Please Help [RESOLVED]

Need a geek? You've come to the right place! Geeks to Go offers free, quality technical support, in a non-technical way. Volunteers are waiting to help. Friendly, technology experts who have knowledge to share, and find reward in helping others. Feel free to browse the site as a guest. However, to reply to a topic, or start a new one, you'll need to register (also removes advertising). New here? Visit our Welcome Guide. Infected with a Virus, Spyware, or Trojan? Read our Malware and Spyware Cleaning Guide.

> Geeks to Go! » Security » Virus, Spyware and Trojan Removal

Please Help [RESOLVED], So Many Errors

Options

Cheerio View Member Profile	Aug 28 2005, 10:10 PM Post #1
New Member Posts: 3 OS: XP	I read this forum and did all of it (You Must Read This Before Posting A Hijackthis Log, Required steps before posting your log) But I am still having problems. Thanks in advance to anyone who answers.... Here is my log: Logfile of HijackThis v1.99.1 Scan saved at 10:57:30 PM, on 8/28/2005 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: F:\WINDOWS\System32\smss.exe F:\WINDOWS\system32\winlogon.exe F:\WINDOWS\system32\services.exe F:\WINDOWS\system32\lsass.exe F:\WINDOWS\system32\svchost.exe F:\WINDOWS\System32\svchost.exe F:\WINDOWS\system32\spoolsv.exe F:\WINDOWS\Explorer.EXE F:\WINDOWS\System32\CTHELPER.EXE F:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe F:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe F:\WINDOWS\system32\dla\tfswctrl.exe F:\Program Files\Winamp\winampa.exe F:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe F:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe F:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe F:\Program Files\Logitech\MouseWare\system\em_exec.exe G:\Tiger Technologies\DeskFlag\deskflag.exe F:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe F:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe F:\WINDOWS\System32\ZoneLabs\isafe.exe F:\WINDOWS\System32\CTsvcCDA.exe F:\WINDOWS\System32\svchost.exe F:\WINDOWS\system32\ZoneLabs\vsmon.exe F:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe F:\WINDOWS\System32\wuauclt.exe F:\Program Files\Internet Explorer\iexplore.exe F:\WINDOWS\system32\notepad.exe F:\Program Files\Internet Explorer\iexplore.exe F:\Programs in Use\hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/...rch/search.html R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - F:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file) O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file) O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - F:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file) O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - F:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - F:\WINDOWS\system32\msdxm.ocx O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE O4 - HKLM\..\Run: [UpdReg] F:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [Jet Detection] "F:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe" O4 - HKLM\..\Run: [CTStartup] F:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run O4 - HKLM\..\Run: [AVG7_CC] F:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [AVG7_EMC] F:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe O4 - HKLM\..\Run: [dla] F:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [Keyboard ] F:\Program Files\kb_2k.exe O4 - HKLM\..\Run: [WinampAgent] F:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [StorageGuard] "F:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [QuickTime Task] "F:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [NeroFilterCheck] F:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Microsoft Works Update Detection] F:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe O4 - HKLM\..\Run: [iTunesHelper] F:\Program Files\iTunes\iTunesHelper.exe O4 - HKLM\..\Run: [AdaptecDirectCD] "F:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" O4 - HKLM\..\Run: [HP Software Update] "C:\HP Software Update\HPWuSchd2.exe" O4 - HKLM\..\Run: [HP Component Manager] "F:\Program Files\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [Zone Labs Client] F:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe O4 - HKCU\..\Run: [Yahoo! Pager] F:\Program Files\Yahoo!\Messenger\ypager.exe -quiet O4 - HKCU\..\Run: [RemoteCenter] F:\Program Files\Creative\SBLive\RemoteCenter\Rc\RcMan.EXE O4 - HKCU\..\Run: [MoneyAgent] "F:\Program Files\Microsoft Money\System\mnyexpr.exe" O4 - Startup: DeskFlag.lnk = G:\Tiger Technologies\DeskFlag\deskflag.exe O4 - Startup: Webshots.lnk = F:\Program Files\Webshots\Launcher.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Digital Imaging\bin\hpqthb08.exe O4 - Global Startup: Microsoft Office.lnk = F:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: Printkey2000.lnk = F:\Program Files\PrintKey2000\Printkey2000.exe O8 - Extra context menu item: &Yahoo! Search - file:///F:\Program Files\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: Yahoo! &Dictionary - file:///F:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///F:\Program Files\Yahoo!\Common/ycdict.htm O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - F:\Program Files\Yahoo!\Companion\Modules\messmod2\v4\yhexbmes.dll O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - F:\Program Files\Yahoo!\Companion\Modules\messmod2\v4\yhexbmes.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\MSMSGS.EXE O12 - Plugin for .spop: F:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: Yahoo! Dominoes - http://download.games.yahoo.com/games/clients/y/dot8_x.cab O16 - DPF: Yahoo! Pinochle - http://download.games.yahoo.com/games/clients/y/ut2_x.cab O16 - DPF: Yahoo! Poker - http://download.games.yahoo.com/games/clients/y/pt3_x.cab O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/pote_x.cab O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409 O16 - DPF: {24311111-1111-1121-1111-111191113457} - file://c:\eied_s7.cab O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...nst20040510.cab O16 - DPF: {33331111-1111-1111-1111-611111193457} - file://c:\ex.cab O16 - DPF: {33331111-1111-1111-1111-611111193458} - file://c:\ex.cab O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://appldnld.m7z.net/content.info.apple...iTunesSetup.exe O16 - DPF: {43331111-1111-1111-1111-611111195622} - file://c:\ex.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.com/scan8/oscan8.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1124495947730 O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab O16 - DPF: {8EB3FF4E-86A1-4717-884D-7BA2D38272CB} (F-Secure Online Scanner) - http://support.f-secure.com/ols/fscax.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} (Anonymizer Anti-Spyware Scanner) - http://download.zonelabs.com/bin/promotion...ctor/WebAAS.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{1CB78995-88D3-4BD0-8C0F-7C35B943D8FF}: NameServer = 64.91.3.46 209.142.136.85 O17 - HKLM\System\CS1\Services\Tcpip\..\{1CB78995-88D3-4BD0-8C0F-7C35B943D8FF}: NameServer = 64.91.3.46 209.142.136.85 O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - F:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - F:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - F:\WINDOWS\System32\ZoneLabs\isafe.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - F:\WINDOWS\System32\CTsvcCDA.exe O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - F:\Program Files\iPod\bin\iPodService.exe O23 - Service: Pml Driver HPZ12 - HP - F:\WINDOWS\System32\HPZipm12.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - F:\WINDOWS\system32\ZoneLabs\vsmon.exe

Buckeye_Sam View Member Profile	Aug 30 2005, 01:54 PM Post #2
Malware Expert Posts: 10,017 OS: XP	Hi and welcome to GeeksToGo! My name is Sam and I will be helping you. Please download Ewido Security Suite it is a trial version of the program. Install ewido security suite When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu". Launch ewido, there should be an icon on your desktop double-click it. The program will now go to the main screen You will need to update ewido to the latest definition files. On the left hand side of the main screen click update Then click on Start Update The update will start and a progress bar will show the updates being installed. If you are having problems with the updater, you can use this link to manually update ewido. http://www.ewido.net/en/download/updates/ Once the updates are installed do the following: Click on scanner Click on Complete System Scan and the scan will begin. While the scan is in progress you will be prompted to clean files, click OK When it asks if you want to clean the first file, put a check in the lower left corner of the box that says "Perform action on all infections" then choose clean and click OK. Once the scan has completed, there will be a button located on the bottom of the screen named Save report Click Save report. Save the report .txt file to your desktop. Now close ewido security suite. Reboot your computer and post a new hijackthis log and the log from Ewido.

Cheerio View Member Profile	Aug 31 2005, 10:09 PM Post #3
New Member Posts: 3 OS: XP	Thanks for the help Sam. I'm Cheryl and appreciate the help. I did as you asked. I think I even see an apparent problem that my kids have done. They have their own pc and still use mine though. I think they just lost that privilage. Here is my HJT log: Logfile of HijackThis v1.99.1 Scan saved at 5:51:51 PM, on 8/31/2005 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: F:\WINDOWS\System32\smss.exe F:\WINDOWS\system32\winlogon.exe F:\WINDOWS\system32\services.exe F:\WINDOWS\system32\lsass.exe F:\WINDOWS\system32\svchost.exe F:\WINDOWS\System32\svchost.exe F:\WINDOWS\system32\spoolsv.exe F:\WINDOWS\Explorer.EXE F:\WINDOWS\System32\CTHELPER.EXE F:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe F:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe F:\WINDOWS\system32\dla\tfswctrl.exe F:\Program Files\kb_2k.exe F:\Program Files\Winamp\winampa.exe F:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe F:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe F:\Program Files\iTunes\iTunesHelper.exe F:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe C:\HP Software Update\HPWuSchd2.exe F:\Program Files\HP\hpcoretech\hpcmpmgr.exe F:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe F:\Program Files\Creative\SBLive\RemoteCenter\Rc\RcMan.EXE F:\Program Files\Logitech\MouseWare\system\em_exec.exe F:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe C:\Digital Imaging\bin\hpqtra08.exe F:\Program Files\PrintKey2000\Printkey2000.exe G:\Tiger Technologies\DeskFlag\deskflag.exe F:\PROGRA~1\Webshots\webshots.scr C:\Digital Imaging\bin\hpqgalry.exe F:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe F:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe F:\WINDOWS\System32\ZoneLabs\isafe.exe F:\WINDOWS\System32\CTsvcCDA.exe F:\Program Files\ewido\security suite\ewidoctrl.exe F:\WINDOWS\System32\svchost.exe F:\WINDOWS\system32\ZoneLabs\vsmon.exe F:\WINDOWS\System32\MsPMSPSv.exe F:\Program Files\iPod\bin\iPodService.exe F:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe F:\Program Files\Creative\SBLive\RemoteCenter\Center\RCenter.exe F:\Program Files\Creative\ShareDLL\MEDIADET.EXE F:\WINDOWS\System32\wuauclt.exe F:\Programs in Use\hijackthis\HijackThis.exe F:\WINDOWS\System32\wuauclt.exe O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - F:\Program Files\Yahoo\Companion\Installs\cpn\ycomp5_5_7_0.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - F:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file) O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - F:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - F:\WINDOWS\system32\msdxm.ocx O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE O4 - HKLM\..\Run: [Jet Detection] "F:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe" O4 - HKLM\..\Run: [CTStartup] F:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run O4 - HKLM\..\Run: [AVG7_CC] F:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [AVG7_EMC] F:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe O4 - HKLM\..\Run: [dla] F:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [Keyboard ] F:\Program Files\kb_2k.exe O4 - HKLM\..\Run: [WinampAgent] F:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [StorageGuard] "F:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [QuickTime Task] "F:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [NeroFilterCheck] F:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Microsoft Works Update Detection] F:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe O4 - HKLM\..\Run: [iTunesHelper] F:\Program Files\iTunes\iTunesHelper.exe O4 - HKLM\..\Run: [AdaptecDirectCD] "F:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" O4 - HKLM\..\Run: [HP Software Update] "C:\HP Software Update\HPWuSchd2.exe" O4 - HKLM\..\Run: [HP Component Manager] "F:\Program Files\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [Zone Labs Client] F:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe O4 - HKCU\..\Run: [Yahoo! Pager] F:\Program Files\Yahoo!\Messenger\ypager.exe -quiet O4 - HKCU\..\Run: [RemoteCenter] F:\Program Files\Creative\SBLive\RemoteCenter\Rc\RcMan.EXE O4 - HKCU\..\Run: [MoneyAgent] "F:\Program Files\Microsoft Money\System\mnyexpr.exe" O4 - Startup: DeskFlag.lnk = G:\Tiger Technologies\DeskFlag\deskflag.exe O4 - Startup: Webshots.lnk = F:\Program Files\Webshots\Launcher.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Digital Imaging\bin\hpqthb08.exe O4 - Global Startup: Microsoft Office.lnk = F:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: Printkey2000.lnk = F:\Program Files\PrintKey2000\Printkey2000.exe O8 - Extra context menu item: &Yahoo! Search - file:///F:\Program Files\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: Yahoo! &Dictionary - file:///F:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///F:\Program Files\Yahoo!\Common/ycdict.htm O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - F:\Program Files\Yahoo!\Companion\Modules\messmod2\v4\yhexbmes.dll O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - F:\Program Files\Yahoo!\Companion\Modules\messmod2\v4\yhexbmes.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\MSMSGS.EXE O12 - Plugin for .spop: F:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: Yahoo! Dominoes - http://download.games.yahoo.com/games/clients/y/dot8_x.cab O16 - DPF: Yahoo! Pinochle - http://download.games.yahoo.com/games/clients/y/ut2_x.cab O16 - DPF: Yahoo! Poker - http://download.games.yahoo.com/games/clients/y/pt3_x.cab O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/pote_x.cab O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409 O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...nst20040510.cab O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://appldnld.m7z.net/content.info.apple...9-0312.20050111 .MmVrT/iTunesSetup.exe O16 - DPF: {43331111-1111-1111-1111-611111195622} - file://c:\ex.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.com/scan8/oscan8.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...lient/wuweb_sit e.cab?1124495947730 O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...ro.com/housecal l/xscan53.cab O16 - DPF: {8EB3FF4E-86A1-4717-884D-7BA2D38272CB} (F-Secure Online Scanner) - http://support.f-secure.com/ols/fscax.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} (Anonymizer Anti-Spyware Scanner) - http://download.zonelabs.com/bin/promotion...ctor/WebAAS.cab O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - F:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - F:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - F:\WINDOWS\System32\ZoneLabs\isafe.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - F:\WINDOWS\System32\CTsvcCDA.exe O23 - Service: ewido security suite control - ewido networks - F:\Program Files\ewido\security suite\ewidoctrl.exe O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - F:\Program Files\iPod\bin\iPodService.exe O23 - Service: Pml Driver HPZ12 - HP - F:\WINDOWS\System32\HPZipm12.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - F:\WINDOWS\system32\ZoneLabs\vsmon.exe Here is my Ewido log: --------------------------------------------------------- ewido security suite - Scan report --------------------------------------------------------- + Created on: 5:06:50 PM, 8/31/2005 + Report-Checksum: 63062FE2 + Scan result: H:Our Stuff\CrackSearcher.rar/CrackSearcher.exe -> Not-A-Virus.HackTool.CrackSearch.a : Cleaned with backup F:\Documents and Settings\Cheryl\Cookies\cheryl@ad.yieldmanager[2].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup F:\Documents and Settings\Cheryl\Cookies\cheryl@ads.pointroll[2].txt -> Spyware.Cookie.Pointroll : Cleaned with backup F:\Documents and Settings\Cheryl\Cookies\cheryl@advertising[1].txt -> Spyware.Cookie.Advertising : Cleaned with backup F:\Documents and Settings\Cheryl\Cookies\cheryl@as-us.falkag[1].txt -> Spyware.Cookie.Falkag : Cleaned with backup F:\Documents and Settings\Cheryl\Cookies\cheryl@atdmt[1].txt -> Spyware.Cookie.Atdmt : Cleaned with backup F:\Documents and Settings\Cheryl\Cookies\cheryl@bs.serving-sys[2].txt -> Spyware.Cookie.Serving-sys : Cleaned with backup F:\Documents and Settings\Cheryl\Cookies\cheryl@casalemedia[2].txt -> Spyware.Cookie.Casalemedia : Cleaned with backup F:\Documents and Settings\Cheryl\Cookies\cheryl@centrport[2].txt -> Spyware.Cookie.Centrport : Cleaned with backup F:\Documents and Settings\Cheryl\Cookies\cheryl@fastclick[1].txt -> Spyware.Cookie.Fastclick : Cleaned with backup F:\Documents and Settings\Cheryl\Cookies\cheryl@questionmarket[2].txt -> Spyware.Cookie.Questionmarket : Cleaned with backup F:\Documents and Settings\Cheryl\Cookies\cheryl@servedby.advertising[2].txt -> Spyware.Cookie.Advertising : Cleaned with backup F:\Documents and Settings\Cheryl\Cookies\cheryl@serving-sys[2].txt -> Spyware.Cookie.Serving-sys : Cleaned with backup F:\Documents and Settings\Cheryl\Cookies\cheryl@tribalfusion[1].txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup F:\Documents and Settings\Cheryl\Cookies\cheryl@z1.adserver[1].txt -> Spyware.Cookie.Adserver : Cleaned with backup ::Report End I probably gonna have to refomat that partition don't ya think? I tried also to use the Disk Cleanup under system tools and it wouldn't work it got so far and stopped so I did some more searching around and under F:\Documents and Settings\Cheryl\LocalSettings\Temp........I can't delete anything in this folder and I should be able too shouldn't I? There are files there with weird names like: ~DF437F.tmp, ~DFF559.tmp, Temporary Directory 1 for DVDXCopy.Platinum.v3.2.1-EAT.ShareReactor_x_copy_xcopy_clone_any_dvd_burn_rip_includes_xpress_express(2).zip These are in hidden folders.....and won't delete. Thanks again for the help and let me know if this is something that my boys might have done, if you can tell.

Buckeye_Sam View Member Profile	Sep 1 2005, 03:20 PM Post #4
Malware Expert Posts: 10,017 OS: XP	It's not too bad at all. There shouldn't be any reason to format your drive. Run Hijackthis again, click scan, and Put a checkmark next to each of these. Then close all other windows--you should only see HijackThis on your Desktop--and click the Fix Checked button. O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file) O16 - DPF: {43331111-1111-1111-1111-611111195622} - file://c:\ex.cab Delete this file, if present: c:\ex.cab Please download and install Cleanup 4.0 Now run CleanUp IMPORTANT! CleanUp deletes EVERYTHING out of your temp/temporary folders, it does not make backups. If you have any documents or programs that are saved in any Temporary Folders, please make a backup of these before running CleanUp Running CleanUp Start CleanUp by double-clicking the icon on your desktop (or from the Start > All Programs menu). When CleanUp starts go to the Options button (right side of CleanUp screen) Move the arrow down to "Custom CleanUp!" Now place a checkmark next to the following (Make sure nothing else is checked!): Delete Cookies This is optional, if you leave the box checked it will remove all of your cookies, at this point removing cookies is a good idea Empty Recycle Bins Delete Prefetch files Cleanup! All Users Click OK Then click on the CleanUp button. This will take a short while, let it do its thing. When asked to reboot system select Yes Close CleanUp Please post a new hijackthis log. Make sure you check the formatting on notepad or whatever you are viewing the log with. The log is very difficult to read when the spacing is off like in your last post. Let me know what problems you are still having.

Cheerio View Member Profile	Sep 3 2005, 01:33 PM Post #5
New Member Posts: 3 OS: XP	thanks sam........ Here is my new log after running cleanup: Logfile of HijackThis v1.99.1 Scan saved at 12:14:26 PM, on 9/3/2005 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: F:\WINDOWS\System32\smss.exe F:\WINDOWS\system32\winlogon.exe F:\WINDOWS\system32\services.exe F:\WINDOWS\system32\lsass.exe F:\WINDOWS\system32\svchost.exe F:\WINDOWS\System32\svchost.exe F:\WINDOWS\system32\spoolsv.exe F:\WINDOWS\Explorer.EXE F:\WINDOWS\System32\CTHELPER.EXE F:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe F:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe F:\WINDOWS\system32\dla\tfswctrl.exe F:\Program Files\Winamp\winampa.exe F:\Program Files\Logitech\MouseWare\system\em_exec.exe F:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe F:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe F:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe F:\Program Files\PrintKey2000\Printkey2000.exe G:\Tiger Technologies\DeskFlag\deskflag.exe F:\PROGRA~1\Webshots\webshots.scr F:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe F:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe F:\WINDOWS\System32\ZoneLabs\isafe.exe F:\WINDOWS\System32\CTsvcCDA.exe F:\Program Files\ewido\security suite\ewidoctrl.exe F:\WINDOWS\System32\svchost.exe F:\WINDOWS\system32\ZoneLabs\vsmon.exe F:\WINDOWS\System32\MsPMSPSv.exe F:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe F:\WINDOWS\System32\wuauclt.exe F:\WINDOWS\system32\NOTEPAD.EXE F:\Programs in Use\hijackthis\HijackThis.exe O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - F:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - F:\WINDOWS\system32\dla\tfswshx.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - F:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - F:\WINDOWS\system32\msdxm.ocx O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE O4 - HKLM\..\Run: [Jet Detection] "F:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe" O4 - HKLM\..\Run: [CTStartup] F:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run O4 - HKLM\..\Run: [AVG7_CC] F:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [AVG7_EMC] F:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe O4 - HKLM\..\Run: [dla] F:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [Keyboard ] F:\Program Files\kb_2k.exe O4 - HKLM\..\Run: [WinampAgent] F:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [StorageGuard] "F:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [QuickTime Task] "F:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [NeroFilterCheck] F:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Microsoft Works Update Detection] F:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe O4 - HKLM\..\Run: [iTunesHelper] F:\Program Files\iTunes\iTunesHelper.exe O4 - HKLM\..\Run: [AdaptecDirectCD] "F:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" O4 - HKLM\..\Run: [HP Software Update] "C:\HP Software Update\HPWuSchd2.exe" O4 - HKLM\..\Run: [HP Component Manager] "F:\Program Files\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [Zone Labs Client] F:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe O4 - HKCU\..\Run: [Yahoo! Pager] F:\Program Files\Yahoo!\Messenger\ypager.exe -quiet O4 - HKCU\..\Run: [RemoteCenter] F:\Program Files\Creative\SBLive\RemoteCenter\Rc\RcMan.EXE O4 - HKCU\..\Run: [MoneyAgent] "F:\Program Files\Microsoft Money\System\mnyexpr.exe" O4 - Startup: DeskFlag.lnk = G:\Tiger Technologies\DeskFlag\deskflag.exe O4 - Startup: Webshots.lnk = F:\Program Files\Webshots\Launcher.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Digital Imaging\bin\hpqthb08.exe O4 - Global Startup: Microsoft Office.lnk = F:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: Printkey2000.lnk = F:\Program Files\PrintKey2000\Printkey2000.exe O8 - Extra context menu item: &Yahoo! Search - file:///F:\Program Files\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: Yahoo! &Dictionary - file:///F:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///F:\Program Files\Yahoo!\Common/ycdict.htm O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - F:\Program Files\Yahoo!\Companion\Modules\messmod2\v4\yhexbmes.dll O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - F:\Program Files\Yahoo!\Companion\Modules\messmod2\v4\yhexbmes.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\MSMSGS.EXE O12 - Plugin for .spop: F:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: Yahoo! Dominoes - http://download.games.yahoo.com/games/clients/y/dot8_x.cab O16 - DPF: Yahoo! Pinochle - http://download.games.yahoo.com/games/clients/y/ut2_x.cab O16 - DPF: Yahoo! Poker - http://download.games.yahoo.com/games/clients/y/pt3_x.cab O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/pote_x.cab O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409 O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...nst20040510.cab O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://appldnld.m7z.net/content.info.apple...iTunesSetup.exe O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.com/scan8/oscan8.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1124495947730 O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab O16 - DPF: {8EB3FF4E-86A1-4717-884D-7BA2D38272CB} (F-Secure Online Scanner) - http://support.f-secure.com/ols/fscax.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} (Anonymizer Anti-Spyware Scanner) - http://download.zonelabs.com/bin/promotion...ctor/WebAAS.cab O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - F:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - F:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - F:\WINDOWS\System32\ZoneLabs\isafe.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - F:\WINDOWS\System32\CTsvcCDA.exe O23 - Service: ewido security suite control - ewido networks - F:\Program Files\ewido\security suite\ewidoctrl.exe O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - F:\Program Files\iPod\bin\iPodService.exe O23 - Service: Pml Driver HPZ12 - HP - F:\WINDOWS\System32\HPZipm12.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - F:\WINDOWS\system32\ZoneLabs\vsmon.exe [QUOTE]The log is very difficult to read when the spacing is off like in your last post. Sorry don't know what happened. I did want to tell you that I still have 2 files in my temp folder that were deleted then came back...~DF5CBA.tmp & ~DF5EEE.tmp that won't delete. This is after rebooting. Also everytime I go on the internet for the past week I get a pop-up & I have a pop-up blocker for, Do you want to install and run "Macromedia Flash Player 7.......I click no each time but always comes back.. Thanks again for the help.

Buckeye_Sam View Member Profile	Sep 4 2005, 06:34 AM Post #6
Malware Expert Posts: 10,017 OS: XP	QUOTE I did want to tell you that I still have 2 files in my temp folder that were deleted then came back...~DF5CBA.tmp & ~DF5EEE.tmp that won't delete. This is after rebooting. These are not much to worry about, but if you want to be extra clean you will be able to delete those files from Safe mode. Reboot your computer in SafeMode by doing the following: Restart your computer After hearing your computer beep once during startup, but before the Windows icon appears, press F8. Instead of Windows loading as normal, a menu should appear Select the first option, to run Windows in Safe Mode. * if you have trouble getting into Safe mode go here for more info. QUOTE Also everytime I go on the internet for the past week I get a pop-up & I have a pop-up blocker for, Do you want to install and run "Macromedia Flash Player 7.......I click no each time but always comes back.. Technically that's not a popup, it's an active-x control. You'll get that when you visit any site that displays some type of animation that requires Macromedia Flash. It's not malware and ok to install if you wish. Once installed you won't get that notification any longer. Here are some optional fixes you can make with Hijackthis. They are not malware. These are programs that run automatically at startup. They are not necessary to be run at every startup and hog your computer's resources. Fixing these will improve boot up time and performance. O4 - HKLM\..\Run: [Jet Detection] "F:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe" O4 - HKLM\..\Run: [CTStartup] F:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run O4 - HKLM\..\Run: [QuickTime Task] "F:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [NeroFilterCheck] F:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Microsoft Works Update Detection] F:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe O4 - HKLM\..\Run: [AdaptecDirectCD] "F:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" O4 - HKLM\..\Run: [HP Software Update] "C:\HP Software Update\HPWuSchd2.exe" O4 - HKLM\..\Run: [HP Component Manager] "F:\Program Files\HP\hpcoretech\hpcmpmgr.exe" O4 - HKCU\..\Run: [MoneyAgent] "F:\Program Files\Microsoft Money\System\mnyexpr.exe" O4 - Startup: DeskFlag.lnk = G:\Tiger Technologies\DeskFlag\deskflag.exe O4 - Startup: Webshots.lnk = F:\Program Files\Webshots\Launcher.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Digital Imaging\bin\hpqthb08.exe O4 - Global Startup: Microsoft Office.lnk = F:\Program Files\Microsoft Office\Office10\OSA.EXE Now that you are clean, please follow these simple steps in order to keep your computer clean and secure: Disable and Enable System Restore. - If you are using Windows ME or XP then you should disable and reenable system restore to make sure there are no infected files found in a restore point left over from what we have just cleaned. You can find instructions on how to enable and reenable system restore here: Managing Windows Millenium System Restore or Windows XP System Restore Guide Renable system restore with instructions from tutorial above Make your Internet Explorer more secure - This can be done by following these simple instructions: From within Internet Explorer click on the Tools menu and then click on Options. Click once on the Security tab Click once on the Internet icon so it becomes highlighted. Click once on the Custom Level button. Change the Download signed ActiveX controls to Prompt Change the Download unsigned ActiveX controls to Disable Change the Initialize and script ActiveX controls not marked as safe to Disable Change the Installation of desktop items to Prompt Change the Launching programs and files in an IFRAME to Prompt Change the Navigate sub-frames across different domains to Prompt When all these settings have been made, click on the OK button. If it prompts you as to whether or not you want to save the settings, press the Yes button. Next press the Apply button and then the OK to exit the Internet Properties page. Use an AntiVirus Software - It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future. See this link for a listing of some online & their stand-alone antivirus programs: Virus, Spyware, and Malware Protection and Removal Resources Update your AntiVirus Software - It is imperitive that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out. Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is succeptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly. For a tutorial on Firewalls and a listing of some available ones see the link below: Understanding and Using Firewalls Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates. Install Spybot - Search and Destroy - Install and download Spybot - Search and Destroy with its TeaTimer option. This will provide realtime spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with program on a regular basis just as you would an antivirus software. A tutorial on installing & using this product can be found here: Using Spybot - Search & Destroy to remove Spyware , Malware, and Hijackers Install Ad-Aware - Install and download Ad-Aware. ou should also scan your computer with program on a regular basis just as you would an antivirus software in conjunction with Spybot. A tutorial on installing & using this product can be found here: Using Ad-aware to remove Spyware, Malware, & Hijackers from Your Computer Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs. A tutorial on installing & using this product can be found here: Using SpywareBlaster to protect your computer from Spyware and Malware Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released. Follow this list and your potential for being infected again will reduce dramatically.

Buckeye_Sam View Member Profile	Sep 18 2005, 11:31 AM Post #7
Malware Expert Posts: 10,017 OS: XP	Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread. Everyone else please begin a New Topic.

« Next Oldest · Virus, Spyware and Trojan Removal · Next Newest »

1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)

0 Members:

Topic Title	Replies / Views	Topic Information
Virus, Spyware and Trojan Removal MY PC IS INFECTED PLEASE HELP [RESOLVED] 12	18 / 740	25th November 2008 - 01:08 AM misterno started - last by Jimmy2012
Virus, Spyware and Trojan Removal Please Help [RESOLVED]	9 / 379	26th November 2008 - 04:42 PM highclass started - last by Essexboy
Virus, Spyware and Trojan Removal new malware? please help [RESOLVED] 12	15 / 543	6th December 2008 - 01:50 PM superkingkong started - last by Rorschach112
Virus, Spyware and Trojan Removal Trojan.Vundo keeps coming back please help [RESOLVED]	12 / 307	8th December 2008 - 12:12 PM jrodm12346 started - last by fenzodahl512
Virus, Spyware and Trojan Removal Spyware Sinowal.Trojan PLEASE HELP [RESOLVED]	11 / 917	7th December 2008 - 10:49 AM Vishal64 started - last by Rorschach112