Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Quick Navigate[RESOLVED]


  • This topic is locked This topic is locked

#1
liamforester

liamforester

    New Member

  • Member
  • Pip
  • 2 posts
If anyone can give me any help with this Quick Navigate thing it would be reall, REALLY appreciated. I've seen someone else post the problem before but since each case is different, their instructions didn'y work for me.
This is my first time posting and I'm not sure what info I need to post but if its just a hijack this log then:

Logfile of HijackThis v1.99.1
Scan saved at 20:06:42, on 15/05/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\spoolsv.exe
F:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
F:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
F:\WINDOWS\System32\nvsvc32.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\Explorer.EXE
F:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
F:\WINDOWS\System32\UAService7.exe
F:\WINDOWS\System32\MsPMSPSv.exe
F:\PROGRA~1\Grisoft\AVG7\avgemc.exe
F:\Program Files\iTunes\iTunesHelper.exe
F:\Program Files\QuickTime\qttask.exe
F:\Program Files\OpiStat\OpiStat\OpiStat.exe
F:\WINDOWS\System32\ctfmon.exe
F:\Program Files\iPod\bin\iPodService.exe
F:\Program Files\ONSPEED\onspeed.exe
F:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
F:\Program Files\Internet\ICC\ICC2000.exe
F:\Program Files\Microsoft Office\Office\WINWORD.EXE
F:\Program Files\Internet Explorer\iexplore.exe
F:\Program Files\Internet Explorer\iexplore.exe
F:\WINDOWS\System32\MDM.EXE
F:\Program Files\WinAce\WinAce.exe
F:\Documents and Settings\Liam\Local Settings\Temp\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.imdb.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://home.iol.ie
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://qfind.net/bar/index.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.iol.ie
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5400
F2 - REG:system.ini: Shell=Explorer.exe, msmsgs.exe
F2 - REG:system.ini: UserInit=F:\WINDOWS\System32\Userinit.exe
O2 - BHO: (no name) - {FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFF} - F:\WINDOWS\System32\hp8CEA.tmp
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - F:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [AdaptecDirectCD] F:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE F:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [updater] F:\Program Files\Common files\Updater\wupdater.exe
O4 - HKLM\..\Run: [ICQ Lite] F:\Program Files\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\Run: [AVG7_CC] F:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] F:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O4 - HKLM\..\Run: [AVG7_RegCleaner] F:\PROGRA~1\Grisoft\AVG7\avgregcl.exe /BOOT
O4 - HKLM\..\Run: [NeroCheck] F:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] F:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "F:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MSN Messenger] F:\WINDOWS\System32\msmsgs.exe
O4 - HKLM\..\Run: [OpiStat] F:\Program Files\OpiStat\OpiStat\OpiStat.exe
O4 - HKCU\..\Run: [CTFMON.EXE] F:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "F:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [WindowsFY] c:\wp.exe
O4 - HKCU\..\RunOnce: [ICQ Lite] F:\Program Files\ICQLite\ICQLite.exe -trayboot
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: GStartup.lnk = F:\Program Files\Common Files\GMT\GMT.exe
O4 - Global Startup: Microsoft Office.lnk = F:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: ONSPEED.lnk = F:\Program Files\ONSPEED\onspeed.exe
O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = F:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
O4 - Global Startup: updater.lnk = F:\Program Files\Common Files\updater\wupdater.exe
O8 - Extra context menu item: Show All Original Images - res://F:\Program Files\ONSPEED\onspeed.exe/250
O8 - Extra context menu item: Show Original Image - res://F:\Program Files\ONSPEED\onspeed.exe/227
O9 - Extra button: Microsoft AntiSpyware helper - {27929461-615C-4B37-B8AA-9E4A1F5F11D1} - F:\WINDOWS\System32\wldr.dll (file missing)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {27929461-615C-4B37-B8AA-9E4A1F5F11D1} - F:\WINDOWS\System32\wldr.dll (file missing)
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - F:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - F:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: Microsoft AntiSpyware helper - {27929461-615C-4B37-B8AA-9E4A1F5F11D1} - F:\WINDOWS\System32\wldr.dll (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {27929461-615C-4B37-B8AA-9E4A1F5F11D1} - F:\WINDOWS\System32\wldr.dll (file missing) (HKCU)
O9 - Extra button: Mail - {ECBF83C0-362A-463C-B066-6DB75EBBE90E} - C:\Program Files\Outlook Express\msimn.exe (file missing) (HKCU)
O12 - Plugin for .spop: F:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://home.iol.ie
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.c...s/yinst0401.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {FF3F0F03-0F01-131A-A3F9-08F02B23E0CC} - http://66.117.37.13/dba1865.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{C1AB6BF1-94A9-4F78-BF37-D7C3D0FF9C7E}: NameServer = 195.218.116.2 194.46.8.57
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - F:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - F:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - F:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - F:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - F:\WINDOWS\System32\UAService7.exe

If anyone can shed some light on the problem it would be really welcome!
Thanks in advance! :tazz:
Liam
  • 0

Advertisements


#2
Crustyoldbloke

Crustyoldbloke

    Old Malware Surgeon with a shaky scalpel

  • Retired Staff
  • 15,130 posts
Hello Liam and welcome to Geeks to Go.

Before we get underway, you may wish to print these instructions for easy reference during the fix, although please be aware that many of the required URLs are hyperlinks in the red names shown on your screen. Part of the fix will require you to be in Safe Mode, which may not allow you to access the Internet, or my instructions!

You have a mixture of Trojans and malware that needs to be dealt with. Now if you are ready, let’s get fixing!

I just want to check a couple of points with you. Please ensure you have administrator rights on this PC (User Accounts in the Control Panel will confirm this), and that this is a single identity PC, if not please inform me in your next reply.

You are running HijackThis from Temporary Files; please create a new folder for it (for example C:\Program Files\Hijackthis\Hijackthis.exe) and move the programme into it. It is very important you do this before anything else!

To start please download the following programmes, we will run it/them later. Please save it/them to a place that you will remember, I suggest the Desktop:

CCleaner
Ewido Security Suite
Hoster

Install Ewido Security Suite (it is a 14-day trial version of the programme).
  • Launch ewido, there should be an icon on your desktop double-click it.
  • The programme will prompt you to update click the OK button
  • The programme will now go to the main screen
You will need to update ewido to the latest definition files.
  • On the left hand side of the main screen click update
  • Click on Start
The update will start and a progress bar will show the updates being installed.
Once the updates are installed do the following:
  • Click on scanner
  • Make sure the following boxes are checked before scanning:
    • Binder
    • Crypter
    • Archives
  • Click on Start Scan
  • Let the programme scan the machine
While the scan is in progress you will be prompted to clean files, click OK

Once the scan has completed, there will be a button located on the bottom of the screen named Save report
  • Click Save report
  • Save the report to your desktop and include it in your reply.
Please run Hoster (just double click it to open). Choose the Restore Original Hosts button and press OK.

Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.imdb.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://home.iol.ie
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://qfind.net/bar/index.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.iol.ie
F2 - REG:system.ini: Shell=Explorer.exe, msmsgs.exe
F2 - REG:system.ini: UserInit=F:\WINDOWS\System32\Userinit.exe
O2 - BHO: (no name) - {FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFF} - F:\WINDOWS\System32\hp8CEA.tmp
O4 - HKLM\..\Run: [updater] F:\Program Files\Common files\Updater\wupdater.exe
O4 - HKCU\..\Run: [WindowsFY] c:\wp.exe
O4 - Global Startup: GStartup.lnk = F:\Program Files\Common Files\GMT\GMT.exe
O4 - Global Startup: updater.lnk = F:\Program Files\Common Files\updater\wupdater.exe
O9 - Extra button: Microsoft AntiSpyware helper - {27929461-615C-4B37-B8AA-9E4A1F5F11D1} - F:\WINDOWS\System32\wldr.dll (file missing)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {27929461-615C-4B37-B8AA-9E4A1F5F11D1} - F:\WINDOWS\System32\wldr.dll (file missing)
O9 - Extra button: Microsoft AntiSpyware helper - {27929461-615C-4B37-B8AA-9E4A1F5F11D1} - F:\WINDOWS\System32\wldr.dll (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {27929461-615C-4B37-B8AA-9E4A1F5F11D1} - F:\WINDOWS\System32\wldr.dll (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://home.iol.ie
O16 - DPF: {FF3F0F03-0F01-131A-A3F9-08F02B23E0CC} - http://66.117.37.13/dba1865.exe

Now close all windows other than HiJackThis, then click Fix Checked. Please now reboot into safe mode. Here's how:

Restart your computer and as soon as it starts booting up again continuously tap the F8 key. A menu should appear where you will be given the option to enter Safe Mode.

Please remove these entries from Add/Remove Programs in the Control Panel (if present):(click Start>Settings>Control Panel)

Elite Toolbar

Please notify me of any other programmes that you don’t recognise in that list in your next response

Please set your system to show all files; please see here if you're unsure how to do this.

Please delete these folders (if present) using Windows Explorer:

F:\Program Files\Common files\Updater\
F:\Program Files\Common Files\GMT\

Please delete these files (if present) using Windows Explorer:

F:\WINDOWS\System32\hp8CEA.tmp
F:\WINDOWS\System32\wldr.dll
c:\wp.exe
dba1865.exe use search function to locate and delete this one

Close Windows Explorer and Reboot normally.

Now we must hide the files we revealed earlier by reversing the process, this is an important safeguard to stop important system files being deleted by accident.

There is almost certainly bound to be some junk (leftover bits and pieces) on your system that is doing nothing but taking up space. I would recommend that you run CCleaner. Install it, update it, check the default setting in the left-hand pane, Analyze, Run Cleaner. You may be fairly surprised by how much it finds.

Post back a fresh HijackThis log and also an Uninstall Log:

Open HijackThis, click Config, click Misc Tools
Click "Open Uninstall Manager"
Click Save List (generates uninstall_list.txt)
Click Save, copy and paste the results in your next post.

and I will take another look.
  • 0

#3
liamforester

liamforester

    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts
Thanks for the help!!
I've followed all of the instructions and here is logs:
AGAIN THANKS!!

Logfile of HijackThis v1.99.1
Scan saved at 18:03:21, on 19/05/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\Explorer.EXE
F:\WINDOWS\system32\spoolsv.exe
F:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
F:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
F:\Program Files\ewido\security suite\ewidoctrl.exe
F:\Program Files\ewido\security suite\ewidoguard.exe
F:\WINDOWS\System32\nvsvc32.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\System32\UAService7.exe
F:\WINDOWS\System32\MsPMSPSv.exe
F:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
F:\PROGRA~1\Grisoft\AVG7\avgemc.exe
F:\Program Files\iTunes\iTunesHelper.exe
F:\Program Files\QuickTime\qttask.exe
F:\Program Files\OpiStat\OpiStat\OpiStat.exe
F:\WINDOWS\System32\ctfmon.exe
F:\Program Files\ONSPEED\onspeed.exe
F:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
F:\Program Files\iPod\bin\iPodService.exe
F:\Program Files\Windows Media Player\wmplayer.exe
F:\WINDOWS\System32\MDM.EXE
F:\Program Files\Internet\ICC\ICC2000.exe
F:\Program Files\Internet Explorer\iexplore.exe
F:\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5400
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - F:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [AdaptecDirectCD] F:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE F:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ICQ Lite] F:\Program Files\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\Run: [AVG7_CC] F:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] F:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O4 - HKLM\..\Run: [AVG7_RegCleaner] F:\PROGRA~1\Grisoft\AVG7\avgregcl.exe /BOOT
O4 - HKLM\..\Run: [NeroCheck] F:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] F:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "F:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MSN Messenger] F:\WINDOWS\System32\msmsgs.exe
O4 - HKLM\..\Run: [OpiStat] F:\Program Files\OpiStat\OpiStat\OpiStat.exe
O4 - HKCU\..\Run: [CTFMON.EXE] F:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "F:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\RunOnce: [ICQ Lite] F:\Program Files\ICQLite\ICQLite.exe -trayboot
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: Microsoft Office.lnk = F:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: ONSPEED.lnk = F:\Program Files\ONSPEED\onspeed.exe
O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = F:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
O8 - Extra context menu item: Show All Original Images - res://F:\Program Files\ONSPEED\onspeed.exe/250
O8 - Extra context menu item: Show Original Image - res://F:\Program Files\ONSPEED\onspeed.exe/227
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - F:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - F:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: Mail - {ECBF83C0-362A-463C-B066-6DB75EBBE90E} - C:\Program Files\Outlook Express\msimn.exe (file missing) (HKCU)
O12 - Plugin for .spop: F:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.c...s/yinst0401.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C1AB6BF1-94A9-4F78-BF37-D7C3D0FF9C7E}: NameServer = 195.218.116.2 194.46.8.57
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - F:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - F:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - F:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - F:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - F:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - F:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - F:\WINDOWS\System32\UAService7.exe

AND THE UNINSTALL LOG:


Ad-aware 6 Personal
Adobe Acrobat 4.0, 5.0
Advanced Networking Pack for Windows XP
Ahead Nero Burning ROM
Aliens vs. Predator 2
AVG Anti-Virus 7.0
Battlefield Vietnam™
Black and White
Call of Duty
CCleaner (remove only)
Championship Manager 01-02
Championship Manager 5
Championship Manager 99-00
Civilization III
Civilization III Play the World
CM4
Delta Force - Black Hawk Down
Easy CD Creator 5 Basic
Enhanced MediaLoads
ewido security suite
Far Cry
GameShadow
GameSpy Arcade
Half-Life
HijackThis 1.99.1
IBasic
ICQ Lite
iMesh
Internet Explorer Q831167
iPod Update 2004-04-28
iTunes
Kazaa Media Desktop 2.0
Kurt Cobain Wallpaper
Learn 2 Play Blues
Learn 2 Play Complete Guitar Chords
Learn 2 Play Indie
Line of Sight - Vietnam
Macromedia Shockwave Player
Max Payne 2
MAX-FX Tools
MediaLoads
Medieval Total War
Microsoft Age of Empires
Microsoft Age of Empires II
Microsoft Office 2000 Professional
MSN Messenger 6.1
Network Play System (Patching)
NVIDIA Display Driver
NVIDIA Windows 2000/XP Display Drivers
ONSPEED
Operation Flashpoint uninstall
OpiStat
Outlook Express Q837009
PC Cat
PC Pup
PC-Linq
PGate Basic
Philips Digital Media Manager
PunkBuster for Battlefield Vietnam
QualifaX 2002
QualifaX 3.01
QuickTime
Sabrina 2
Serious Sam: The Second Encounter
Sierra Utilities
SpySpotter
Spyware Vanisher FS
The Sims 2
Unreal Tournament
UTVip XL
WinAce Archiver 2.0
Windows Media Format Runtime
Windows Media Player 10
Windows Media Player Hotfix [See Q828026 for more information]
Windows XP Hotfix - KB820291
Windows XP Hotfix - KB821253
Windows XP Hotfix - KB822603
Windows XP Hotfix - KB823182
Windows XP Hotfix - KB824141
Windows XP Hotfix - KB825119
Windows XP Hotfix - KB826939
Windows XP Hotfix - KB826942
Windows XP Hotfix - KB828035
Windows XP Hotfix - KB828741
Windows XP Hotfix - KB835732
Windows XP Hotfix - KB837001
Windows XP Hotfix (SP2) Q322011
Windows XP Hotfix (SP2) Q327979
Windows XP Hotfix (SP2) Q814995
WONswap
Worms World Party
Yahoo! Address AutoComplete
Yahoo! Internet Mail


Hope this helps!

Edited by liamforester, 19 May 2005 - 11:06 AM.

  • 0

#4
Crustyoldbloke

Crustyoldbloke

    Old Malware Surgeon with a shaky scalpel

  • Retired Staff
  • 15,130 posts
Hello again Liam

Congratulations! your new log is clean. :tazz: Just a little bit more to do to prevent further infection.

MOST IMPORTANT: You should update Windows and Internet Explorer to get all the Latest Security Patches to protect your computer from the malware that is around on the internet.

I recommend going to the following link and update as recommended by Microsoft. This adds more security and extra features including a pop-up blocker for Internet Explorer. Microsoft Update

Now that everything is fixed, I suggest that you consider getting these programmes to help keep the computer clean:

SPYWARE BLASTER - Blocks bad ActiveX items from installing on your computer.
AD-AWARE PERSONAL – A fine free malware detector and removal programme
SPYBOT S&D – Excellent free spyware detector and removal programme
GOOGLE TOOLBAR - Blocks many unwanted pop-ups in Internet Explorer.
FIREFOX - Safer alternative to the Internet Explorer web browser.
AVG ANTIVIRUS - Free antivirus programme if you currently are not using one.
ZONEALARM - Free firewall programme if you currently are not using one.

Remember to update these frequently.

Please note that whilst there is nothing wrong in having more than one spyware detector/prevention programmes for “on demand” scanning, having two or more antivirus systems is not recommended as they may well interfere with each other.

You may also want to read "How did I get infected in the first place" to learn how to better secure your computer.

Be sure to keep Windows and your Anti-Virus updated. ;)
  • 0

#5
Crustyoldbloke

Crustyoldbloke

    Old Malware Surgeon with a shaky scalpel

  • Retired Staff
  • 15,130 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :tazz:

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP