[Stamper19]

Hi Louise,

Things are looking better. Few more things to clean up, and a bit of housekeeping to do. Then we'll run one more anti-spyware scan to make sure nothing is hiding out.

----------------------------------------------------------------

Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll
O2 - BHO: Watch for Browser Events - {516E2306-7ADF-47EC-AEA8-ACB6B51899F1} - C:\PROGRA~1\MACROE~1\iCapture.dll
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll

Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis.

----------------------------------------------------------------

Please go to Start > Control Panel > Add/Remove Programs and remove the following (if present):

Macro Express 3

Please note any other programs that you dont recognize in that list in your next response

----------------------------------------------------------------

Using Windows Explorer (to get there right-click your Start button and go to "Explore"), please delete these FOLDERS (if present):

C:\Program Files\Macrogaming

----------------------------------------------------------------

Please update Java.

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version of Java components and upgrade the application. Beware it is NOT supported for use in Windows 9x or ME and probably will not install in those systems

Ugrading Java:

• Download the latest version of Java Runtime Environment (JRE) 6 Update 3.
• Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
• Click the "Download" button to the right.
• Check the box that says: "Accept License Agreement".
• The page will refresh.
• Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
• Close any programs you may have running - especially your web browser.
• Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
• Check any item with Java Runtime Environment (JRE or J2SE) in the name.
• Click the Remove or Change/Remove button.
• Repeat as many times as necessary to remove each Java version.
• Reboot your computer once all Java components are removed.
• Then from your desktop double-click on the download to install the newest version.

----------------------------------------------------------------

Download and scan with SUPERAntiSypware Free for Home Users

• Double-click SUPERAntiSypware.exe and use the default settings for installation.
• An icon will be created on your desktop. Double-click that icon to launch the program.
• If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
• Under "Configuration and Preferences", click the Preferences button.
• Click the Scanning Control tab.
• Under Scanner Options make sure the following are checked (leave all others unchecked):
  • Close browsers before scanning.
  • Scan for tracking cookies.
  • Terminate memory threats before quarantining.
• Click the "Close" button to leave the control center screen.
• Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
• On the left, make sure you check C:\Fixed Drive.
• On the right, under "Complete Scan", choose Perform Complete Scan.
• Click "Next" to start the scan. Please be patient while it scans your computer.
• After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
• Make sure everything has a checkmark next to it and click "Next".
• A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
• If asked if you want to reboot, click "Yes".
• To retrieve the removal information after reboot, launch SUPERAntispyware again.
  • Click Preferences, then click the Statistics/Logs tab.
  • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
  • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
  • Please copy and paste the Scan Log results in your next reply.
• Click Close to exit the program.

----------------------------------------------------------------

Information to include in your next post:

• SuperAntiSpyware Log
• Fresh HiJack This Log
• Let me know how the computer is running.

[Advertisements]

Hiyas Stamper

I am on my way to work and will do these when I get home for lunch today...... I do have a question tho. Why did you want me to remove Macro Express 3? I volunteer as a Tournament Director on an online Spades Site and use this program to run my Macros....... if it needs to go I can remove it, but would like to keep it.


Louise

[WezVillag]

Hiyas Stamper

I am on my way to work and will do these when I get home for lunch today...... I do have a question tho. Why did you want me to remove Macro Express 3? I volunteer as a Tournament Director on an online Spades Site and use this program to run my Macros....... if it needs to go I can remove it, but would like to keep it.


Louise

[Stamper19]

Some places recognize it as adware. Its not anything really devious, so if you use it feel free to keep it - as long as you are aware. Just skip the first three parts of the previous instructions (that means you only need to update java and run superantispyware)

[WezVillag]

Hiyas STamper!!! Hope your day was great!!!! Here are the logs you asked for!!!!

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 11/06/2007 at 01:04 PM

Application Version : 3.9.1008

Core Rules Database Version : 3338
Trace Rules Database Version: 1339

Scan type : Quick Scan
Total Scan Time : 00:16:15

Memory items scanned : 312
Memory threats detected : 0
Registry items scanned : 775
Registry threats detected : 3
File items scanned : 25775
File threats detected : 132

Adware.Tracking Cookie
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@mediaplex[2].txt
C:\Documents and Settings\HP_Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@qnsr[1].txt
C:\Documents and Settings\HP_Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@hitbox[2].txt
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@2o7[1].txt
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@bluestreak[1].txt
C:\Documents and Settings\HP_Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\HP_Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@doubleclick[2].txt
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@atdmt[2].txt
C:\USERDATA\Cookies\hp_owner@2o7[1].txt
C:\USERDATA\Cookies\[email protected][1].txt
C:\USERDATA\Cookies\[email protected][2].txt
C:\USERDATA\Cookies\hp_owner@adbrite[2].txt
C:\USERDATA\Cookies\hp_owner@adecn[1].txt
C:\USERDATA\Cookies\hp_owner@adinterax[1].txt
C:\USERDATA\Cookies\hp_owner@adjuggler[1].txt
C:\USERDATA\Cookies\hp_owner@adknowledge[2].txt
C:\USERDATA\Cookies\hp_owner@adlegend[1].txt
C:\USERDATA\Cookies\hp_owner@admarketplace[2].txt
C:\USERDATA\Cookies\[email protected][2].txt
C:\USERDATA\Cookies\[email protected][2].txt
C:\USERDATA\Cookies\[email protected][2].txt
C:\USERDATA\Cookies\[email protected][1].txt
C:\USERDATA\Cookies\[email protected][1].txt
C:\USERDATA\Cookies\[email protected][2].txt
C:\USERDATA\Cookies\[email protected][2].txt
C:\USERDATA\Cookies\[email protected][1].txt
C:\USERDATA\Cookies\[email protected][1].txt
C:\USERDATA\Cookies\[email protected][1].txt
C:\USERDATA\Cookies\[email protected][1].txt
C:\USERDATA\Cookies\[email protected][2].txt
C:\USERDATA\Cookies\hp_owner@advertising[2].txt
C:\USERDATA\Cookies\[email protected][1].txt
C:\USERDATA\Cookies\[email protected][2].txt
C:\USERDATA\Cookies\[email protected][2].txt
C:\USERDATA\Cookies\[email protected][2].txt
C:\USERDATA\Cookies\[email protected][1].txt
C:\USERDATA\Cookies\[email protected][1].txt
C:\USERDATA\Cookies\hp_owner@atdmt[2].txt
C:\USERDATA\Cookies\hp_owner@atwola[2].txt
C:\USERDATA\Cookies\[email protected][2].txt
C:\USERDATA\Cookies\[email protected][1].txt
C:\USERDATA\Cookies\[email protected][2].txt
C:\USERDATA\Cookies\hp_owner@bannercpm[1].txt
C:\USERDATA\Cookies\hp_owner@belnk[1].txt
C:\USERDATA\Cookies\hp_owner@bizrate[1].txt
C:\USERDATA\Cookies\hp_owner@bravenetmedianetwork[1].txt
C:\USERDATA\Cookies\[email protected][2].txt
C:\USERDATA\Cookies\hp_owner@burstnet[1].txt
C:\USERDATA\Cookies\[email protected][1].txt
C:\USERDATA\Cookies\[email protected][2].txt
C:\USERDATA\Cookies\hp_owner@clicksor[1].txt
C:\USERDATA\Cookies\[email protected][1].txt
C:\USERDATA\Cookies\hp_owner@coolsavings[2].txt
C:\USERDATA\Cookies\[email protected][1].txt
C:\USERDATA\Cookies\hp_owner@cpvfeed[1].txt
C:\USERDATA\Cookies\[email protected][2].txt
C:\USERDATA\Cookies\[email protected][2].txt
C:\USERDATA\Cookies\[email protected][1].txt
C:\USERDATA\Cookies\[email protected][2].txt
C:\USERDATA\Cookies\hp_owner@dealtime[1].txt
C:\USERDATA\Cookies\[email protected][2].txt
C:\USERDATA\Cookies\[email protected][1].txt
C:\USERDATA\Cookies\[email protected][1].txt
C:\USERDATA\Cookies\hp_owner@doubleclick[2].txt
C:\USERDATA\Cookies\[email protected][1].txt
C:\USERDATA\Cookies\hp_owner@exitexchange[2].txt
C:\USERDATA\Cookies\hp_owner@fortunecity[2].txt
C:\USERDATA\Cookies\[email protected][1].txt
C:\USERDATA\Cookies\hp_owner@indexstats[2].txt
C:\USERDATA\Cookies\hp_owner@jamster[1].txt
C:\USERDATA\Cookies\hp_owner@kanoodle[2].txt
C:\USERDATA\Cookies\hp_owner@leadgenetwork[2].txt
C:\USERDATA\Cookies\[email protected][1].txt
C:\USERDATA\Cookies\[email protected][2].txt
C:\USERDATA\Cookies\[email protected][2].txt
C:\USERDATA\Cookies\hp_owner@maxserving[2].txt
C:\USERDATA\Cookies\[email protected][1].txt
C:\USERDATA\Cookies\hp_owner@mediaplex[1].txt
C:\USERDATA\Cookies\[email protected][1].txt
C:\USERDATA\Cookies\hp_owner@nbads[2].txt
C:\USERDATA\Cookies\hp_owner@nextag[1].txt
C:\USERDATA\Cookies\hp_owner@optimost[1].txt
C:\USERDATA\Cookies\hp_owner@overture[2].txt
C:\USERDATA\Cookies\[email protected][1].txt
C:\USERDATA\Cookies\[email protected][1].txt
C:\USERDATA\Cookies\hp_owner@popularscreensavers[2].txt
C:\USERDATA\Cookies\hp_owner@qnsr[1].txt
C:\USERDATA\Cookies\hp_owner@questionmarket[1].txt
C:\USERDATA\Cookies\hp_owner@realmedia[2].txt
C:\USERDATA\Cookies\[email protected][1].txt
C:\USERDATA\Cookies\[email protected][2].txt
C:\USERDATA\Cookies\hp_owner@revenue[1].txt
C:\USERDATA\Cookies\hp_owner@revsci[2].txt
C:\USERDATA\Cookies\hp_owner@roiservice[2].txt
C:\USERDATA\Cookies\[email protected][2].txt
C:\USERDATA\Cookies\[email protected][1].txt
C:\USERDATA\Cookies\[email protected][1].txt
C:\USERDATA\Cookies\hp_owner@serving-sys[1].txt
C:\USERDATA\Cookies\hp_owner@smileycentral[2].txt
C:\USERDATA\Cookies\[email protected][2].txt
C:\USERDATA\Cookies\[email protected][2].txt
C:\USERDATA\Cookies\[email protected][1].txt
C:\USERDATA\Cookies\hp_owner@tacoda[2].txt
C:\USERDATA\Cookies\hp_owner@targetnet[1].txt
C:\USERDATA\Cookies\hp_owner@ticketsnow[2].txt
C:\USERDATA\Cookies\hp_owner@toplist[2].txt
C:\USERDATA\Cookies\[email protected][1].txt
C:\USERDATA\Cookies\hp_owner@trafficmp[1].txt
C:\USERDATA\Cookies\hp_owner@tribalfusion[2].txt
C:\USERDATA\Cookies\[email protected][2].txt
C:\USERDATA\Cookies\[email protected][2].txt
C:\USERDATA\Cookies\hp_owner@webpower[1].txt
C:\USERDATA\Cookies\hp_owner@webstats4u[2].txt
C:\USERDATA\Cookies\[email protected][1].txt
C:\USERDATA\Cookies\[email protected][1].txt
C:\USERDATA\Cookies\[email protected][2].txt
C:\USERDATA\Cookies\[email protected][2].txt
C:\USERDATA\Cookies\[email protected][2].txt
C:\USERDATA\Cookies\[email protected][1].txt
C:\USERDATA\Cookies\[email protected][1].txt
C:\USERDATA\Cookies\[email protected][1].txt
C:\USERDATA\Cookies\hp_owner@zedo[2].txt

Adware.MovieLand/MediaPipe
C:\Program Files\moviepass Terms.html

Trojan.WinAntiSpyware 2007
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WAS7_is1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WAS7_is1#UninstallString
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WAS7_is1#QuietUninstallString

Trojan.NewDotNet
C:\QOOBOX\QUARANTINE\C\WINDOWS\NDNUNINSTALL7_22.EXE.VIR

RelevantKnowledge Spyware Component
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\RLVKNLG.EXE.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\RLXF.DLL.VIR
C:\_OTMOVEIT\MOVEDFILES\WINDOWS\SYSTEM32\RLPH.DLL

Trojan.TaskDir
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\ZLBW.DLL.VIR

Trojan.Downloader-Gen/BundleBase
C:\WINDOWS\SYSTEM32\MZ02R\MZ02R1065.EXE




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:36:19 PM, on 11/6/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\livecall.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Documents and Settings\HP_Owner\My Documents\Mystic Island\MLobby.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.h...a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.h...a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.h...a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.h...a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.h...a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.h...a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://accountservi...egXPWizCredOnly
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Watch for Browser Events - {42A7CE31-CEE7-4CCE-A060-A44A7E52E062} - C:\PROGRA~1\KEYBOA~1\kie.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O4 - HKLM\..\Run: [SiSPower] "Rundll32.exe" SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\spyware doctor\filterlsp.dll
O15 - Trusted Zone: *.sbcglobal.net
O15 - Trusted Zone: http://*.sbcglobal.net
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/...UI.cab55579.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com...p/PCPitStop.CAB
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {10093E98-C073-4C75-8D0E-FB5CD3A71D33} (ZoneUpwords Object) - http://messenger.zon...ds.cab57176.cab
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.mess.../Medialogic.CAB
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...er.cab31267.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/...dy.cab55579.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/...at.cab55579.cab
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://messenger.zon...mjolauncher.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {97E71027-0BA2-44F2-97DB-F84D808ED0B6} (MessengerStatsClient Class) - http://messenger.zon...nt.cab55762.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} (MSN Games – Texas Holdem Poker) - http://zone.msn.com/...he.cab60231.cab
O16 - DPF: {A031D222-B496-11D2-9CC8-00105A10AAF6} (WONWebLauncher Class) - http://hoylegames.si...cherControl.cab
O16 - DPF: {A4110378-789B-455F-AE86-3A1BFC402853} (ZPA_SHVL Object) - http://zone.msn.com/...vl.cab55579.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zon...ro.cab56649.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zon...ot.cab57213.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O16 - DPF: {CAC181B0-4D70-402D-B571-C596A47D0CE0} (CBankshotZoneCtrl Class) - http://zone.msn.com/...ol.cab56649.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/...xy.cab55579.cab
O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) - http://messenger.zon...oF.cab57176.cab
O16 - DPF: {EF148DBB-5B6D-4130-B2A1-661571E86260} (Playtime Games Launcher) - http://download-game...ameLauncher.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by112fd.bay11...ex/HMAtchmt.ocx
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zon...er.cab56986.cab
O16 - DPF: {FA945BB6-9D37-43FC-9B2A-AF09F56CBBF0} (moDiagCollectionActiveX Object) - http://www.musicmatc...tionControl.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 8594 bytes

[Stamper19]

Hi Louise,

Congrats - your logs are all clean

There are still a couple of things you should do for the sake of cleaning up.

---------------------------------------------------------------

Lets delete all the tools we downloaded.

• Please double-click OTMoveIt.exe to run it.
• Click the Clean Up button
• Click YES at the next prompt (list downloaded, Do you want to begin cleanup process?)
• Click Yes to the reboot

----------------------------------------------------------------

Please clear and reset your system restore points.

To reset your restore points, please note that you will need to log into your computer with an account which has full administrator access. You will know if the account has administrator access because you will be able to see the System Restore tab. If the tab is missing, you are logged in under a limited account.

(Windows XP)
1. Turn off System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

2. Reboot.

3. Turn ON System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK.

How to Turn On and Turn Off System Restore in Windows XP
http://support.micro...kb;en-us;310405

----------------------------------------------------------------

Otherwise, unless you have any questions, you are all set. Included below are some tips for keeping your computer malware free in the future.

Cheers,
Stamper

----------------------------------------------------------------

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:

• Make your Internet Explorer more secure - This can be done by following these simple instructions:
  • From within Internet Explorer click on the Tools menu and then click on Options.
  • Click once on the Security tab
  • Click once on the Internet icon so it becomes highlighted.
  • Click once on the Custom Level button.
    • Change the Download signed ActiveX controls to Prompt
    • Change the Download unsigned ActiveX controls to Disable
    • Change the Initialize and script ActiveX controls not marked as safe to Disable
    • Change the Installation of desktop items to Prompt
    • Change the Launching programs and files in an IFRAME to Prompt
    • Change the Navigate sub-frames across different domains to Prompt
    • When all these settings have been made, click on the OK button.
    • If it prompts you as to whether or not you want to save the settings, press the Yes button.
  • Next press the Apply button and then the OK to exit the Internet Properties page.
• Use an AntiVirus Software - It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future.
  
  See this link for a listing of some online & their stand-alone antivirus programs:
  
  Virus, Spyware, and Malware Protection and Removal Resources
  
  
• Update your AntiVirus Software - It is imperitive that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.
  
  
• Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is succeptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.
  
  For a tutorial on Firewalls and a listing of some available ones see the link below:
  
  Understanding and Using Firewalls
  
  
• Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
  
  
• Install Spybot - Search and Destroy - Install and download Spybot - Search and Destroy with its TeaTimer option. This will provide realtime spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with program on a regular basis just as you would an antivirus software.
  
  A tutorial on installing & using this product can be found here:
  
  Using Spybot - Search & Destroy to remove Spyware , Malware, and Hijackers
  
  
• Install Ad-Aware - Install and download Ad-Aware. ou should also scan your computer with program on a regular basis just as you would an antivirus software in conjunction with Spybot.
  
  A tutorial on installing & using this product can be found here:
  
  Using Ad-aware to remove Spyware, Malware, & Hijackers from Your Computer
  
  
• Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.
  
  A tutorial on installing & using this product can be found here:
  
  Using SpywareBlaster to protect your computer from Spyware and Malware
  
  
• Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.

Follow this list and your potential for being infected again will reduce dramatically.

here are some additional utilities that will enhance your safety

[list][*]IE/Spyad <= IE/Spyad places over 4000 websites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites.
[*]MVPS Hosts file <= The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your coputer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer
[*]Google Toolbar <= Get the free google toolbar to help stop pop up windows.
[*]Winpatrol <= Download and install the free version of Winpatrol. a tutorial for this product is located here:
[b][URL=http://www.winpatrol.com/features.html] Using Winpatrol to protect your computer from malicious software[/URL

[WezVillag]

Hi Stamper
I did a scan this morning on my Webroot........ the virus I am worried about still keeps coming up


6:26 AM: Removal process completed. Elapsed time 00:01:34
6:26 AM: Quarantining All Traces: mediaplex cookie
6:26 AM: Quarantining All Traces: ru4 cookie
6:26 AM: Quarantining All Traces: atwola cookie
6:26 AM: Quarantining All Traces: atlas dmt cookie
6:26 AM: Quarantining All Traces: tacoda cookie
6:26 AM: Quarantining All Traces: advertising cookie
6:26 AM: Quarantining All Traces: 2o7.net cookie
6:26 AM: Informational: Virus infected file c:\qoobox\quarantine\c\windows\system32\jkkli.dll.vir not cleaned.
6:26 AM: Informational: File c:\qoobox\quarantine\c\windows\system32\jkkli.dll.vir still infected with virus Troj/Virtum-Gen after 20 rounds of disinfection.
6:26 AM: Informational: File c:\qoobox\quarantine\c\windows\system32\jkkli.dll.vir still infected with virus Troj/Virtum-Gen after 19 rounds of disinfection.
6:26 AM: Informational: File c:\qoobox\quarantine\c\windows\system32\jkkli.dll.vir still infected with virus Troj/Virtum-Gen after 18 rounds of disinfection.
6:26 AM: Informational: File c:\qoobox\quarantine\c\windows\system32\jkkli.dll.vir still infected with virus Troj/Virtum-Gen after 17 rounds of disinfection.
6:26 AM: Informational: File c:\qoobox\quarantine\c\windows\system32\jkkli.dll.vir still infected with virus Troj/Virtum-Gen after 16 rounds of disinfection.
6:26 AM: Informational: File c:\qoobox\quarantine\c\windows\system32\jkkli.dll.vir still infected with virus Troj/Virtum-Gen after 15 rounds of disinfection.

[Stamper19]

Those files are all in a quarantine folder - nothing to worry about. When you complete the two steps in that last set of instructions the quarantine folder those files are in will be removed

[WezVillag]

Sigh ok new scan I ran while at work

8:03 AM: Informational: Virus infected file c:\system volume information\_restore{dde3eb95-4b24-44d8-ad38-1f974b96c2f0}\rp411\a0050238.dll not cleaned.
said the virus was not quarantined

[Stamper19]

Thats also a backup file - system restore. When you clear and reset your restore points (also in the last set of instructions) that will get rid of it

[WezVillag]

Hiyas Stamper,

I did the two steps cleaned my computer with OTM, reset restore points, rebooted, ran a scan and still get the virus coming up in Webroot stating quarantine failed........

5:44 PM: Quarantining All Traces: Troj/Virtum-Gen
5:44 PM: Informational: Virus infected file c:\recycler\s-1-5-21-3168006071-2997671176-715482239-1009\dc5\jkkli.dll.vir not cleaned.

[Stamper19]

Thats the recycle bin - again - nothing to worry about. Empty the recycle bin, or run ATF cleaner again and that will get rid of it.

[WezVillag]

lol I guess I'm just expecting it to not show at all ........ gonna miss that eye of yours stamper!!!!
Thanks Sooooooooooooooooo Much!!!

[Stamper19]

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.