I just recently switched from dial-up to cable, and was sort of amazed by how badly my computer was attacked in such a short period of time. Obviously, my protection was not up to date!
I've run Norton, McAffee, Panda AVG, and the Housecall AVP's. As of the last scan (this morning), my system is clean of viruses.
I've repaired many items that initially showed up on my HiJack scans, using the instructions on their site.
The Cleaner shows no trojans, Ad Ware and CWShredder show clean. Spybot S & D removed a couple of things this morning, and I just ran Ewido, which seems to have found a lot of items overlooked by everything else.
ZoneAlarm Security Suite has repeatedly found and treated (without apparent lasting effects) Win32.LospadC. It found, and reported it couldn't treat or remove Win32.Clspring!generic.
The only problems I've been having are an intermittent pop-up balloon saying "your system may be at risk, click here...etc", and an occasional browser re-direct when using IE. I'm not sure yet if Ewido's cleaning has eliminated those problems.
I have an un-updated version of IE 6.0. I know I need the updates, but wanted to be sure my system was clean first, as per your advice. I've downloaded Firefox and am using that primarily, and will continue to do so, but there are a few sites I need to access (my son's school program, for example) that will only work with IE.
So.....I think I've done as much as I can on my own. I need some expert advice with my HiJack log, so that I can get the necessary updates for IE.
Thank you so much.
-----------copy/paste follows-----------------
Logfile of HijackThis v1.99.1
Scan saved at 11:43:04 AM, on 7/10/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\Nhksrv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\ZoneLabs\isafe.exe
C:\Program Files\Utilities\Ewido Security Suite\security suite\ewidoctrl.exe
C:\Program Files\Utilities\Ewido Security Suite\security suite\ewidoguard.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Internet\ZoneAlarm\zlclient.exe
C:\WINDOWS\System32\ZoneLabs\vsmon.exe
C:\Program Files\Utilities\Ewido Security Suite\security suite\SecuritySuite.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\Carla\Local Settings\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\UTILIT~1\Spybot\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1120408150295
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcaf...524/mcfscan.cab
O21 - SSODL: Internet Explorer - {F28A40D7-AD0E-034A-C651-5F0ED76232E6} - (no file)
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\System32\ZoneLabs\isafe.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\Utilities\Ewido Security Suite\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\Utilities\Ewido Security Suite\security suite\ewidoguard.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: stchost.exe (moto) - Unknown owner - C:\WINDOWS\stchost.exe (file missing)
O23 - Service: Netropa NHK Server (Nhksrv) - Unknown owner - C:\WINDOWS\Nhksrv.exe
Edited by notgeekyenough, 10 July 2005 - 01:11 PM.