i cant get rid of all these popups and software [resolved]

Welcome Guest ( Log In | Join )

Discover the best free computer help!
Learn more about Geeks to Go by taking the tour. Want to ask a question, reply to a topic, or remove all advertising? It's easy, fast and free. Join today!
Spyware, virus, trojan, fake security or privacy alerts? Please start with our malware cleaning guide.

> Geeks to Go! » Security » Malware Removal - HijackThis™ Logs Go Here

i cant get rid of all these popups and software [resolved]

Options

thebigbearlouis View Member Profile	Nov 12 2005, 08:16 PM Post #1
New Member Posts: 5 OS: Windows XP	I keep getting all these popups and software that keeps installing itself on my computer and it keeps changing my homepage heres a picture of it. and heres the hijack log Logfile of HijackThis v1.99.1 Scan saved at 5:49:24 PM, on 11/12/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe c:\program files\mcafee.com\agent\mcdetect.exe c:\PROGRA~1\mcafee.com\vso\mcshield.exe c:\PROGRA~1\mcafee.com\agent\mctskshd.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\nvctrl.exe C:\WINDOWS\system32\mssearchnet.exe C:\Program Files\Logitech\MouseWare\system\em_exec.exe C:\WINDOWS\system32\LVCOMSX.EXE C:\Program Files\Logitech\Video\LogiTray.exe C:\PROGRA~1\A4Tech\Keyboard\Ikeymain.exe C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\McAfee.com\VSO\mcvsshld.exe C:\Program Files\McAfee.com\VSO\oasclnt.exe C:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe c:\progra~1\mcafee.com\vso\mcvsescn.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Logitech\Video\FxSvr2.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe D:\Program Files\Valve\Steam\steam.exe C:\Program Files\AIM\aim.exe C:\Program Files\Internet Explorer\iexplore.exe c:\progra~1\mcafee.com\vso\mcvsftsn.exe C:\Program Files\iTunes\iTunes.exe C:\Program Files\Internet Explorer\iexplore.exe C:\hijackthis\HijackThis.exe R3 - Default URLSearchHook is missing O2 - BHO: (no name) - {e9ccf15d-4c68-4b5a-9e9a-8e12e4bd39bd} - C:\WINDOWS\system32\hp62B.tmp O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe O4 - HKLM\..\Run: [iKeyWorks] C:\PROGRA~1\A4Tech\Keyboard\Ikeymain.exe O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: Post-it® Software Notes.lnk = C:\Program Files\3M\PSNotes\psn.exe O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409 O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1118987526670 O16 - DPF: {6FDB0065-2787-11D6-B1D8-0001023916FC} (CLOActiveXInstaller Control) - http://www.igl.net/clo/install/CLOActiveXInstallerProj1.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {972BB342-14A7-4660-83C1-51DDBEE171DB} - http://www.pacimedia.com/install/pcs_0029.exe O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://messenger.zone.msn.com/binary/ZAxRcMgr.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) - http://messenger.zone.msn.com/binary/WoF.cab31267.cab O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe

g2i2r4 View Member Profile	Nov 13 2005, 05:33 AM Post #2
retired HiJack Helper Posts: 5,080 From: The Netherlands, Europe OS: XP Home, XP Pro, Vista Home	Welcome thebigbearlouis to Geeks to Go! Please read these instructions carefully. You may want to print them. Copy the text to a Notepad file and save it to your desktop! We will need the file later. Be sure to follow ALL instructions! Please download noahdfear's smitRem.exe©. Save the file to your desktop. Double click on the file to extract it to it's own folder on the desktop. * Please download the trial version of ewido security suite. Install ewido security suite When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu". Launch ewido, there should be an icon on your desktop double-click it. The program will prompt you to update click the OK button The program will now go to the main screen You will need to update ewido to the latest definition files. On the left hand side of the main screen click update Click on Start The update will start and a progress bar will show the updates being installed. Once the updates are installed, close Ewido for now. * If you have not already installed Ad-Aware SE 1.06, please download and install AdAware SE 1.06. Check Here on how setup and use it - please make sure you update it first. * Next, please reboot your computer in Safe Mode by doing the following: 1) Restart your computer 2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8. 3) Instead of Windows loading as normal, a menu should appear 4) Select the first option, to run Windows in Safe Mode. For additional help in booting into Safe Mode, see the following site: http://www.pchell.com/support/safemode.shtml * Open the smitRem folder, then double click the RunThis.bat file to start the tool. Follow the prompts on screen. Wait for the tool to complete and disk cleanup to finish. The tool will create a log named smitfiles.txt in the root of your drive, eg; Local Disk C: or partition where your operating system is installed. Post me the contents of the smitfiles.txt log as you post back. * Open Ad-aware and do a full scan. Remove all it finds. * Now open Ewido Security Suite: * Click on scanner * Click Complete System Scan and the scan will begin. * During the scan it will prompt you to clean files, click OK * When the scan is finished, look at the bottom of the screen and click the Save report button. * Save the report to your desktop Reboot your computer. * Next go to Control Panel click Display > Desktop > Customize Desktop > Web > Uncheck "Security Info" if present. * Reboot back into Windows * Download the Hoster Here Unzip Hoster to your desktop Open up the Hoster program. Make sure that the "make hosts writable?" button in the upper right corner is enabled. Click back up Host files then click Restore orginal host files close program * You will need to allow the popups for this site! Run the Free use Panda Active Scan. Click on Scan your PC. A new browser window will open with Panda ActiveScan. If this is the first time you scan your PC, you'll have to download the ActiveX controls (8 MB). A new window will open Enter your Country Enter your State/Province Enter your e-mail address and click send Select either Home User or Company Click the big Scan Now button It will start downloading the files it requires for the scan (Note: It may take a couple of minutes) When the download is complete, click on my computer to start the scan When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the Panda scan report, along with a new HijackThis Log, the contents of smitfiles.txt and the Ewido Log by using Add Reply.

thebigbearlouis View Member Profile	Nov 13 2005, 04:08 PM Post #3
New Member Posts: 5 OS: Windows XP	okay i did all of the following here are all the logs oh and theres still that little red X button in my taskbar that keeps giving me bubbles about my computer being infected --------------------------------------------------------- ewido security suite - Scan report --------------------------------------------------------- + Created on: 11:33:31 AM, 11/13/2005 + Report-Checksum: 50D59DF3 + Scan result: C:\Documents and Settings\All Users\Start Menu\Programs\PSGuard -> Spyware.PSGuard : Cleaned with backup C:\Documents and Settings\All Users\Start Menu\Programs\PSGuard\PSGuard.lnk -> Spyware.PSGuard : Cleaned with backup C:\Documents and Settings\All Users\Start Menu\Programs\PSGuard\Register.lnk -> Spyware.PSGuard : Cleaned with backup C:\Documents and Settings\All Users\Start Menu\Programs\PSGuard\Uninstall.lnk -> Spyware.PSGuard : Cleaned with backup C:\Documents and Settings\Lou\Application Data\Microsoft\Internet Explorer\Quick Launch\PSGuard.lnk -> Spyware.PSGuard : Cleaned with backup C:\Documents and Settings\Lou\Cookies\lou@ad.adition[1].txt -> Spyware.Cookie.Adition : Cleaned with backup C:\Documents and Settings\Lou\Cookies\lou@ad.yieldmanager[2].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup C:\Documents and Settings\Lou\Cookies\lou@adopt.specificclick[2].txt -> Spyware.Cookie.Specificclick : Cleaned with backup C:\Documents and Settings\Lou\Cookies\lou@ads.com[1].txt -> Spyware.Cookie.Com : Cleaned with backup C:\Documents and Settings\Lou\Cookies\lou@burstnet[1].txt -> Spyware.Cookie.Burstnet : Cleaned with backup C:\Documents and Settings\Lou\Cookies\lou@com[1].txt -> Spyware.Cookie.Com : Cleaned with backup C:\Documents and Settings\Lou\Cookies\lou@hypertracker[1].txt -> Spyware.Cookie.Hypertracker : Cleaned with backup C:\Documents and Settings\Lou\Cookies\lou@paypopup[1].txt -> Spyware.Cookie.Paypopup : Cleaned with backup C:\Documents and Settings\Lou\Cookies\lou@popunder.paypopup[1].txt -> Spyware.Cookie.Paypopup : Cleaned with backup C:\Documents and Settings\Lou\Cookies\lou@srv1.ad.adition[1].txt -> Spyware.Cookie.Adition : Cleaned with backup C:\Documents and Settings\Lou\Cookies\lou@www.burstbeacon[1].txt -> Spyware.Cookie.Burstbeacon : Cleaned with backup C:\Documents and Settings\Lou\Cookies\lou@www.burstnet[2].txt -> Spyware.Cookie.Burstnet : Cleaned with backup C:\Documents and Settings\Lou\Local Settings\Temp\3541.exe -> TrojanDownloader.Small.alr : Cleaned with backup C:\Documents and Settings\Lou\Local Settings\Temp\Cookies\lou@ad.yieldmanager[1].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup C:\Documents and Settings\lou.LOUISS\Cookies\lou@ad.yieldmanager[2].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup C:\Documents and Settings\lou.LOUISS\Cookies\lou@adopt.euroclick[2].txt -> Spyware.Cookie.Euroclick : Cleaned with backup C:\Documents and Settings\lou.LOUISS\Cookies\lou@adopt.specificclick[1].txt -> Spyware.Cookie.Specificclick : Cleaned with backup C:\Documents and Settings\lou.LOUISS\Cookies\lou@burstnet[1].txt -> Spyware.Cookie.Burstnet : Cleaned with backup C:\Documents and Settings\lou.LOUISS\Cookies\lou@com[2].txt -> Spyware.Cookie.Com : Cleaned with backup C:\Documents and Settings\lou.LOUISS\Cookies\lou@cz7.clickzs[2].txt -> Spyware.Cookie.Clickzs : Cleaned with backup C:\Documents and Settings\lou.LOUISS\Cookies\lou@cz8.clickzs[2].txt -> Spyware.Cookie.Clickzs : Cleaned with backup C:\Documents and Settings\lou.LOUISS\Cookies\lou@e-2dj6wfkiclczgfp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup C:\Documents and Settings\lou.LOUISS\Cookies\lou@e-2dj6wfliqkczolo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup C:\Documents and Settings\lou.LOUISS\Cookies\lou@e-2dj6wflislcpeco.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup C:\Documents and Settings\lou.LOUISS\Cookies\lou@e-2dj6wfloahcpoao.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup C:\Documents and Settings\lou.LOUISS\Cookies\lou@e-2dj6wfmiemczehp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup C:\Documents and Settings\lou.LOUISS\Cookies\lou@e-2dj6wfmycicjifo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup C:\Documents and Settings\lou.LOUISS\Cookies\lou@e-2dj6wgkisidpceo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup C:\Documents and Settings\lou.LOUISS\Cookies\lou@e-2dj6wgkyalc5ieo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup C:\Documents and Settings\lou.LOUISS\Cookies\lou@e-2dj6wgkyoiazcdp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup C:\Documents and Settings\lou.LOUISS\Cookies\lou@e-2dj6wgkyugcpccp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup C:\Documents and Settings\lou.LOUISS\Cookies\lou@e-2dj6wjk4ghd5gkq.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup C:\Documents and Settings\lou.LOUISS\Cookies\lou@e-2dj6wjkoehczgaq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup C:\Documents and Settings\lou.LOUISS\Cookies\lou@e-2dj6wjkouoczkep.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup C:\Documents and Settings\lou.LOUISS\Cookies\lou@e-2dj6wjkyooc5kbo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup C:\Documents and Settings\lou.LOUISS\Cookies\lou@e-2dj6wjkyulc5sgo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup C:\Documents and Settings\lou.LOUISS\Cookies\lou@e-2dj6wjl4kkc5eco.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup C:\Documents and Settings\lou.LOUISS\Cookies\lou@e-2dj6wjliopajwap.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup C:\Documents and Settings\lou.LOUISS\Cookies\lou@e-2dj6wjmicncpmcq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup C:\Documents and Settings\lou.LOUISS\Cookies\lou@e-2dj6wjny-1nazee.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup C:\Documents and Settings\lou.LOUISS\Cookies\lou@e-2dj6wjnyclajggo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup C:\Documents and Settings\lou.LOUISS\Cookies\lou@e-2dj6wjnygidzeaq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup C:\Documents and Settings\lou.LOUISS\Cookies\lou@e-2dj6wjnygmd5ibo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup C:\Documents and Settings\lou.LOUISS\Cookies\lou@microsofteup.112.2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup C:\Documents and Settings\lou.LOUISS\Cookies\lou@paypopup[1].txt -> Spyware.Cookie.Paypopup : Cleaned with backup C:\Documents and Settings\lou.LOUISS\Cookies\lou@rotator.adjuggler[2].txt -> Spyware.Cookie.Adjuggler : Cleaned with backup C:\Documents and Settings\lou.LOUISS\Cookies\lou@srv1.ad.adition[1].txt -> Spyware.Cookie.Adition : Cleaned with backup C:\Documents and Settings\lou.LOUISS\Cookies\lou@stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup C:\Documents and Settings\lou.LOUISS\Cookies\lou@www.burstbeacon[1].txt -> Spyware.Cookie.Burstbeacon : Cleaned with backup C:\Documents and Settings\lou.LOUISS\Cookies\lou@www.burstnet[2].txt -> Spyware.Cookie.Burstnet : Cleaned with backup C:\Documents and Settings\lou.LOUISS\Cookies\lou@www.myaffiliateprogram[1].txt -> Spyware.Cookie.Myaffiliateprogram : Cleaned with backup C:\Documents and Settings\lou.LOUISS\Cookies\lou@yieldmanager[1].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup C:\Documents and Settings\lou.LOUISS\Local Settings\Temporary Internet Files\Content.IE5\S58L2V8P\mm[1].js -> Spyware.Chitika : Cleaned with backup C:\hijackthis\backups\backup-20051112-151311-189.dll -> Spyware.Hijacker.Generic : Cleaned with backup C:\hijackthis\backups\backup-20051112-151326-876.dll -> Spyware.Hijacker.Generic : Cleaned with backup C:\hijackthis\backups\backup-20051112-154524-180.dll -> Spyware.Hijacker.Generic : Cleaned with backup C:\WINDOWS\system32\1024\ldC402.tmp -> TrojanDropper.Small.ahg : Cleaned with backup D:\C drive\Lou\Cookies\lou@ad.adition[1].txt -> Spyware.Cookie.Adition : Cleaned with backup D:\C drive\Lou\Cookies\lou@ad.yieldmanager[2].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup D:\C drive\Lou\Cookies\lou@adopt.specificclick[2].txt -> Spyware.Cookie.Specificclick : Cleaned with backup D:\C drive\Lou\Cookies\lou@ads.com[1].txt -> Spyware.Cookie.Com : Cleaned with backup D:\C drive\Lou\Cookies\lou@burstnet[1].txt -> Spyware.Cookie.Burstnet : Cleaned with backup D:\C drive\Lou\Cookies\lou@com[1].txt -> Spyware.Cookie.Com : Cleaned with backup D:\C drive\Lou\Cookies\lou@hypertracker[1].txt -> Spyware.Cookie.Hypertracker : Cleaned with backup D:\C drive\Lou\Cookies\lou@paypopup[1].txt -> Spyware.Cookie.Paypopup : Cleaned with backup D:\C drive\Lou\Cookies\lou@popunder.paypopup[1].txt -> Spyware.Cookie.Paypopup : Cleaned with backup D:\C drive\Lou\Cookies\lou@srv1.ad.adition[1].txt -> Spyware.Cookie.Adition : Cleaned with backup D:\C drive\Lou\Cookies\lou@www.burstbeacon[1].txt -> Spyware.Cookie.Burstbeacon : Cleaned with backup D:\C drive\Lou\Cookies\lou@www.burstnet[2].txt -> Spyware.Cookie.Burstnet : Cleaned with backup D:\C drive\Lou\Local Settings\Temp\3541.exe -> TrojanDownloader.Small.alr : Cleaned with backup D:\C drive\Lou\Local Settings\Temp\Cookies\lou@ad.yieldmanager[1].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup ::Report End Logfile of HijackThis v1.99.1 Scan saved at 2:05:38 PM, on 11/13/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Logitech\MouseWare\system\em_exec.exe C:\WINDOWS\system32\LVCOMSX.EXE C:\Program Files\Logitech\Video\LogiTray.exe C:\Program Files\ewido\security suite\ewidoctrl.exe c:\program files\mcafee.com\agent\mcdetect.exe C:\PROGRA~1\A4Tech\Keyboard\Ikeymain.exe C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe c:\PROGRA~1\mcafee.com\vso\mcshield.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe C:\Program Files\iTunes\iTunesHelper.exe c:\PROGRA~1\mcafee.com\agent\mctskshd.exe C:\Program Files\McAfee.com\VSO\mcvsshld.exe C:\Program Files\McAfee.com\VSO\oasclnt.exe c:\program files\mcafee.com\agent\mcagent.exe c:\progra~1\mcafee.com\vso\mcvsescn.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Logitech\Video\FxSvr2.exe C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe D:\Program Files\Valve\Steam\steam.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Microsoft Office\Office\WINWORD.EXE C:\Program Files\AIM\aim.exe c:\progra~1\mcafee.com\vso\mcvsftsn.exe C:\hijackthis\HijackThis.exe R3 - Default URLSearchHook is missing O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe O4 - HKLM\..\Run: [iKeyWorks] C:\PROGRA~1\A4Tech\Keyboard\Ikeymain.exe O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: Post-it® Software Notes.lnk = C:\Program Files\3M\PSNotes\psn.exe O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409 O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1118987526670 O16 - DPF: {6FDB0065-2787-11D6-B1D8-0001023916FC} (CLOActiveXInstaller Control) - http://www.igl.net/clo/install/CLOActiveXInstallerProj1.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {972BB342-14A7-4660-83C1-51DDBEE171DB} - http://www.pacimedia.com/install/pcs_0029.exe O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://messenger.zone.msn.com/binary/ZAxRcMgr.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) - http://messenger.zone.msn.com/binary/WoF.cab31267.cab O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe Incident Status Location Adware:adware/antivirus-gold No disinfected Windows Registry This post has been edited by thebigbearlouis: Nov 13 2005, 04:09 PM

g2i2r4 View Member Profile	Nov 14 2005, 02:16 AM Post #4
retired HiJack Helper Posts: 5,080 From: The Netherlands, Europe OS: XP Home, XP Pro, Vista Home	I'd like to see the smitfiles.txt too. As for the infection, let's move on with that. Download the Killbox version 2.0.0.473 . Unzip it to the desktop Double-click Killbox.exe to run it. Select "Delete on Reboot". Place the following line (complete path) in bold in the "Full Path of File to Delete" box in Killbox: C:\WINDOWS\system32\svchosts.dll Put a mark next to "Delete on Reboot" Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. If your computer does not restart automatically, please restart it manually. * Rerun Killbox. If you fill in the same file, you should get a Pending Operations prompt. That means the file is no longer there. In that case there's no need for a reboot. It could be still there, in that case kill it again and reboot again. * Remove SpyAxe 3.0: Move to Start > Settings > Control Panel Double click Add/Remove Programs. Within Add/Remove programs click the "Install/Uninstall" tab or click the "Change or Remove Programs" button. Within this section you will see a listing of programs that are currently installed that support this feature. If the program I’m advising you to uninstall is listed within this list, highlight it and click the Add/Remove or uninstall option or button. * Use Windows Explorer to remove this folder: C:\WINDOWS\system32\1024\**.

thebigbearlouis View Member Profile	Nov 14 2005, 02:17 AM Post #5
New Member Posts: 5 OS: Windows XP	woops here are the smitfiles oh and i used the killbox to remove the svchosts. now the X little bubble thing in my taskbar is gone :] smitRem © log file version 2.7 by noahdfear Microsoft Windows XP [Version 5.1.2600] The current date is: Sun 11/13/2005 The current time is: 10:36:47.46 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ checking for ShudderLTD key ShudderLTD key not present! checking for PSGuard.com key PSGuard.com key not present! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Existing Pre-run Files ~~~ Program Files ~~~ ~~~ Shortcuts ~~~ ~~~ Favorites ~~~ ~~~ system32 folder ~~~ msvol.tlb mssearchnet.exe ncompat.tlb nvctrl.exe hp*.tmp ~~~ Icons in System32 ~~~ ~~~ Windows directory ~~~ ~~~ Drive root ~~~ ~~~ Miscellaneous Files/folders ~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Remaining Post-run Files ~~~ Program Files ~~~ ~~~ Shortcuts ~~~ ~~~ Favorites ~~~ ~~~ system32 folder ~~~ ~~~ Icons in System32 ~~~ ~~~ Windows directory ~~~ ~~~ Drive root ~~~ ~~~ Miscellaneous Files/folders ~~~ ~~~ Wininet.dll ~~~ CLEAN! This post has been edited by thebigbearlouis**: Nov 14 2005, 02:34 AM

g2i2r4 View Member Profile	Nov 14 2005, 05:52 AM Post #6
retired HiJack Helper Posts: 5,080 From: The Netherlands, Europe OS: XP Home, XP Pro, Vista Home	The HijackThis log looked clean, smitfiles are clean. Ewido took out a lot. The symptoms are gone, you say. Looks like we are done. If you want to, you can rerun Panda to see what it says. Is the computer running ok? If so, shall I post you some tips for the future and close this topic?

thebigbearlouis View Member Profile	Nov 14 2005, 11:37 AM Post #7
New Member Posts: 5 OS: Windows XP	yeah everythings running fine pretty much thanks for all the help except for that my comps running a little bit sluggish but i dont think that has anything to do with the malware, thanks again! and sure i would like some tips. :]

g2i2r4 View Member Profile	Nov 14 2005, 12:59 PM Post #8
retired HiJack Helper Posts: 5,080 From: The Netherlands, Europe OS: XP Home, XP Pro, Vista Home	You can clean up some more: Clean out temporary and TIF files. Go to Start > Run and type in the box: cleanmgr. Let it scan your system for files to remove. Make sure these 3 are checked and then press ok to remove: Temporary Files Temporary Internet Files Recycle Bin You might want to defragment the disk. ----- Please follow these simple steps in order to keep your computer clean and secure: Disable and Enable System Restore. - If you are using Windows ME or XP then you should disable and re-enable system restore to make sure there are no infected files found in a restore point. You can find instructions on how to enable and re-enable system restore here: Managing Windows Millenium System Restore or Windows XP System Restore Guide Re-enable system restore with the instructions from the tutorial above Make your Internet Explorer more secure - This can be done by following these simple instructions: From within Internet Explorer click on the Tools menu and then click on Options. Click once on the Security tab Click once on the Internet icon so it becomes highlighted. Click once on the Custom Level button. Change the Download signed ActiveX controls to Prompt Change the Download unsigned ActiveX controls to Disable Change the Initialize and script ActiveX controls not marked as safe to Disable Change the Installation of desktop items to Prompt Change the Launching programs and files in an IFRAME to Prompt Change the Navigate sub-frames across different domains to Prompt When all these settings have been made, click on the OK button. If it prompts you as to whether or not you want to save the settings, press the Yes button. Next press the Apply button and then the OK to exit the Internet Properties page. Use an AntiVirus Software - It is very important that your computer has an anti-virus software running. This alone can save you a lot of trouble with malware in the future. See this link for a listing of some online & their stand-alone antivirus programs: Virus, Spyware, and Malware Protection and Removal Resources Update your AntiVirus Software - It is imperitive that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out. Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is succeptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly. For a tutorial on Firewalls and a listing of some available ones see the link below: Understanding and Using Firewalls Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer always has the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates. Install Spybot - Search and Destroy - Install and download Spybot - Search and Destroy with its TeaTimer option. This will provide realtime spyware & Hijacker protection on your computer alongside your virus protection. You should also scan your computer with this program on a regular basis just as you would an antivirus software. A tutorial on installing & using this product can be found here: Using Spybot - Search & Destroy to remove Spyware , Malware, and Hijackers Install Ad-Aware – Download and install Ad-Aware. You should also scan your computer with this program on a regular basis just as you would an antivirus software in conjunction with Spybot. A tutorial on installing & using this product can be found here: Using Ad-aware to remove Spyware, Malware, & Hijackers from your Computer Install SpywareBlaster - SpywareBlaster will add a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs. A tutorial on installing & using this product can be found here: Using SpywareBlaster to protect your computer from Spyware and Malware Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released. Follow this list and your potential for being infected again will reduce dramatically. You may want to check this fine article by Tony Klein: How did I get infected in the first place? Glad I was able to help.

« Next Oldest · Malware Removal - HijackThis™ Logs Go Here · Next Newest »

1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)

0 Members: