odl O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe" O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h O4 - HKCU\..\Run: [WhatPulse] C:\PROGRA~1\WHATPU~1\WHATPU~1.EXE O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm O8 - Extra context menu item: &AOL Toolbar Search - res://c:\program files\aol\aol toolbar 2.0\aoltbhtml.dll/search.html O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll (file missing) O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll (file missing) O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\aim\aim.exe O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/hamsterball/raptisoftgameloader.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F98} (CR64Loader Object) - http://www.miniclip.com/bestfriends/miniclipGameLoader.dll O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} (WebGameLoader Class) - http://www.miniclip.com/ricochet/ReflexiveWebGameLoader.cab O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200305...meInstaller.exe O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1123645516531 O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://134.29.41.185/activex/AxisCamControl.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.peter-griffin.com/nsvplayx_vp3_mp3.cab O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.shockwave.com/content/zuma/popcaploader_v5.cab O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...312/mcfscan.cab O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX22/download/kdx.cab O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/_media/dalaillama/ampx.cab O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\PROGRAM FILES\AVPERSONAL\AVGUARD.EXE O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

Buckeye_Sam View Member Profile	Oct 4 2005, 02:29 PM Post #6
Malware Expert Posts: 10,017 OS: XP	It may be conflicting with your current antivirus program. Please disable your antivirus program, just for this scan. And let's try a different one, just in case the problem is on Panda's end. Please do an online scan with Kaspersky WebScanner Click on Kaspersky Online Scanner You will be promted to install an ActiveX component from Kaspersky, Click Yes. The program will launch and then begin downloading the latest definition files: Once the files have been downloaded click on NEXT Now click on Scan Settings In the scan settings make that the following are selected: Scan using the following Anti-Virus database: Extended (if available otherwise Standard) Scan Options: Scan Archives Scan Mail Bases Click OK Now under select a target to scan: Select My Computer This will program will start and scan your system. The scan will take a while so be patient and let it run. Once the scan is complete it will display if your system has been infected. Now click on the Save as Text button: Save the file to your desktop. Copy and paste that information in your next post. This post has been edited by Buckeye_Sam: Oct 4 2005, 02:29 PM

jzt03 View Member Profile	Oct 4 2005, 06:43 PM Post #7
New Member Posts: 9 OS: Windows XP	------------------------------------------------------------------------------- KASPERSKY ON-LINE SCANNER REPORT Tuesday, October 04, 2005 20:42:26 Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600) Kaspersky On-line Scanner version: 5.0.67.0 Kaspersky Anti-Virus database last update: 4/10/2005 Kaspersky Anti-Virus database records: 152426 ------------------------------------------------------------------------------- Scan Settings: Scan using the following antivirus database: extended Scan Archives: true Scan Mail Bases: true Scan Target - My Computer: A:\ C:\ D:\ E:\ Scan Statistics: Total number of scanned objects: 97183 Number of viruses found: 22 Number of infected objects: 64 Number of suspicious objects: 0 Duration of the scan process: 9257 sec Infected Object Name - Virus Name C:\Documents and Settings\Jordan Tetro\Local Settings\Temporary Internet Files\Content.IE5\K76LEZS9\maxifilesdns[1].zip/gui.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.a C:\Documents and Settings\Jordan Tetro\Local Settings\Temporary Internet Files\Content.IE5\K76LEZS9\maxifilesdns[1].zip Infected: not-a-virus:AdWare.Win32.Maxifiles.a C:\Documents and Settings\Jordan Tetro\mc-110-12-0000080.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.m C:\Documents and Settings\Jordan Tetro\My Documents\filelib\boondocksaint913\setup.exe/data0014/NHInstall.exe Infected: not-a-virus:AdWare.Win32.NavExcel.d C:\Documents and Settings\Jordan Tetro\My Documents\filelib\boondocksaint913\setup.exe/data0014 Infected: not-a-virus:AdWare.Win32.NavExcel.d C:\Documents and Settings\Jordan Tetro\My Documents\filelib\boondocksaint913\setup.exe Infected: not-a-virus:AdWare.Win32.NavExcel.d C:\Documents and Settings\Jordan Tetro\My Documents\filelib\dreadpiratejt\setup.exe/data0014/NHInstall.exe Infected: not-a-virus:AdWare.Win32.NavExcel.d C:\Documents and Settings\Jordan Tetro\My Documents\filelib\dreadpiratejt\setup.exe/data0014 Infected: not-a-virus:AdWare.Win32.NavExcel.d C:\Documents and Settings\Jordan Tetro\My Documents\filelib\dreadpiratejt\setup.exe Infected: not-a-virus:AdWare.Win32.NavExcel.d C:\Program Files\Common Files\Download\freeprodtb.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.o C:\Program Files\Common Files\Download\mc-110-12-0000080.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.l C:\Program Files\Common Files\InetGet\mc-110-12-0000080.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.h C:\Program Files\Common Files\system32.dll/gui.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.a C:\Program Files\Common Files\system32.dll Infected: not-a-virus:AdWare.Win32.Maxifiles.a C:\RECYCLER\S-1-5-21-3606957579-1760742329-173052698-1005\Dc1.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.h C:\RECYCLER\S-1-5-21-3606957579-1760742329-173052698-1005\Dc2\gui.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.a C:\RECYCLER\S-1-5-21-3606957579-1760742329-173052698-1008\Dc2.exe/WISE0023.BIN/data0001.cab/VVSN.exe Infected: not-a-virus:AdWare.Win32.SaveNow.z C:\RECYCLER\S-1-5-21-3606957579-1760742329-173052698-1008\Dc2.exe/WISE0023.BIN/data0001.cab Infected: not-a-virus:AdWare.Win32.SaveNow.z C:\RECYCLER\S-1-5-21-3606957579-1760742329-173052698-1008\Dc2.exe/WISE0023.BIN Infected: not-a-virus:AdWare.Win32.SaveNow.z C:\RECYCLER\S-1-5-21-3606957579-1760742329-173052698-1008\Dc2.exe/WISE0027.BIN Infected: not-a-virus:AdWare.Win32.SaveNow.bo C:\RECYCLER\S-1-5-21-3606957579-1760742329-173052698-1008\Dc2.exe Infected: not-a-virus:AdWare.Win32.SaveNow.bo C:\RECYCLER\S-1-5-21-3606957579-1760742329-173052698-1008\Dc3.exe/WISE0023.BIN/data0001.cab/VVSN.exe Infected: not-a-virus:AdWare.Win32.SaveNow.z C:\RECYCLER\S-1-5-21-3606957579-1760742329-173052698-1008\Dc3.exe/WISE0023.BIN/data0001.cab Infected: not-a-virus:AdWare.Win32.SaveNow.z C:\RECYCLER\S-1-5-21-3606957579-1760742329-173052698-1008\Dc3.exe/WISE0023.BIN Infected: not-a-virus:AdWare.Win32.SaveNow.z C:\RECYCLER\S-1-5-21-3606957579-1760742329-173052698-1008\Dc3.exe/WISE0027.BIN Infected: not-a-virus:AdWare.Win32.SaveNow.bo C:\RECYCLER\S-1-5-21-3606957579-1760742329-173052698-1008\Dc3.exe Infected: not-a-virus:AdWare.Win32.SaveNow.bo C:\System Volume Information\_restore{B3CD9181-416A-4A52-B4D0-230D2AB94EB8}\RP617\A0069826.exe Infected: not-a-virus:AdWare.Maxifiles.j C:\System Volume Information\_restore{B3CD9181-416A-4A52-B4D0-230D2AB94EB8}\RP617\A0069831.dll Infected: Trojan-Spy.Win32.Small.dj C:\System Volume Information\_restore{B3CD9181-416A-4A52-B4D0-230D2AB94EB8}\RP617\A0069839.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.m C:\System Volume Information\_restore{B3CD9181-416A-4A52-B4D0-230D2AB94EB8}\RP617\A0069840.com Infected: Backdoor.Win32.Aimbot.al C:\System Volume Information\_restore{B3CD9181-416A-4A52-B4D0-230D2AB94EB8}\RP617\A0069867.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.l C:\System Volume Information\_restore{B3CD9181-416A-4A52-B4D0-230D2AB94EB8}\RP617\A0069868.exe Infected: not-a-virus:AdWare.ToolBar.EliteBar.au C:\System Volume Information\_restore{B3CD9181-416A-4A52-B4D0-230D2AB94EB8}\RP617\A0069869.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.h C:\System Volume Information\_restore{B3CD9181-416A-4A52-B4D0-230D2AB94EB8}\RP617\A0069870.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.h C:\System Volume Information\_restore{B3CD9181-416A-4A52-B4D0-230D2AB94EB8}\RP617\A0069873.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.o C:\System Volume Information\_restore{B3CD9181-416A-4A52-B4D0-230D2AB94EB8}\RP617\A0069924.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.h C:\System Volume Information\_restore{B3CD9181-416A-4A52-B4D0-230D2AB94EB8}\RP617\A0069925.exe Infected: not-a-virus:AdWare.Win32.WinAD.bl C:\System Volume Information\_restore{B3CD9181-416A-4A52-B4D0-230D2AB94EB8}\RP617\A0069926.dll Infected: Trojan.Win32.EliteBar.d C:\System Volume Information\_restore{B3CD9181-416A-4A52-B4D0-230D2AB94EB8}\RP617\A0069936.exe/data0001.cab/VVSN.exe Infected: not-a-virus:AdWare.Win32.SaveNow.z C:\System Volume Information\_restore{B3CD9181-416A-4A52-B4D0-230D2AB94EB8}\RP617\A0069936.exe/data0001.cab Infected: not-a-virus:AdWare.Win32.SaveNow.z C:\System Volume Information\_restore{B3CD9181-416A-4A52-B4D0-230D2AB94EB8}\RP617\A0069936.exe Infected: not-a-virus:AdWare.Win32.SaveNow.z C:\System Volume Information\_restore{B3CD9181-416A-4A52-B4D0-230D2AB94EB8}\RP617\A0069937.dll/gui.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.a C:\System Volume Information\_restore{B3CD9181-416A-4A52-B4D0-230D2AB94EB8}\RP617\A0069937.dll Infected: not-a-virus:AdWare.Win32.Maxifiles.a C:\System Volume Information\_restore{B3CD9181-416A-4A52-B4D0-230D2AB94EB8}\RP617\A0069938.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.a C:\System Volume Information\_restore{B3CD9181-416A-4A52-B4D0-230D2AB94EB8}\RP617\A0069942.dll Infected: not-a-virus:AdWare.Win32.ClearSearch.y C:\System Volume Information\_restore{B3CD9181-416A-4A52-B4D0-230D2AB94EB8}\RP617\A0069943.dll Infected: not-a-virus:AdWare.Win32.ClearSearch.z C:\System Volume Information\_restore{B3CD9181-416A-4A52-B4D0-230D2AB94EB8}\RP617\A0069944.exe Infected: not-a-virus:AdWare.Win32.ClearSearch.ac C:\System Volume Information\_restore{B3CD9181-416A-4A52-B4D0-230D2AB94EB8}\RP617\A0069946.exe Infected: not-a-virus:AdWare.ToolBar.EliteBar.au C:\System Volume Information\_restore{B3CD9181-416A-4A52-B4D0-230D2AB94EB8}\RP617\A0069947.exe Infected: not-a-virus:Dialer.Win32.Hacker C:\System Volume Information\_restore{B3CD9181-416A-4A52-B4D0-230D2AB94EB8}\RP617\A0069948.exe Infected: not-a-virus:Dialer.Win32.Hacker C:\System Volume Information\_restore{B3CD9181-416A-4A52-B4D0-230D2AB94EB8}\RP617\A0070204.dll Infected: not-a-virus:AdWare.Win32.ClearSearch.y C:\System Volume Information\_restore{B3CD9181-416A-4A52-B4D0-230D2AB94EB8}\RP619\A0070288.exe Infected: Backdoor.Win32.Aimbot.al C:\System Volume Information\_restore{B3CD9181-416A-4A52-B4D0-230D2AB94EB8}\RP619\A0070289.exe Infected: not-a-virus:AdWare.Maxifiles.j C:\System Volume Information\_restore{B3CD9181-416A-4A52-B4D0-230D2AB94EB8}\RP619\A0070290.dll Infected: not-a-virus:AdWare.Win32.ClearSearch.z C:\System Volume Information\_restore{B3CD9181-416A-4A52-B4D0-230D2AB94EB8}\RP619\A0070291.exe Infected: not-a-virus:AdWare.Win32.ClearSearch.ac C:\System Volume Information\_restore{B3CD9181-416A-4A52-B4D0-230D2AB94EB8}\RP619\A0070292.dll Infected: Trojan-Spy.Win32.Small.dj C:\System Volume Information\_restore{B3CD9181-416A-4A52-B4D0-230D2AB94EB8}\RP619\A0070372.DLL Infected: not-a-virus:AdWare.Win32.ClearSearch.ae C:\System Volume Information\_restore{B3CD9181-416A-4A52-B4D0-230D2AB94EB8}\RP619\A0070376.dll Infected: not-a-virus:AdWare.Win32.ClearSearch.y C:\System Volume Information\_restore{B3CD9181-416A-4A52-B4D0-230D2AB94EB8}\RP621\A0070498.dll/gui.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.a C:\System Volume Information\_restore{B3CD9181-416A-4A52-B4D0-230D2AB94EB8}\RP621\A0070498.dll Infected: not-a-virus:AdWare.Win32.Maxifiles.a C:\System Volume Information\_restore{B3CD9181-416A-4A52-B4D0-230D2AB94EB8}\RP621\A0070499.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.a C:\System Volume Information\_restore{B3CD9181-416A-4A52-B4D0-230D2AB94EB8}\RP621\A0070516.exe Infected: not-a-virus:AdWare.ClearSearch.aj C:\System Volume Information\_restore{B3CD9181-416A-4A52-B4D0-230D2AB94EB8}\RP621\A0070517.exe Infected: Backdoor.Win32.Ruledor.j C:\WINDOWS\hosts Infected: Trojan.BAT.Delude.f Scan process completed.

Buckeye_Sam View Member Profile	Oct 4 2005, 07:51 PM Post #8
Malware Expert Posts: 10,017 OS: XP	It's not as bad as it looks. Please delete these files: C:\Documents and Settings\Jordan Tetro\mc-110-12-0000080.exe C:\Documents and Settings\Jordan Tetro\My Documents\filelib\boondocksaint913\setup.exe C:\Program Files\Common Files\Download\freeprodtb.exe C:\Program Files\Common Files\Download\mc-110-12-0000080.exe C:\Program Files\Common Files\InetGet\mc-110-12-0000080.exe C:\Program Files\Common Files\system32.dll Please download and install Cleanup 4.0 Now run CleanUp IMPORTANT! CleanUp deletes EVERYTHING out of your temp/temporary folders, it does not make backups. If you have any documents or programs that are saved in any Temporary Folders, please make a backup of these before running CleanUp Running CleanUp Start CleanUp by double-clicking the icon on your desktop (or from the Start > All Programs menu). When CleanUp starts go to the Options button (right side of CleanUp screen) Move the arrow down to "Custom CleanUp!" Now place a checkmark next to the following (Make sure nothing else is checked!): Delete Cookies This is optional, if you leave the box checked it will remove all of your cookies, at this point removing cookies is a good idea Empty Recycle Bins Delete Prefetch files Cleanup! All Users Click OK Then click on the CleanUp button. This will take a short while, let it do its thing. When asked to reboot system select Yes Close CleanUp Please post a new hijackthis log and let me know of any problems that you are still having.

jzt03 View Member Profile	Oct 6 2005, 02:13 PM Post #9
New Member Posts: 9 OS: Windows XP	Logfile of HijackThis v1.99.1 Scan saved at 4:11:48 PM, on 10/6/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRAM FILES\AVPERSONAL\AVGUARD.EXE C:\Program Files\AVPersonal\AVWUPSRV.EXE C:\Program Files\ewido\security suite\ewidoctrl.exe C:\Program Files\ewido\security suite\ewidoguard.exe C:\WINDOWS\system32\slserv.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\wanmpsvc.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\mHotkey.exe C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE C:\WINDOWS\kdx\KHost.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\AVPersonal\AVSched32.EXE C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\AVPersonal\AVGNT.EXE C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\aim\aim.exe C:\Program Files\Common Files\AOL\1124233303\ee\AOLHostManager.exe C:\Program Files\Common Files\AOL\1124233303\ee\AOLServiceHost.exe C:\PROGRA~1\WHATPU~1\WHATPU~1.EXE C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\Program Files\Common Files\AOL\1124233303\ee\AOLServiceHost.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Hijackthis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.emachines.com R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [CHotkey] mHotkey.exe O4 - HKLM\..\Run: [S3TRAY2] S3tray2.exe O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE O4 - HKLM\..\Run: [kdx] C:\WINDOWS\kdx\KHost.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [AVSCHED32] C:\Program Files\AVPersonal\AVSched32.EXE /min O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [AVGCtrl] "C:\Program Files\AVPersonal\AVGNT.EXE" /min O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1124233303\ee\AOLHostManager.exe O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck O4 - HKCU\..\Run: [AIM] C:\Program Files\aim\aim.exe -cnetwait.odl O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe" O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h O4 - HKCU\..\Run: [WhatPulse] C:\PROGRA~1\WHATPU~1\WHATPU~1.EXE O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm O8 - Extra context menu item: &AOL Toolbar Search - res://c:\program files\aol\aol toolbar 2.0\aoltbhtml.dll/search.html O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll (file missing) O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll (file missing) O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\aim\aim.exe O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/kws/kav...can_unicode.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200305...meInstaller.exe O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1123645516531 O16 - DPF: {8EB3FF4E-86A1-4717-884D-7BA2D38272CB} (F-Secure Online Scanner) - http://support.f-secure.com/ols/fscax.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...312/mcfscan.cab O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX22/download/kdx.cab O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\PROGRAM FILES\AVPERSONAL\AVGUARD.EXE O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe For the most part, things seem to be running fine now.

Buckeye_Sam View Member Profile	Oct 6 2005, 05:02 PM Post #10
Malware Expert Posts: 10,017 OS: XP	Your log is clean! Now that you are clean, please follow these simple steps in order to keep your computer clean and secure: Disable and Enable System Restore. - If you are using Windows ME or XP then you should disable and reenable system restore to make sure there are no infected files found in a restore point left over from what we have just cleaned. You can find instructions on how to enable and reenable system restore here: Managing Windows Millenium System Restore or Windows XP System Restore Guide Renable system restore with instructions from tutorial above Make your Internet Explorer more secure - This can be done by following these simple instructions: From within Internet Explorer click on the Tools menu and then click on Options. Click once on the Security tab Click once on the Internet icon so it becomes highlighted. Click once on the Custom Level button. Change the Download signed ActiveX controls to Prompt Change the Download unsigned ActiveX controls to Disable Change the Initialize and script ActiveX controls not marked as safe to Disable Change the Installation of desktop items to Prompt Change the Launching programs and files in an IFRAME to Prompt Change the Navigate sub-frames across different domains to Prompt When all these settings have been made, click on the OK button. If it prompts you as to whether or not you want to save the settings, press the Yes button. Next press the Apply button and then the OK to exit the Internet Properties page. Use an AntiVirus Software - It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future. See this link for a listing of some online & their stand-alone antivirus programs: Virus, Spyware, and Malware Protection and Removal Resources Update your AntiVirus Software - It is imperitive that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out. Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is succeptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly. For a tutorial on Firewalls and a listing of some available ones see the link below: Understanding and Using Firewalls Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates. Install Spybot - Search and Destroy - Install and download Spybot - Search and Destroy with its TeaTimer option. This will provide realtime spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with program on a regular basis just as you would an antivirus software. A tutorial on installing & using this product can be found here: Using Spybot - Search & Destroy to remove Spyware , Malware, and Hijackers Install Ad-Aware - Install and download Ad-Aware. ou should also scan your computer with program on a regular basis just as you would an antivirus software in conjunction with Spybot. A tutorial on installing & using this product can be found here: Using Ad-aware to remove Spyware, Malware, & Hijackers from Your Computer Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs. A tutorial on installing & using this product can be found here: Using SpywareBlaster to protect your computer from Spyware and Malware Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released. Follow this list and your potential for being infected again will reduce dramatically.

Buckeye_Sam View Member Profile	Oct 20 2005, 03:51 PM Post #11
Malware Expert Posts: 10,017 OS: XP	Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread. Everyone else please begin a New Topic.

« Next Oldest · Virus, Spyware and Trojan Removal · Next Newest »

1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)

0 Members:

Topic Title	Replies / Views	Topic Information
Virus, Spyware and Trojan Removal I think I have Freeprod? [RESOLVED] 12	16 / 398	10th October 2005 - 08:38 PM bittrswtt started - last by greyknight17
Virus, Spyware and Trojan Removal Freeprod.com/P2P [RESOLVED]	7 / 271	12th January 2006 - 07:55 AM UCCF started - last by Armodeluxe
Virus, Spyware and Trojan Removal freeprod = adware? [RESOLVED] 12	18 / 568	5th March 2006 - 09:00 AM wru200 started - last by Buckeye_Sam
Virus, Spyware and Trojan Removal Toolbar888, Freeprod and command exe [RESOLVED] 12	19 / 500	22nd April 2006 - 06:08 PM inferno_blaze started - last by don77