Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Need help un-doing what my kid did.

Started by Feisty , Dec 03 2006 05:28 PM

  • This topic is locked This topic is locked

#16
Feisty
Posted 13 December 2006 - 08:58 PM

Feisty

    Member

  • Topic Starter
  • Member
  • PipPip
  • 58 posts
This is the craziest thing I have ever seen Ryan.

I got the Panda scan going about 3 hours ago. It was moving along slowly but nicely and had found well over 140 infected items. It wasn't even halfway done yet when it simply clicked back to the original screen where you select "my computer" to scan. No log, no nothing. No report. Just had to start it over.

Is there a way that something in my puter is trying to fight me getting rid of it?
Anyway, here is HiJakk log. Keep in mind that the scan is running now and I have two windows going so no clue if that matters or not.

Logfile of HijackThis v1.99.1
Scan saved at 8:56:46 PM, on 12/13/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\System32\cisvc.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Support.com\bin\tgcmd.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Hijackthis\HijackThis.exe
C:\WINDOWS\system32\Wscript.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://support.dell.com/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn6\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn6\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn6\yt.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\bin\tgcmd.exe" /server /startmonitor /deaf
O4 - HKLM\..\Run: [SSRunScript] "C:\Program Files\Support.com\Charter\bin\SSRunScript.exe" /script "C:\Program Files\Support.com\Charter\vbs\verifyconnection.vbs" /args //b startupdelay
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Register MediaRing Talk] C:\Program Files\MediaRing Talk\register.exe
O4 - HKLM\..\Run: [CTRegRun] C:\WINDOWS\CTRegRun.EXE
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebo...otoUploader.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1140389620387
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://72.32.179.44/...ewer/isetup.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
  • 0

Advertisements

#17
Ryan
Posted 14 December 2006 - 12:22 AM

Ryan

    Member 4k

  • Member
  • PipPipPipPipPipPipPip
  • 4,867 posts
== Uninstall Programs ==

Please go to Add/Remove in the Control Panel and remove the following programs
Java 2 Runtime Environment, SE v1.4.2_03
LimeWire 4.9.7
My Web Search Bar
Screensavers Installer Version 2
Starware316 4.4.1.0
Viewpoint Manager (Remove Only)
WeatherBug
WildTangent Web Driver
Reboot your computer.


== Install Latest Java Runtime ==

Please go to THIS page, and click on the Download link that is in the Java Runtime Environment (JRE) 6 section.

Click the radio button next to Accept License Agreement after reviewing it. The page will refresh - this is normal.

Download the Windows Offline Installation, Multi-language. You will want to save this to a location you will remember.

Once it has finished downloading, double click it, and follow the prompts to install.

If it asks to reboot, select Yes (if it does not ask, please reboot your computer).


== Scan w/ SmitfraudFix ==

Please download SmitfraudFix (by S!Ri)
Extract the content (a folder named SmitfraudFix) to your Desktop.

Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlog...processutil.htm

-Ryan
  • 0

#18
Feisty
Posted 15 December 2006 - 06:16 PM

Feisty

    Member

  • Topic Starter
  • Member
  • PipPip
  • 58 posts
Hi.

On add/remove it would not allow me to uninstal websearch bar, waetherbug, or wild tangent driver. THe others you named have been uninstalled.

I did step 2 re Java runtime, and was trying to do the Smithfix step. It is on my desktop but no option called smitfraudfix.cmd
  • 0

#19
Ryan
Posted 17 December 2006 - 12:23 PM

Ryan

    Member 4k

  • Member
  • PipPipPipPipPipPipPip
  • 4,867 posts
Sorry about the delay; there have been some problems with email notifications.

There should be a folder on your desktop called smitfraudfix. Inside of that, there should be smitfraudfix.cmd. If not, delete the folder, and follow the steps again.

-Ryan
  • 0

#20
Feisty
Posted 17 December 2006 - 01:29 PM

Feisty

    Member

  • Topic Starter
  • Member
  • PipPip
  • 58 posts
Sorry to be so much trouble Ryan but I deleted what I had done and did it all over again. When I click on Smitfraudfix it says the some exe file is missing.
  • 0

#21
Ryan
Posted 18 December 2006 - 10:01 PM

Ryan

    Member 4k

  • Member
  • PipPipPipPipPipPipPip
  • 4,867 posts
ok, lets try to get a panda scan done

Please go HERE to run Panda's ActiveScan. You will need to use Internet Explorer to run it.
  • Once you are on the Panda site click the Scan your PC button
  • A new window will open...click the Check Now button
  • Enter your Country
  • Enter your State/Province
  • Enter your e-mail address and click send
  • Select either Home User or Company
  • Click the big Scan Now button
  • If it wants to install an ActiveX component allow it
  • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  • When download is complete, click on My Computer to start the scan
  • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location.
Post the contents of the ActiveScan report and a new HiJack This log.

-Ryan
  • 0

#22
Feisty
Posted 19 December 2006 - 08:07 PM

Feisty

    Member

  • Topic Starter
  • Member
  • PipPip
  • 58 posts
Hi.

THis time the Panda worked correctly after my earlier failed attempts when you first started helping me. HURRAY!


Incident Status Location

Potentially unwanted tool:application/mywebsearch Not disinfected c:\windows\system32\f3PSSavr.scr
Potentially unwanted tool:application/winfixer2005 Not disinfected c:\program files\common files\WinSoftware
Adware:adware/aureate-radiate Not disinfected c:\program files\MediaRing Talk
Potentially unwanted tool:application/funweb Not disinfected hkey_local_machine\software\Fun Web Products
Spyware:spyware/virtumonde Not disinfected Windows Registry
Adware:adware/ieplugin Not disinfected Windows Registry
Adware:adware/ist.istbar Not disinfected Windows Registry
Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\Kasey\Application Data\Mozilla\Firefox\Profiles\90dbwezj.default\cookies.txt[.z1.adserver.com/]
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Kasey\Application Data\Mozilla\Firefox\Profiles\90dbwezj.default\cookies.txt[.mediaplex.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Kasey\Application Data\Mozilla\Firefox\Profiles\90dbwezj.default\cookies.txt[.2o7.net/]
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Kasey\Application Data\Mozilla\Firefox\Profiles\90dbwezj.default\cookies.txt[.atwola.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Kasey\Cookies\[email protected][1].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Kasey\Cookies\kasey@adrevolver[1].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Kasey\Cookies\kasey@adrevolver[3].txt
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Kasey\Cookies\[email protected][2].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Kasey\Cookies\kasey@advertising[1].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Kasey\Cookies\kasey@atdmt[2].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Kasey\Cookies\kasey@atwola[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Kasey\Cookies\kasey@belnk[1].txt
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\Kasey\Cookies\kasey@bluestreak[2].txt
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Kasey\Cookies\kasey@burstnet[1].txt
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Kasey\Cookies\kasey@casalemedia[2].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Kasey\Cookies\[email protected][2].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Kasey\Cookies\kasey@doubleclick[1].txt
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Kasey\Cookies\kasey@fastclick[2].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Kasey\Cookies\kasey@mediaplex[1].txt
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Kasey\Cookies\kasey@questionmarket[2].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Kasey\Cookies\kasey@realmedia[2].txt
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Kasey\Cookies\kasey@trafficmp[1].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Kasey\Cookies\kasey@tribalfusion[2].txt
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Kasey\Cookies\kasey@zedo[1].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Kristie\Application Data\Mozilla\Firefox\Profiles\qyf3z76y.default\cookies.txt[.realmedia.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Kristie\Cookies\[email protected][1].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Kristie\Cookies\kristie@adrevolver[1].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Kristie\Cookies\kristie@adrevolver[2].txt
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Kristie\Cookies\[email protected][1].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Kristie\Cookies\kristie@advertising[1].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Kristie\Cookies\kristie@atdmt[2].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Kristie\Cookies\kristie@atwola[1].txt
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\Kristie\Cookies\kristie@bluestreak[2].txt
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Kristie\Cookies\kristie@casalemedia[1].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Kristie\Cookies\kristie@doubleclick[1].txt
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Kristie\Cookies\kristie@fastclick[2].txt
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\Kristie\Cookies\kristie@maxserving[2].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Kristie\Cookies\kristie@mediaplex[1].txt
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Kristie\Cookies\[email protected][1].txt
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Kristie\Cookies\kristie@questionmarket[1].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Kristie\Cookies\kristie@realmedia[2].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Kristie\Cookies\kristie@serving-sys[1].txt
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Kristie\Cookies\kristie@trafficmp[1].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Kristie\Cookies\kristie@tribalfusion[2].txt
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Documents and Settings\Owner\Desktop\SmileyCentralSetup2.0.3.10.exe
Spyware:Spyware/BetterInet Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\satmat.inf
Adware:Adware/FlashTrack Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\DVE8M0IF\channels_02[1].gif
Adware:Adware/LocalNRD Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\THI1A0.tmp\addremln.cab[addremln.inf]
Adware:Adware/LocalNRD Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\THI1A0.tmp\addremln.inf
Adware:Adware/Transponder Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\THI1BDC.tmp\polall1r.inf
Adware:Adware/Transponder Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\THI29B0.tmp\polall1r.inf
Adware:Adware/Transponder Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\THI3162.tmp\polall1r.inf
Hacktool:HackTool/Jkill.A Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\THI31A5.tmp\TRebates.exe[jkill.exe]
Adware:Adware/TopRebates Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\THI31A5.tmp\TRebates.exe[djtopr1150.exe]
Adware:Adware/TopRebates Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\THI31A5.tmp\TRebates.exe[WebRebates1.exe]
Adware:Adware/TopRebates Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\THI31A5.tmp\TRebates.exe[WebRebates0.exe]
Adware:Adware/TopRebates Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\THI31A5.tmp\TRebates.exe[disp1150.exe]
Adware:Adware/Transponder Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\THI32F5.tmp\polall1r.inf
Adware:Adware/Transponder Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\THI3400.tmp\polall1r.inf
Adware:Adware/Transponder Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\THI348C.tmp\polall1r.inf
Adware:Adware/Transponder Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\THI360.tmp\polall1r.inf
Adware:Adware/Transponder Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\THI413B.tmp\polall1r.inf
Adware:Adware/Transponder Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\THI45D2.tmp\polall1r.inf
Adware:Adware/Transponder Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\THI5B7.tmp\polall1r.inf
Adware:Adware/Transponder Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\THI5BBC.tmp\polall1r.inf
Adware:Adware/Transponder Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\THI5D5C.tmp\polall1r.inf
Adware:Adware/Transponder Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\THI6260.tmp\polall1r.inf
Adware:Adware/Transponder Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\THI642D.tmp\polall1r.inf
Adware:Adware/Transponder Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\THI6611.tmp\polall1r.inf
Adware:Adware/Transponder Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\THI6A8.tmp\polall1r.inf
Adware:Adware/Transponder Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\THI6C9D.tmp\polall1r.inf
Adware:Adware/Transponder Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\THI760F.tmp\polall1r.inf
Adware:Adware/Transponder Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\THI7835.tmp\polall1r.inf
Adware:Adware/Transponder Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\THI7A02.tmp\polall1r.inf
Adware:Adware/Transponder Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\THICD3.tmp\polall1r.inf
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Owner.PUTERROOM\Application Data\Mozilla\Firefox\Profiles\y1kngk7x.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Owner.PUTERROOM\Application Data\Mozilla\Firefox\Profiles\y1kngk7x.default\cookies.txt[.fastclick.net/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Owner.PUTERROOM\Application Data\Mozilla\Firefox\Profiles\y1kngk7x.default\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Owner.PUTERROOM\Application Data\Mozilla\Firefox\Profiles\y1kngk7x.default\cookies.txt[.doubleclick.net/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Owner.PUTERROOM\Application Data\Mozilla\Firefox\Profiles\y1kngk7x.default\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Owner.PUTERROOM\Application Data\Mozilla\Firefox\Profiles\y1kngk7x.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Owner.PUTERROOM\Application Data\Mozilla\Firefox\Profiles\y1kngk7x.default\cookies.txt[.zedo.com/]
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Owner.PUTERROOM\Application Data\Mozilla\Firefox\Profiles\y1kngk7x.default\cookies.txt[.as-us.falkag.net/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Owner.PUTERROOM\Application Data\Mozilla\Firefox\Profiles\y1kngk7x.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Owner.PUTERROOM\Application Data\Mozilla\Firefox\Profiles\y1kngk7x.default\cookies.txt[.statcounter.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Owner.PUTERROOM\Application Data\Mozilla\Firefox\Profiles\y1kngk7x.default\cookies.txt[.realmedia.com/]
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Owner.PUTERROOM\Application Data\Mozilla\Firefox\Profiles\y1kngk7x.default\cookies.txt[.trafficmp.com/]
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Owner.PUTERROOM\Application Data\Mozilla\Firefox\Profiles\y1kngk7x.default\cookies.txt[.casalemedia.com/]
Spyware:Cookie/Bridgetrack Not disinfected C:\Documents and Settings\Owner.PUTERROOM\Application Data\Mozilla\Firefox\Profiles\y1kngk7x.default\cookies.txt[citi.bridgetrack.com/]
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Owner.PUTERROOM\Application Data\Mozilla\Firefox\Profiles\y1kngk7x.default\cookies.txt[.adrevolver.com/]
Spyware:Cookie/AdDynamix Not disinfected C:\Documents and Settings\Owner.PUTERROOM\Application Data\Mozilla\Firefox\Profiles\y1kngk7x.default\cookies.txt[.ads.addynamix.com/]
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Owner.PUTERROOM\Application Data\Mozilla\Firefox\Profiles\y1kngk7x.default\cookies.txt[.mediaplex.com/]
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\Owner.PUTERROOM\Application Data\Mozilla\Firefox\Profiles\y1kngk7x.default\cookies.txt[.bluestreak.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Owner.PUTERROOM\Application Data\Mozilla\Firefox\Profiles\y1kngk7x.default\cookies.txt[.advertising.com/]
Spyware:Cookie/Seeq Not disinfected C:\Documents and Settings\Owner.PUTERROOM\Application Data\Mozilla\Firefox\Profiles\y1kngk7x.default\cookies.txt[.www48.seeq.com/]
Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\Owner.PUTERROOM\Application Data\Mozilla\Firefox\Profiles\y1kngk7x.default\cookies.txt[.z1.adserver.com/]
Spyware:Cookie/Valueclick Not disinfected C:\Documents and Settings\Owner.PUTERROOM\Application Data\Mozilla\Firefox\Profiles\y1kngk7x.default\cookies.txt[.valueclick.com/]
Spyware:Cookie/Tickle Not disinfected C:\Documents and Settings\Owner.PUTERROOM\Application Data\Mozilla\Firefox\Profiles\y1kngk7x.default\cookies.txt[.tickle.com/]
Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and Settings\Owner.PUTERROOM\Application Data\Mozilla\Firefox\Profiles\y1kngk7x.default\cookies.txt[.tradedoubler.com/]
Spyware:Cookie/Target Not disinfected C:\Documents and Settings\Owner.PUTERROOM\Application Data\Mozilla\Firefox\Profiles\y1kngk7x.default\cookies.txt[.target.com/]
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Owner.PUTERROOM\Application Data\Mozilla\Firefox\Profiles\y1kngk7x.default\cookies.txt[.statse.webtrendslive.com/]
Spyware:Cookie/Target Not disinfected C:\Documents and Settings\Owner.PUTERROOM\Application Data\Mozilla\Firefox\Profiles\y1kngk7x.default\cookies.txt[.target.com/]
Spyware:Cookie/onestat.com Not disinfected C:\Documents and Settings\Owner.PUTERROOM\Application Data\Mozilla\Firefox\Profiles\y1kngk7x.default\cookies.txt[.stat.onestat.com/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Owner.PUTERROOM\Application Data\Mozilla\Firefox\Profiles\y1kngk7x.default\cookies.txt[.server.iad.liveperson.net/]
Spyware:Cookie/onestat.com Not disinfected C:\Documents and Settings\Owner.PUTERROOM\Application Data\Mozilla\Firefox\Profiles\y1kngk7x.default\cookies.txt[.stat.onestat.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Owner.PUTERROOM\Application Data\Mozilla\Firefox\Profiles\y1kngk7x.default\cookies.txt[.serving-sys.com/]
Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\Owner.PUTERROOM\Application Data\Mozilla\Firefox\Profiles\y1kngk7x.default\cookies.txt[.searchportal.information.com/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Owner.PUTERROOM\Application Data\Mozilla\Firefox\Profiles\y1kngk7x.default\cookies.txt[.questionmarket.com/]
Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\Owner.PUTERROOM\Application Data\Mozilla\Firefox\Profiles\y1kngk7x.default\cookies.txt[.revenue.net/]
Spyware:Cookie/QkSrv Not disinfected C:\Documents and Settings\Owner.PUTERROOM\Application Data\Mozilla\Firefox\Profiles\y1kngk7x.default\cookies.txt[.qksrv.net/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Owner.PUTERROOM\Cookies\owner@2o7[2].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Owner.PUTERROOM\Cookies\[email protected][2].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Owner.PUTERROOM\Cookies\owner@adrevolver[1].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Owner.PUTERROOM\Cookies\owner@adrevolver[2].txt
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Owner.PUTERROOM\Cookies\[email protected][1].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Owner.PUTERROOM\Cookies\owner@advertising[1].txt
Spyware:Cookie/NewMedia Not disinfected C:\Documents and Settings\Owner.PUTERROOM\Cookies\[email protected][1].txt
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Owner.PUTERROOM\Cookies\[email protected][1].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Owner.PUTERROOM\Cookies\owner@atdmt[2].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Owner.PUTERROOM\Cookies\owner@belnk[1].txt
Spyware:Cookie/Bfast Not disinfected C:\Documents and Settings\Owner.PUTERROOM\Cookies\owner@bfast[2].txt
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\Owner.PUTERROOM\Cookies\owner@bluestreak[1].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Owner.PUTERROOM\Cookies\[email protected][1].txt
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Owner.PUTERROOM\Cookies\owner@burstnet[2].txt
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Owner.PUTERROOM\Cookies\owner@casalemedia[2].txt
Spyware:Cookie/Bridgetrack Not disinfected C:\Documents and Settings\Owner.PUTERROOM\Cookies\[email protected][1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Owner.PUTERROOM\Cookies\[email protected][2].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Owner.PUTERROOM\Cookies\owner@doubleclick[2].txt
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Owner.PUTERROOM\Cookies\[email protected][2].txt
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Owner.PUTERROOM\Cookies\owner@fastclick[2].txt
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Owner.PUTERROOM\Cookies\owner@go[2].txt
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Owner.PUTERROOM\Cookies\owner@hitbox[1].txt
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\Owner.PUTERROOM\Cookies\owner@maxserving[1].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Owner.PUTERROOM\Cookies\owner@mediaplex[1].txt
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Owner.PUTERROOM\Cookies\owner@overture[1].txt
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Owner.PUTERROOM\Cookies\[email protected][1].txt
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Owner.PUTERROOM\Cookies\owner@questionmarket[1].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Owner.PUTERROOM\Cookies\owner@realmedia[1].txt
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Owner.PUTERROOM\Cookies\[email protected][1].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Owner.PUTERROOM\Cookies\owner@serving-sys[2].txt
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Owner.PUTERROOM\Cookies\owner@statcounter[1].txt
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Owner.PUTERROOM\Cookies\[email protected][1].txt
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Owner.PUTERROOM\Cookies\owner@trafficmp[1].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Owner.PUTERROOM\Cookies\owner@tribalfusion[1].txt
Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\Owner.PUTERROOM\Cookies\[email protected][1].txt
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Owner.PUTERROOM\Cookies\owner@zedo[1].txt
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Owner.PUTERROOM\Local Settings\Temporary Internet Files\Content.IE5\4T2JSL67\SmitfraudFix[1].zip[SmitfraudFix/Process.exe]
Potentially unwanted tool:Application/FunWeb Not disinfected C:\Program Files\Hijackthis\backups\backup-20060607-183818-354.inf
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\Hijackthis\backups\backup-20060607-183818-536.dll
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\Hijackthis\backups\backup-20060607-183818-923.dll
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\MSN Messenger\riched20.dll
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\MyWebSearch\bar\3.bin\F3CJPEG.DLL
Potentially unwanted tool:Application/FunWeb Not disinfected C:\Program Files\MyWebSearch\bar\3.bin\F3DTACTL.DLL
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\MyWebSearch\bar\3.bin\F3HISTSW.DLL
Potentially unwanted tool:Application/MyWebSearch
  • 0

#23
Feisty
Posted 19 December 2006 - 08:09 PM

Feisty

    Member

  • Topic Starter
  • Member
  • PipPip
  • 58 posts
Logfile of HijackThis v1.99.1
Scan saved at 8:06:10 PM, on 12/19/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\System32\cisvc.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Support.com\bin\tgcmd.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://support.dell.com/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn6\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn6\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn6\yt.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\bin\tgcmd.exe" /server /startmonitor /deaf
O4 - HKLM\..\Run: [SSRunScript] "C:\Program Files\Support.com\Charter\bin\SSRunScript.exe" /script "C:\Program Files\Support.com\Charter\vbs\verifyconnection.vbs" /args //b startupdelay
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Register MediaRing Talk] C:\Program Files\MediaRing Talk\register.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebo...otoUploader.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1140389620387
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://72.32.179.44/...ewer/isetup.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
  • 0

#24
Ryan
Posted 20 December 2006 - 03:36 PM

Ryan

    Member 4k

  • Member
  • PipPipPipPipPipPipPip
  • 4,867 posts
== KillBox ==

Please download the Killbox by Option^Explicit.

Note: In the event you already have Killbox, this is a new version that I need you to download.
  • Save it to your desktop.
  • Please double-click Killbox.exe to run it.
  • Select:
    • Delete on Reboot
    • then Click on the All Files button.
  • Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

    c:\windows\system32\f3PSSavr.scr
c:\program files\common files\WinSoftware\
"c:\program files\MediaRing Talk\"
"C:\Documents and Settings\Owner\Desktop\SmileyCentralSetup2.0.3.10.exe"
"C:\Program Files\MyWebSearch\"

  • Return to Killbox, go to the File menu, and choose Paste from Clipboard.
  • Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt. Click OK at any PendingFileRenameOperations prompt (and please let me know if you receive this message!).
Your computer may restart itself automatically. If you asked to restart, please select NO..

If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run Killbox, click here to download and run missingfilesetup.exe. Then try Killbox again.


== VundoFix ==

None of the previous scans have indicated a vundo infection, but the Panda scan detected it in the registry, so I'd like to have you use VundoFIx just to be on the safe side.


Please download VundoFix.exe to your desktop.
  • Double-click VundoFix.exe to run it.
  • Click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will reboot your computer, click OK.
  • Please post the contents of C:\vundofix.txt and a new HiJackThis log.
Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.

At this point, if VundoFix did not need to restart your computer, and KillBox did not restart it automatically, please restart the computer so that KillBox can complete it work.


== ATF-Cleaner ==

Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 onlyDouble-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.


== AVG Anti-Spyware ==

If you already have AVG Anti-Spyware, just start the instructions from where you update the definitions.

First download AVG Anti-Spyware from HERE and save that file to your desktop.
This is a 30 day trial of the program
  • Once you have downloaded AVG Anti-Spyware, locate the icon on the desktop and double-click it to launch the set up program.
  • Once the setup is complete you will need run AVG Anti-Spyware and update the definition files.
  • On the main screen select the icon "Update" then select the "Update now" link.
    • Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
  • Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
  • Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
  • Under "Reports"
    • Select "Automatically generate report after every scan"
    • Un-Select "Only if threats were found"
Close AVG Anti-Spyware, Do Not run a scan just yet, we will shortly.
  • Reboot your computer into SafeMode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.
    IMPORTANT: Do not open any other windows or programs while ewido is scanning, it may interfere with the scanning proccess:
  • Lauch AVG Anti-Spyware by double-clicking the icon on your desktop.
  • Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
  • AVG Anti-Spyware will now begin the scanning process, be patient this may take a little time.
    Once the scan is complete do the following:
  • If you have any infections you will prompted, then select "Apply all actions"
  • Next select the "Reports" icon at the top.
  • Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
  • Close AVG Anti-Spyware and reboot your system back into Normal Mode and post the results of the AVG Anti-Spyware report scan.
-Ryan
  • 0

#25
Feisty
Posted 26 December 2006 - 12:32 PM

Feisty

    Member

  • Topic Starter
  • Member
  • PipPip
  • 58 posts
Hi! Hope you/yall had a nice Christmas.
Here are the results (assuming I didn't screw anything up). :whistling:

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 12:10:32 PM 12/26/2006

+ Scan result:



C:\System Volume Information\_restore{FBB5BF68-DC58-4256-8610-EF5C3646385E}\RP901\A0241785.dll -> Adware.Comet : Cleaned.
C:\System Volume Information\_restore{FBB5BF68-DC58-4256-8610-EF5C3646385E}\RP901\A0241786.dll -> Adware.Comet : Cleaned.
C:\System Volume Information\_restore{FBB5BF68-DC58-4256-8610-EF5C3646385E}\RP901\A0241787.DLL -> Adware.Websearch : Cleaned.
:mozilla.130:C:\Documents and Settings\Kasey\Application Data\Mozilla\Firefox\Profiles\90dbwezj.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.120:C:\Documents and Settings\Kasey\Application Data\Mozilla\Firefox\Profiles\90dbwezj.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.139:C:\Documents and Settings\Kasey\Application Data\Mozilla\Firefox\Profiles\90dbwezj.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.141:C:\Documents and Settings\Kasey\Application Data\Mozilla\Firefox\Profiles\90dbwezj.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.71:C:\Documents and Settings\Kasey\Application Data\Mozilla\Firefox\Profiles\90dbwezj.default\cookies.txt -> TrackingCookie.Adserver : Cleaned.
:mozilla.19:C:\Documents and Settings\Kasey\Application Data\Mozilla\Firefox\Profiles\90dbwezj.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.127:C:\Documents and Settings\Kasey\Application Data\Mozilla\Firefox\Profiles\90dbwezj.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.25:C:\Documents and Settings\Kasey\Application Data\Mozilla\Firefox\Profiles\90dbwezj.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.14:C:\Documents and Settings\Kasey\Application Data\Mozilla\Firefox\Profiles\90dbwezj.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.111:C:\Documents and Settings\Kasey\Application Data\Mozilla\Firefox\Profiles\90dbwezj.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.78:C:\Documents and Settings\Kasey\Application Data\Mozilla\Firefox\Profiles\90dbwezj.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.90:C:\Documents and Settings\Kasey\Application Data\Mozilla\Firefox\Profiles\90dbwezj.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.34:C:\Documents and Settings\Kasey\Application Data\Mozilla\Firefox\Profiles\90dbwezj.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.75:C:\Documents and Settings\Kasey\Application Data\Mozilla\Firefox\Profiles\90dbwezj.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.23:C:\Documents and Settings\Kasey\Application Data\Mozilla\Firefox\Profiles\90dbwezj.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.134:C:\Documents and Settings\Kasey\Application Data\Mozilla\Firefox\Profiles\90dbwezj.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.48:C:\Documents and Settings\Kasey\Application Data\Mozilla\Firefox\Profiles\90dbwezj.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
C:\Program Files\Paltalk\pticon1.dll -> Trojan.Messenger.a : Cleaned.


::Report end
_____

Logfile of HijackThis v1.99.1
Scan saved at 12:32:17 PM, on 12/26/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\System32\cisvc.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Support.com\bin\tgcmd.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Outlook Express\msimn.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://support.dell.com/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn6\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn6\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn6\yt.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\bin\tgcmd.exe" /server /startmonitor /deaf
O4 - HKLM\..\Run: [SSRunScript] "C:\Program Files\Support.com\Charter\bin\SSRunScript.exe" /script "C:\Program Files\Support.com\Charter\vbs\verifyconnection.vbs" /args //b startupdelay
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Register MediaRing Talk] C:\Program Files\MediaRing Talk\register.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebo...otoUploader.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1140389620387
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://72.32.179.44/...ewer/isetup.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
  • 0

Advertisements

#26
Ryan
Posted 26 December 2006 - 11:30 PM

Ryan

    Member 4k

  • Member
  • PipPipPipPipPipPipPip
  • 4,867 posts
Congratulations, your log is CLEAN :whistling:

We have a couple of last steps to perform and then you're all set.

First, let's reset your hidden/system files and folders. System files are hidden for a reason and we don't want to have them openly available and susceptible to accidental deletion.
* Click Start.
* Open My Computer.
* Select the Tools menu and click Folder Options.
* Select the View tab.
* Under the Hidden files and folders heading UNSELECT Show hidden files and folders.
* CHECK the Hide protected operating system files (recommended) option.
* Click Yes to confirm.
* Click OK.
Next, let's clean your restore points and set a new one:

Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs from changing those files. This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected)1. Turn off System Restore.On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.
2. Restart your computer.

3. Turn ON System Restore.On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check Turn off System Restore.
Click Apply, and then click OK.
[/list]System Restore will now be active again.

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programs:
  • SpywareBlaster to help prevent spyware from installing in the first place.
  • SpywareGuard to catch and block spyware before it can execute.
  • IESpy-Ad to block access to malicious websites so you cannot be redirected to them from an infected site or email.
You should also have a good firewall. Here are 2 free ones available for personal use:and a good antivirus (these are also free for personal use):It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To keep your operating system up to date visitmonthly. And to keep your system clean run these free malware scannersweekly, and be aware of what emails you open and websites you visit.

We highly recommend installing SP2 (if you haven't already). Click here: http://windowsupdate.microsoft.com/.
-or-
It's a very large download, so if you're on dial-up, order a free CD here:
http://www.microsoft...default810.mspx


To learn more about how to protect yourself while on the internet read this article by Tony Klein: So how did I get infected in the first place?

Do you have any other questions or concerns? This thread will be left open for a few more days, so feel free to ask.

-Ryan
  • 0

#27
Feisty
Posted 31 December 2006 - 12:23 PM

Feisty

    Member

  • Topic Starter
  • Member
  • PipPip
  • 58 posts
Hi!

Please don't close this thread yet as I have company in for the holidays and haven't had time to go through what you suggested yet. WIll try to get to it within the next couple of days. I do have a couple follow up questions.

Hope you had a great Christmas and Happy New Year toya hon. :whistling:
  • 0

#28
Ryan
Posted 10 January 2007 - 08:34 PM

Ryan

    Member 4k

  • Member
  • PipPipPipPipPipPipPip
  • 4,867 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :whistling:

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP