Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

[Referred]Please help Browser Hijack [RESOLVED]


  • This topic is locked This topic is locked

#16
feduppcuser

feduppcuser

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
All done. I hope you can help! Here are my logs...

Logfile of HijackThis v1.99.1
Scan saved at 12:43:55, on 21/05/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\csrss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\spoolsv.exe
C:\windows\System32\alg.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\windows\System32\nvsvc32.exe
C:\windows\System32\slpservice.exe
C:\windows\System32\slpmonx.exe
C:\windows\System32\xl.exe
C:\windows\Explorer.EXE
C:\windows\LTSMMSG.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\HYPER\QUICKSYS.EXE
C:\HYPER\ACTIVSYS.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\INTEL\DSLSetup\ProDsl.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\QuickTime\qttask.exe
C:\windows\SM1BG.EXE
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Sony\VAIO Action Setup\VAServ.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Palm\HOTSYNC.EXE
C:\WINDOWS\Seiko\slpcap.exe
C:\Program Files\CASIO\Photo Loader\Plauto.exe
C:\windows\System32\wuauclt.exe
C:\Program Files\TechSmith\SnagIt 7\SnagIt32.exe
C:\Program Files\TechSmith\SnagIt 7\TSCHelp.exe
C:\Downloads\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.quicknavi...earch.php?qq=%1
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.quicknavi...earch.php?qq=%1
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar5.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [LTSMMSG] LTSMMSG.exe
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [HyperOS Agent] "C:\HYPER\QUICKSYS.EXE"
O4 - HKLM\..\Run: [HyperOS Active System Reporter] "C:\HYPER\ACTIVSYS.EXE"
O4 - HKLM\..\Run: [WinMove] c:\hyper\WINMOVE.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [DSL Connection Manager] C:\Program Files\INTEL\DSLSetup\ProDsl.exe
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SM1BG] C:\windows\SM1BG.EXE
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: VAIO Action Setup (Server).lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O4 - Global Startup: HotSync Manager.lnk = C:\Palm\HOTSYNC.EXE
O4 - Global Startup: SmartCapture.lnk = C:\WINDOWS\Seiko\slpcap.exe
O4 - Global Startup: Photo Loader supervisory.lnk = C:\Program Files\CASIO\Photo Loader\Plauto.exe
O4 - Global Startup: SnagIt 7.lnk = C:\Program Files\TechSmith\SnagIt 7\SnagIt32.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar5.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar5.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar5.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar5.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar5.dll/cmtrans.html
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll (file missing)
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\windows\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\windows\web\related.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O14 - IERESET.INF: START_PAGE_URL=http://www.club-vaio.sony-europe.com
O15 - Trusted Zone: *.sony-europe.com
O15 - Trusted Zone: *.sonystyle-europe.com
O15 - Trusted Zone: *.vaio-link.com
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg...ol_v1-0-3-9.cab
O16 - DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} (PWMediaSendControl Class) - http://216.249.24.14...tiveXImgCtl.CAB
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg...ol_v1-0-3-0.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.h.../qdiagh.cab?325
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\windows\System32\nvsvc32.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SLPMONX - ProdEx Technologies - C:\windows\System32\slpservice.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: AT-VPN Client (VPNCLIENT) - Allied Telesyn Research - C:\Program Files\Allied Telesyn\AT-VPN Client\VPNClient.exe
O23 - Service: XtreamLok License Manager - Unknown owner - C:\windows\System32\xl.exe


Incident Status Location

Adware:Adware/CWS No disinfected C:\Documents and Settings\Chris\Favorites\Online Gambling\Online Gambling.url
Adware:Adware/ILookup No disinfected C:\Program Files\Internet Explorer\Iesearch.exe
Adware:Adware/ExactSearch No disinfected Windows Registry
Adware:Adware/Popuper No disinfected C:\Online Pharmacy.url
Adware:Adware/Virmaid No disinfected C:\windows\System32\perfcii.ini
Adware:Adware/Perfect-Search No disinfected C:\Documents and Settings\Chris\Favorites\Online Pharmacy\Adipex.url
Possible Virus. No disinfected C:\Documents and Settings\All Users\Documents\Downloads from C on 29-11-04\dvdwpro.exe
Adware:Adware/Popuper No disinfected C:\Documents and Settings\All Users\Start Menu\Online Casino.url
Adware:Adware/Perfect-Search No disinfected C:\Documents and Settings\Chris\Favorites\Online Pharmacy\Online Pharmacy.url
Adware:Adware/Perfect-Search No disinfected C:\Documents and Settings\Chris\Favorites\Online Pharmacy\Adipex.url
Adware:Adware/Perfect-Search No disinfected C:\Documents and Settings\Chris\Favorites\Online Pharmacy\Alprazolam.url
Adware:Adware/Perfect-Search No disinfected C:\Documents and Settings\Chris\Favorites\Online Pharmacy\Carisoprodol.url
Adware:Adware/Perfect-Search No disinfected C:\Documents and Settings\Chris\Favorites\Online Pharmacy\Diazepam.url
Adware:Adware/Perfect-Search No disinfected C:\Documents and Settings\Chris\Favorites\Online Pharmacy\Hydrocodone.url
Adware:Adware/CWS No disinfected C:\Documents and Settings\Chris\Favorites\Online Pharmacy\Lortab.url
Adware:Adware/Perfect-Search No disinfected C:\Documents and Settings\Chris\Favorites\Online Pharmacy\Prozac.url
Adware:Adware/Perfect-Search No disinfected C:\Documents and Settings\Chris\Favorites\Online Pharmacy\Valium.url
Adware:Adware/Perfect-Search No disinfected C:\Documents and Settings\Chris\Favorites\Online Pharmacy\Vicodin.url
Adware:Adware/Perfect-Search No disinfected C:\Documents and Settings\Chris\Favorites\Online Pharmacy\Xanax.url
Adware:Adware/CWS No disinfected C:\Documents and Settings\Chris\Favorites\Online Gambling\Online Gambling.url
Adware:Adware/Popuper No disinfected C:\Documents and Settings\Chris\Favorites\Black Jack Online.url
Adware:Adware/Popuper No disinfected C:\Documents and Settings\Chris\Favorites\Online Gambling.url
Adware:Adware/Popuper No disinfected C:\Documents and Settings\Chris\Favorites\Home Loan.url
Adware:Adware/Popuper No disinfected C:\Documents and Settings\Chris\Favorites\Online Pharmacy.url
Adware:Adware/Popuper No disinfected C:\Documents and Settings\Chris\Favorites\Spyware Removal.url
Adware:Adware/Popuper No disinfected C:\Documents and Settings\Chris\Favorites\Network Security.url
Adware:Adware/Popuper No disinfected C:\Documents and Settings\Chris\Favorites\Anti Spam.url
Adware:Adware/Popuper No disinfected C:\Documents and Settings\Chris\My Documents\Your Scanner.url
Adware:Adware/ILookup No disinfected C:\Program Files\Internet Explorer\Iesearch.exe
Adware:Adware/Virmaid No disinfected C:\WINDOWS\system32\perfcii.ini
Adware:Adware/Popuper No disinfected C:\Online Pharmacy.url
  • 0

Advertisements


#17
Michelle

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
Microsoft Anti-Spyware is going to keep putting the below back in even though that particular infection is gone:

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.quicknavi...earch.php?qq=%1
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.quicknavi...earch.php?qq=%1

They will need to be cleared out of there by doing the following:

*Open Antispyware.
*In the right upper corner go to Advanced tools
*Under System tools press Browser Hijack Restore
*Then Please click on 'Change restore setting to a new URL'. Change it to something you like to use as your homepage
*If prompted for the change, allow it.
*Then, when the left hand side is showing a 'good' restore, press 'restore this setting now'.
***We need to get a non-infected page there***

Do you know what these are?

C:\HYPER\QUICKSYS.EXE
C:\HYPER\ACTIVSYS.EXE
  • 0

#18
feduppcuser

feduppcuser

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
I think those two entries are for Hyper OS. Its a utility that lets you run multiple operating systems on one PC.

So far I have seen no evidence of any spyware on my PC. I have noticed that MSN loads automatically when I start even though I have unchecked Tools, Options, Preferences 'Run this program when Windows starts'. This seemed to start when the spyware problems started.
  • 0

#19
Michelle

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
Did you follow the instructions for removing the quicknavigate entries out of Microsoft Anti-Spyware?
  • 0

#20
Michelle

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
Then, Run HiJackThis. Place a check next to the following items and click FIX CHECKED:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.quicknavi...earch.php?qq=%1
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.quicknavi...earch.php?qq=%1

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\windows\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\windows\web\related.htm


Close HiJackThis.

Delete the following, in bold, all of them are there:

C:\windows\System32\perfcii.ini
C:\Documents and Settings\Chris\Favorites\Online Gambling
C:\Program Files\Internet Explorer\Iesearch.exe
C:\Online Pharmacy.url
C:\Documents and Settings\Chris\Favorites\Online Pharmacy
C:\Documents and Settings\All Users\Start Menu\Online Casino.url
C:\Documents and Settings\Chris\Favorites\Black Jack Online.url
C:\Documents and Settings\Chris\Favorites\Online Gambling.url
C:\Documents and Settings\Chris\Favorites\Home Loan.url
C:\Documents and Settings\Chris\Favorites\Online Pharmacy.url
C:\Documents and Settings\Chris\Favorites\Spyware Removal.url
C:\Documents and Settings\Chris\Favorites\Network Security.url
C:\Documents and Settings\Chris\Favorites\Anti Spam.url
C:\Documents and Settings\Chris\My Documents\Your Scanner.url

Reboot and post a new HiJackThis log.
  • 0

#21
feduppcuser

feduppcuser

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
Sorry I missed your previous post. I did remove the entries from Microsoft Antispyware.

I followed the instructions and touch wood everything is looking good! The new HJT log is as follows:

Logfile of HijackThis v1.99.1
Scan saved at 11:55:55, on 22/05/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\csrss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\spoolsv.exe
C:\windows\System32\alg.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\windows\System32\nvsvc32.exe
C:\windows\System32\slpservice.exe
C:\windows\System32\xl.exe
C:\windows\System32\slpmonx.exe
C:\windows\Explorer.EXE
C:\windows\LTSMMSG.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\HYPER\QUICKSYS.EXE
C:\HYPER\ACTIVSYS.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\INTEL\DSLSetup\ProDsl.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\QuickTime\qttask.exe
C:\windows\SM1BG.EXE
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Sony\VAIO Action Setup\VAServ.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Palm\HOTSYNC.EXE
C:\WINDOWS\Seiko\slpcap.exe
C:\Program Files\CASIO\Photo Loader\Plauto.exe
C:\windows\System32\wuauclt.exe
C:\Program Files\TechSmith\SnagIt 7\SnagIt32.exe
C:\Program Files\TechSmith\SnagIt 7\TSCHelp.exe
C:\windows\System32\wuauclt.exe
C:\Downloads\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.co.uk
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar5.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [LTSMMSG] LTSMMSG.exe
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [HyperOS Agent] "C:\HYPER\QUICKSYS.EXE"
O4 - HKLM\..\Run: [HyperOS Active System Reporter] "C:\HYPER\ACTIVSYS.EXE"
O4 - HKLM\..\Run: [WinMove] c:\hyper\WINMOVE.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [DSL Connection Manager] C:\Program Files\INTEL\DSLSetup\ProDsl.exe
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SM1BG] C:\windows\SM1BG.EXE
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: VAIO Action Setup (Server).lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O4 - Global Startup: HotSync Manager.lnk = C:\Palm\HOTSYNC.EXE
O4 - Global Startup: SmartCapture.lnk = C:\WINDOWS\Seiko\slpcap.exe
O4 - Global Startup: Photo Loader supervisory.lnk = C:\Program Files\CASIO\Photo Loader\Plauto.exe
O4 - Global Startup: SnagIt 7.lnk = C:\Program Files\TechSmith\SnagIt 7\SnagIt32.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar5.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar5.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar5.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar5.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar5.dll/cmtrans.html
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll (file missing)
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O14 - IERESET.INF: START_PAGE_URL=http://www.club-vaio.sony-europe.com
O15 - Trusted Zone: *.sony-europe.com
O15 - Trusted Zone: *.sonystyle-europe.com
O15 - Trusted Zone: *.vaio-link.com
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg...ol_v1-0-3-9.cab
O16 - DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} (PWMediaSendControl Class) - http://216.249.24.14...tiveXImgCtl.CAB
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg...ol_v1-0-3-0.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.h.../qdiagh.cab?325
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\windows\System32\nvsvc32.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SLPMONX - ProdEx Technologies - C:\windows\System32\slpservice.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: AT-VPN Client (VPNCLIENT) - Allied Telesyn Research - C:\Program Files\Allied Telesyn\AT-VPN Client\VPNClient.exe
O23 - Service: XtreamLok License Manager - Unknown owner - C:\windows\System32\xl.exe
  • 0

#22
feduppcuser

feduppcuser

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
Sorry... I meant to ask about Microsoft Messenger. This still autoloads when I start the PC. Could that be connected to the spyware?
  • 0

#23
Michelle

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
Run HiJackThis. Place a check next to this item and click FIX CHECKED:

O16 - DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} (PWMediaSendControl Class) - http://216.249.24.14...tiveXImgCtl.CAB

Close HiJackThis.

Your log is clean, so please do this for me:

Please download ewido security suite
  • Install ewido security suite
  • Launch ewido, there should be a big E icon on your desktop, double-click it.
  • The program will prompt you to update click the OK button
  • The program will now go to the main screen
You will need to update ewido to the latest definition files.
  • On the left hand side of the main screen click update
  • Click on Start
The update will start and a progress bar will show the updates being installed.

Once the updates are installed do the following:
  • Reboot into Safe Mode, you can do this by restarting your computer, then contiunally tapping F8 until a menu appears. Use your up arrow key to highlight Safe Mode, then hit enter. Then, run Ewido.
  • Click on scanner
  • Make sure the following boxes are checked before scanning:
    • Binder
    • Crypter
    • Archives
  • Click on Start Scan
  • Let the program scan the machine
While the scan is in progress you will be prompted to clean files, click OK

Once the scan has completed, there will be a button located on the bottom of the screen named Save report
  • Click Save report
  • Save the report to your desktop
Reboot into normal mode.

I need you to post the log from Ewido and a new HiJackThis log.
  • 0

#24
feduppcuser

feduppcuser

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
Here are the results:

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 05:46:54, 23/05/2005
+ Report-Checksum: 6626FD75

+ Date of database: 22/05/2005
+ Version of scan engine: v3.0

+ Duration: 126 min
+ Scanned Files: 156032
+ Speed: 20.52 Files/Second
+ Infected files: 2
+ Removed files: 2
+ Files put in quarantine: 2
+ Files that could not be opened: 0
+ Files that could not be cleaned: 0

+ Binder: Yes
+ Crypter: Yes
+ Archives: Yes

+ Scanned items:
C:\
D:\
E:\
F:\
G:\
H:\
I:\

+ Scan result:
C:\Documents and Settings\Chris\Cookies\[email protected][1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\WINDOWS\Downloaded Program Files\dba1865.exe -> Dialer.Generic -> Cleaned with backup


::Report End

Logfile of HijackThis v1.99.1
Scan saved at 05:51:26, on 23/05/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\csrss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\spoolsv.exe
C:\windows\System32\alg.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\windows\Explorer.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\windows\System32\nvsvc32.exe
C:\windows\System32\slpservice.exe
C:\windows\System32\xl.exe
C:\windows\System32\slpmonx.exe
C:\windows\LTSMMSG.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\HYPER\QUICKSYS.EXE
C:\HYPER\ACTIVSYS.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\INTEL\DSLSetup\ProDsl.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\QuickTime\qttask.exe
C:\windows\SM1BG.EXE
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\Sony\VAIO Action Setup\VAServ.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Palm\HOTSYNC.EXE
C:\WINDOWS\Seiko\slpcap.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\CASIO\Photo Loader\Plauto.exe
C:\Program Files\TechSmith\SnagIt 7\SnagIt32.exe
C:\Program Files\TechSmith\SnagIt 7\TSCHelp.exe
C:\windows\System32\wuauclt.exe
C:\windows\System32\wuauclt.exe
C:\Program Files\Outlook Express\msimn.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Downloads\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.co.uk
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar5.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [LTSMMSG] LTSMMSG.exe
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [HyperOS Agent] "C:\HYPER\QUICKSYS.EXE"
O4 - HKLM\..\Run: [HyperOS Active System Reporter] "C:\HYPER\ACTIVSYS.EXE"
O4 - HKLM\..\Run: [WinMove] c:\hyper\WINMOVE.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [DSL Connection Manager] C:\Program Files\INTEL\DSLSetup\ProDsl.exe
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SM1BG] C:\windows\SM1BG.EXE
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: VAIO Action Setup (Server).lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O4 - Global Startup: HotSync Manager.lnk = C:\Palm\HOTSYNC.EXE
O4 - Global Startup: SmartCapture.lnk = C:\WINDOWS\Seiko\slpcap.exe
O4 - Global Startup: Photo Loader supervisory.lnk = C:\Program Files\CASIO\Photo Loader\Plauto.exe
O4 - Global Startup: SnagIt 7.lnk = C:\Program Files\TechSmith\SnagIt 7\SnagIt32.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar5.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar5.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar5.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar5.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar5.dll/cmtrans.html
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll (file missing)
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O14 - IERESET.INF: START_PAGE_URL=http://www.club-vaio.sony-europe.com
O15 - Trusted Zone: *.sony-europe.com
O15 - Trusted Zone: *.sonystyle-europe.com
O15 - Trusted Zone: *.vaio-link.com
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg...ol_v1-0-3-9.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg...ol_v1-0-3-0.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.h.../qdiagh.cab?325
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\windows\System32\nvsvc32.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SLPMONX - ProdEx Technologies - C:\windows\System32\slpservice.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: AT-VPN Client (VPNCLIENT) - Allied Telesyn Research - C:\Program Files\Allied Telesyn\AT-VPN Client\VPNClient.exe
O23 - Service: XtreamLok License Manager - Unknown owner - C:\windows\System32\xl.exe
  • 0

#25
Michelle

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
Your log looks fine. Are you having any other problems?

Did you disable Windows Messenger with msconfig or anything? I see it in running processes, but I do not see it on startup.

Do this for me:

Go to Start > All Programs > Online Services

Then click on "Windows Messenger". Go up to "Tools", click on "Options", then click on the "Preferences" tab. Make sure there is NO checkmark next to "Run Windows Messenger when Windows starts".

Edited by bananafanafo, 22 May 2005 - 11:22 PM.

  • 0

Advertisements


#26
feduppcuser

feduppcuser

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
I don't see messenger under Online Services, but it does apear on it's own. The Run on Windows startup is un-checked.

I'm not seeing anthing that would suggest any malware is still running :tazz: .

If you've never heard of MSN being used as part of any malware I guess I'll just leave it be.
  • 0

#27
Michelle

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
Your log is clean!

Congratulations your log is clean! Great job on the clean up :tazz:

I recommend checking the http://www.microsoft.com website periodically for critical updates to install.

Here are some tips, to reduce the potential for spyware infection in the future, I strongly recommend installing the following applications:

Ewido Security Suite <= Protection against Trojans, Worms, Dialers, Hijackers, Spyware, and Keyloggers.

Detect and Remove Programs:
  • How to use Ad-Aware to remove Spyware <= If you suspect that you have spyware installed on your computer, here are instructions on how to download, install and then use Ad-Aware.
  • How to use Spybot to remove Spyware <= If you suspect that you have spyware installed on your computer, here are instructions on how to download, install and then use Spybot. Similar to Ad-Aware, I strongly recommend both to catch most spyware.
Prevention Programs:
  • Spywareblaster <= SpywareBlaster will prevent spyware from being installed.
  • Spywareguard <= SpywareGuard offers realtime protection from spyware installation attempts.
  • MVPS Hosts file <= The MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer
  • Google Toolbar <= Get the free google toolbar to help stop pop up windows.
Other necessary Programs:
  • 0

#28
feduppcuser

feduppcuser

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
Many thanks for the help, it's a great relief to have a clean PC again. I bought Spyware Doctor because it claimed to clean up the malware I had. It didn't, but it is on 30 days trial. Do you think my money would be better spent on Ewido?

I have a Allied Telesyn AT-AR250E ADSL Router which has a built in firewall. I didn't configure this, do you think the infection I got indicates the firewall isn't configured correctly?

Once again many thanks, I will certainly make a PayPal contribution as you have saved me hours.
  • 0

#29
Michelle

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts

Many thanks for the help, it's a great relief to have a clean PC again. I bought Spyware Doctor because it claimed to clean up the malware I had. It didn't, but it is on 30 days trial. Do you think my money would be better spent on Ewido?

You're very welcome!! You don't even need to buy Ewido (but you can if you want!) It has a 2 week "plus version" trial, then goes to the freeware version, which means there will be no 'real-time' protection, but you can run Ewido as much as you want to check your system. All of the programs I have in my previous post are free and work well, these are the ones I recommend installing.

I have a Allied Telesyn AT-AR250E ADSL Router which has a built in firewall. I didn't configure this, do you think the infection I got indicates the firewall isn't configured correctly?

No, I'm sure it's configured correctly, but unfortunately firewalls are not perfect just as any other protection program available. It's impossible for one program to detect all malware. You just need various programs in edition to the firewall to protect your computer. :tazz:

Once again many thanks, I will certainly make a PayPal contribution as you have saved me hours.

Thank you very much! That's very sweet of you to do!
  • 0

#30
Michelle

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
Also, now that your system is clean, I recommend installing XP Service Pack 2 which has great security features. Go to http://www.microsoft.com and click on "Windows Update" on the left-hand side, then click on "Express Install" to download the latest security updates.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP