Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Desktop Hijacked! [RESOLVED]


  • This topic is locked This topic is locked

#16
Buckeye_Sam

Buckeye_Sam

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 10,019 posts
Ok, let's try this.


Please reboot your computer in SafeMode by doing the following:
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
  • Instead of Windows loading as normal, a menu should appear
  • Select the first option, to run Windows in Safe Mode.
* if you have trouble getting into Safe mode go here for more info.



Once in Safe mode, follow these steps:
  • Navigate to the smitRem folder, then double click the RunThis.bat file to start the tool. [list]
  • Follow the prompts on screen.
  • Wait for the tool to complete and disk cleanup to finish.
  • The tool will create a log named smitfiles.txt in the root of your drive, eg; Local Disk C: or partition where your operating system is installed. Please post that log along with all others requested in your next reply.

Let me know if you have problems.
  • 0

Advertisements


#17
ChrisOD94

ChrisOD94

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
This is what came up...since I ran this, I no longer even have wallpaper on my desktop...just a blue screen.

However, I still can get to task manager........



smitRem log file
version 2.3

by noahdfear

The current date is: Wed 08/31/2005
The current time is: 15:15:23.87

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

ShudderLTD key present! Running LTDFix!

ShudderLTD key was successfully removed! :tazz:


Pre-run Files Present


~~~ Program Files ~~~



~~~ Shortcuts ~~~



~~~ Favorites ~~~



~~~ system32 folder ~~~

msmsgs.exe
ole32vbs.exe
msole32.exe
logfiles


~~~ Icons in System32 ~~~



~~~ Windows directory ~~~

desktop.html


~~~ Drive root ~~~

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Post-run Files Present


~~~ Program Files ~~~



~~~ Shortcuts ~~~



~~~ Favorites ~~~



~~~ system32 folder ~~~



~~~ Icons in System32 ~~~



~~~ Windows directory ~~~



~~~ Drive root ~~~



~~~ Wininet.dll ~~~

CLEAN! :)
  • 0

#18
Buckeye_Sam

Buckeye_Sam

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 10,019 posts
That's a positive step.
Can you post a new hijackthis log?
  • 0

#19
ChrisOD94

ChrisOD94

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
Logfile of HijackThis v1.99.1
Scan saved at 9:18:59 AM, on 9/2/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\wanmpsvc.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\System32\taskmgr.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Jaime\Local Settings\Temporary Internet Files\Content.IE5\HNZF1XOE\HijackThis[1].exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://s-redirect.com/?a=2&b=n-ex
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://s-redirect.com/?a=2&b=n-ex
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://s-redirect.com/?a=2&b=n-ex
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,SearchURL = http://s-redirect.com/?a=2&b=n-ex
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,SearchURL = http://s-redirect.com/?a=2&b=n-ex
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: (no name) - {00D6A7E7-4A97-456f-848A-3B75BF7554D7} - (no file)
F2 - REG:system.ini: Shell=
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [MCAgentExe] C:\Program Files\McAfee.com\Agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [VirusScan Online] c:\program files\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [hpfsched] C:\WINDOWS\hpfsched.exe
O4 - HKLM\..\Run: [WindUpdates] C:\Program Files\WindUpdates\WinUpdt.exe
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [KAZAA] C:\Program Files\Kazaa\kazaa.exe /SYSTRAY
O4 - HKLM\..\Run: [SPsysy] C:\WINDOWS\SPsysy.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Windows SA] C:\Program Files\WindowsSA\omniscient.exe
O4 - HKLM\..\Run: [Media Access] C:\PROGRA~1\MEDIAA~1\MediaAccK.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [sp2fwxp] C:\WINDOWS\System32\sp2fwxp.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpywareGuardPlus] C:\WINDOWS\system32\winmm64.exe
O4 - HKCU\..\Run: [SPsysy] C:\WINDOWS\SPsysy.exe
O4 - HKCU\..\Run: [nt32] C:\WINDOWS\system32\nt32.exe
O4 - HKCU\..\Run: [64or3232sy] C:\WINDOWS\64or3232sy.exe
O4 - HKCU\..\Run: [32PEPEorsy] C:\WINDOWS\32PEPEorsy.exe
O4 - HKCU\..\Run: [nts-hh64PE] C:\WINDOWS\system32\nts-hh64PE.exe
O4 - HKCU\..\Run: [32ms] C:\WINDOWS\system32\32ms.exe
O4 - HKCU\..\Run: [s-msSP] C:\WINDOWS\system32\s-msSP.exe
O4 - HKCU\..\Run: [hhors-] C:\WINDOWS\system32\hhors-.exe
O4 - HKCU\..\Run: [32nthhsy] C:\WINDOWS\system32\32nthhsy.exe
O4 - HKCU\..\Run: [ms64SP] C:\WINDOWS\ms64SP.exe
O4 - HKCU\..\Run: [32SPor] C:\WINDOWS\32SPor.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - Startup: Ovulation Calendar.lnk = C:\Program Files\Ovulation Calendar\OVUCAL.EXE
O4 - Global Startup: America Online 8.0 Tray Icon.lnk = C:\Program Files\America Online 8.0a\aoltray.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Verizon Online Support Center.lnk = C:\Program Files\Verizon Online\bin\matcli.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com...kup/qdiagcc.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1124630171234
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1124630143843
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterf...ds/Uploader.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1....loadManager.ocx
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/...ro.cab34246.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/...aploader_v6.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.h.../qdiagh.cab?326
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Mcafee.com Corporation - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
  • 0

#20
Buckeye_Sam

Buckeye_Sam

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 10,019 posts
First we need to get Hijackthis moved into a permanent folder on your computer. Create a folder here - C:\hijackthis
Now copy and paste hijackthis.exe into that folder, or just download it again and save it there.


Now follow these steps as well as you can.

Please make sure that you can VIEW ALL HIDDEN FILES.

Run Hijackthis again, click scan, and Put a checkmark next to each of these. Then close all other windows--you should only see HijackThis on your Desktop--and click the Fix Checked button.

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://s-redirect.com/?a=2&b=n-ex
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://s-redirect.com/?a=2&b=n-ex
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://s-redirect.com/?a=2&b=n-ex
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,SearchURL = http://s-redirect.com/?a=2&b=n-ex
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,SearchURL = http://s-redirect.com/?a=2&b=n-ex
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R3 - URLSearchHook: (no name) - {00D6A7E7-4A97-456f-848A-3B75BF7554D7} - (no file)
F2 - REG:system.ini: Shell=
O4 - HKLM\..\Run: [WindUpdates] C:\Program Files\WindUpdates\WinUpdt.exe
O4 - HKLM\..\Run: [SPsysy] C:\WINDOWS\SPsysy.exe
O4 - HKLM\..\Run: [Windows SA] C:\Program Files\WindowsSA\omniscient.exe
O4 - HKLM\..\Run: [Media Access] C:\PROGRA~1\MEDIAA~1\MediaAccK.exe
O4 - HKLM\..\Run: [sp2fwxp] C:\WINDOWS\System32\sp2fwxp.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [SpywareGuardPlus] C:\WINDOWS\system32\winmm64.exe
O4 - HKCU\..\Run: [SPsysy] C:\WINDOWS\SPsysy.exe
O4 - HKCU\..\Run: [nt32] C:\WINDOWS\system32\nt32.exe
O4 - HKCU\..\Run: [64or3232sy] C:\WINDOWS\64or3232sy.exe
O4 - HKCU\..\Run: [32PEPEorsy] C:\WINDOWS\32PEPEorsy.exe
O4 - HKCU\..\Run: [nts-hh64PE] C:\WINDOWS\system32\nts-hh64PE.exe
O4 - HKCU\..\Run: [32ms] C:\WINDOWS\system32\32ms.exe
O4 - HKCU\..\Run: [s-msSP] C:\WINDOWS\system32\s-msSP.exe
O4 - HKCU\..\Run: [hhors-] C:\WINDOWS\system32\hhors-.exe
O4 - HKCU\..\Run: [32nthhsy] C:\WINDOWS\system32\32nthhsy.exe
O4 - HKCU\..\Run: [ms64SP] C:\WINDOWS\ms64SP.exe
O4 - HKCU\..\Run: [32SPor] C:\WINDOWS\32SPor.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -




Please reboot your computer in SafeMode by doing the following:
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
  • Instead of Windows loading as normal, a menu should appear
  • Select the first option, to run Windows in Safe Mode.
* if you have trouble getting into Safe mode go here for more info.




Once in Safe mode, delete these files or directories (Do not be concerned if they do not exist):

C:\Program Files\WindUpdates <-- delete this folder
C:\Program Files\WindowsSA <-- delete this folder
C:\Program Files\MEDIAA~1 <-- delete this folder
C:\WINDOWS\System32\sp2fwxp.exe
C:\WINDOWS\system32\winmm64.exe
C:\WINDOWS\system32\nt32.exe
C:\WINDOWS\system32\nts-hh64PE.exe
C:\WINDOWS\system32\32ms.exe
C:\WINDOWS\system32\s-msSP.exe
C:\WINDOWS\system32\hhors-.exe
C:\WINDOWS\system32\32nthhsy.exe
C:\WINDOWS\ms64SP.exe
C:\WINDOWS\32SPor.exe
C:\WINDOWS\64or3232sy.exe
C:\WINDOWS\32PEPEorsy.exe
C:\WINDOWS\SPsysy.exe



Delete your temp files
  • Navigate to the C:\Windows\Temp folder.
    • Open the Temp folder
    • Select Edit -> Select All
    • Select Edit -> Delete(or press the delete button on your keyboard) to delete the entire contents of the Temp folder.
  • Navigate to the C:\Windows\Prefetch folder.
    • Open the Prefetch folder
    • Select Edit -> Select All
    • Select Edit -> Delete(or press the delete button on your keyboard) to delete the entire contents of the Temp folder.
  • Click Start -> Run and type %temp% in the Run box.
    • Select Edit -> Select All
    • Select Edit -> Delete(or press the delete button on your keyboard) to delete the entire contents of the Temp folder.
  • Click Start -> Control Panel -> Internet Options.
    • Select the General tab
    • Under "Temporary Internet Files" Click "Delete Files".
    • Put a check by "Delete Offline Content" and click OK.
    • Click on the Programs tab then click the "Reset Web Settings" button.
    • Click Apply then OK.
  • Empty the Recycle Bin.


Reboot your computer and post a new hijackthis log.
  • 0

#21
ChrisOD94

ChrisOD94

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
:tazz: It looks like everything is back in working order...here is the posting that you requested. I'm very impressed with your knowledgeability...THANKS!!!!!


Logfile of HijackThis v1.99.1
Scan saved at 4:39:56 PM, on 9/4/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\cisvc.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\wanmpsvc.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\program files\mcafee.com\vso\mcvsshld.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\System32\P2P Networking\P2P Networking.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\America Online 8.0a\aoltray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Ovulation Calendar\OVUCAL.EXE
C:\Program Files\Verizon Online\bin\mpbtn.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Documents and Settings\Jaime\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [MCAgentExe] C:\Program Files\McAfee.com\Agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [VirusScan Online] c:\program files\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [hpfsched] C:\WINDOWS\hpfsched.exe
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [KAZAA] C:\Program Files\Kazaa\kazaa.exe /SYSTRAY
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - Startup: Ovulation Calendar.lnk = C:\Program Files\Ovulation Calendar\OVUCAL.EXE
O4 - Global Startup: America Online 8.0 Tray Icon.lnk = C:\Program Files\America Online 8.0a\aoltray.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Verizon Online Support Center.lnk = C:\Program Files\Verizon Online\bin\matcli.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com...kup/qdiagcc.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1124630171234
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1124630143843
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterf...ds/Uploader.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1....loadManager.ocx
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/...ro.cab34246.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/...aploader_v6.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.h.../qdiagh.cab?326
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Mcafee.com Corporation - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
  • 0

#22
Buckeye_Sam

Buckeye_Sam

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 10,019 posts
That's great to hear! :tazz:
But we're not quite done yet.

Please run Panda Online Virus Scan
  • Make sure it is set to clean automatically.
  • There may be files that this scan will not remove.
  • Please include that information in your next post.

Reboot and post a new hijackthis log and the info from your virus scan.
  • 0

#23
ChrisOD94

ChrisOD94

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
I tried to run the free scan, but both times I did, it seems that it was too much for the system. I got a blue screen each time....is there anything else I can do to avoid this?
  • 0

#24
Buckeye_Sam

Buckeye_Sam

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 10,019 posts
Let's try this instead.

Please download the trial version ofWebRoot SpySweeper
  • Click the Free Trial link under to "SpySweeper" to download the program.
  • Install it.
  • Once the program is installed, it will open.
  • It will prompt you to update to the latest definitions, click Yes.
  • Once the definitions are installed, click Sweep Now on the left side.
  • Click the Start button.
  • When it's done scanning, click the Next button.
  • Make sure everything has a check next to it, then click the Next button.
  • It will remove all of the items found.
  • Click Session Log in the upper right corner, copy everything in that window.
  • Click the Summary tab and click Finish.
  • Paste the contents of the session log you copied into your next reply.

  • 0

#25
ChrisOD94

ChrisOD94

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
6:03 PM: |··· Start of Session, Wednesday, September 07, 2005 ···|
6:03 PM: Spy Sweeper started
6:03 PM: Sweep initiated using definitions version 530
6:03 PM: Starting Memory Sweep
6:04 PM: Found Adware: topsearch
6:04 PM: Detected running threat: C:\Program Files\Kazaa\TopSearch.dll (ID = 79735)
6:06 PM: Memory Sweep Complete, Elapsed Time: 00:02:28
6:06 PM: Starting Registry Sweep
6:06 PM: Found Adware: altnet
6:06 PM: HKCR\adm.adm.1\ (3 subtraces) (ID = 103441)
6:06 PM: HKCR\adm.adm\ (5 subtraces) (ID = 103442)
6:06 PM: HKCR\appid\adm.exe\ (1 subtraces) (ID = 103448)
6:06 PM: HKCR\appid\altnet signing module.exe\ (1 subtraces) (ID = 103449)
6:06 PM: HKCR\appid\{8b0fef15-54dc-49f5-8377-8172de975f75}\ (1 subtraces) (ID = 103453)
6:06 PM: HKCR\appid\{99a8e2b2-3405-4c0d-9110-131c14caaf62}\ (1 subtraces) (ID = 103454)
6:06 PM: HKCR\clsid\{9bbcf06c-dcd7-495d-80df-cdd5399d0ff8}\ (11 subtraces) (ID = 103461)
6:06 PM: HKCR\clsid\{c15b7ea2-a360-43e8-a591-5faedc7c4e1d}\ (24 subtraces) (ID = 103466)
6:06 PM: HKCR\signingmodule.signingmodule.1\ (3 subtraces) (ID = 103476)
6:06 PM: HKCR\signingmodule.signingmodule\ (5 subtraces) (ID = 103478)
6:06 PM: HKLM\software\altnet\ (1 subtraces) (ID = 103481)
6:06 PM: HKLM\software\classes\adm.adm.1\ (3 subtraces) (ID = 103482)
6:06 PM: HKLM\software\classes\adm.adm\ (5 subtraces) (ID = 103483)
6:06 PM: HKLM\software\classes\appid\adm.exe\ (1 subtraces) (ID = 103488)
6:06 PM: HKLM\software\classes\appid\altnet signing module.exe\ (1 subtraces) (ID = 103489)
6:06 PM: HKLM\software\classes\appid\{8b0fef15-54dc-49f5-8377-8172de975f75}\ (1 subtraces) (ID = 103490)
6:06 PM: HKLM\software\classes\appid\{99a8e2b2-3405-4c0d-9110-131c14caaf62}\ (1 subtraces) (ID = 103491)
6:06 PM: HKLM\software\classes\clsid\{9bbcf06c-dcd7-495d-80df-cdd5399d0ff8}\ (11 subtraces) (ID = 103493)
6:06 PM: HKLM\software\classes\clsid\{b7156514-a76c-4545-9d5b-a4e1d02c7aec}\ (23 subtraces) (ID = 103494)
6:06 PM: HKLM\software\classes\clsid\{c15b7ea2-a360-43e8-a591-5faedc7c4e1d}\ (24 subtraces) (ID = 103495)
6:06 PM: HKLM\software\classes\signingmodule.signingmodule.1\ (3 subtraces) (ID = 103496)
6:06 PM: HKLM\software\classes\signingmodule.signingmodule\ (5 subtraces) (ID = 103497)
6:06 PM: HKLM\software\classes\typelib\{5830698f-7fc0-40cd-a453-9a0cafdf3a64}\ (9 subtraces) (ID = 103503)
6:06 PM: HKLM\software\microsoft\windows\currentversion\uninstall\altnetdm\ (2 subtraces) (ID = 103531)
6:06 PM: Found Adware: blazefind
6:06 PM: HKCR\bridgex.installer\ (3 subtraces) (ID = 104438)
6:06 PM: HKLM\software\classes\bridgex.installer\ (3 subtraces) (ID = 104471)
6:06 PM: HKLM\software\microsoft\windows\currentversion\uninstall\windows sr 2.0\ (4 subtraces) (ID = 104552)
6:06 PM: HKLM\software\microsoft\windows\currentversion\uninstall\wind updates\ (2 subtraces) (ID = 104554)
6:06 PM: HKLM\software\windupdates\ (6 subtraces) (ID = 104559)
6:06 PM: Found Adware: clientman
6:06 PM: HKU\WRSS_Profile_S-1-5-21-269332668-2345337513-512522657-1008\software\microsoft\windows\currentversion\run\ || svc (ID = 105915)
6:06 PM: Found Adware: coolwebsearch (cws)
6:06 PM: HKU\WRSS_Profile_S-1-5-21-269332668-2345337513-512522657-1008\software\microsoft\windows\currentversion\run\ || svc (ID = 105915)
6:06 PM: Found Adware: cydoor peer-to-peer dependency
6:06 PM: HKU\S-1-5-21-269332668-2345337513-512522657-1007\software\kazaa\promotions\cydoor\ (512 subtraces) (ID = 124527)
6:06 PM: HKU\WRSS_Profile_S-1-5-21-269332668-2345337513-512522657-1008\software\kazaa\promotions\cydoor\ (3317 subtraces) (ID = 124527)
6:06 PM: Found Adware: gain-supported software
6:06 PM: HKCR\clsid\{21ffb6c0-0da1-11d5-a9d5-00500413153c}\ (4 subtraces) (ID = 126731)
6:06 PM: HKLM\software\classes\clsid\{21ffb6c0-0da1-11d5-a9d5-00500413153c}\ (4 subtraces) (ID = 126751)
6:06 PM: Found Adware: keenvalue/perfectnav
6:06 PM: HKLM\software\perfectnav\ (10 subtraces) (ID = 129516)
6:06 PM: HKLM\software\updmgr\ (11 subtraces) (ID = 129521)
6:06 PM: Found Adware: 180search assistant/zango
6:06 PM: HKLM\software\180solutions\ (ID = 135618)
6:06 PM: HKU\S-1-5-21-269332668-2345337513-512522657-1007\software\msbb\ (19 subtraces) (ID = 135781)
6:06 PM: HKLM\software\msbb\ (11 subtraces) (ID = 135782)
6:06 PM: Found Adware: s-redirect hijack
6:06 PM: HKU\S-1-5-20\software\microsoft\internet explorer\ || searchurl (ID = 139257)
6:06 PM: HKU\S-1-5-19\software\microsoft\internet explorer\ || searchurl (ID = 139257)
6:06 PM: HKU\S-1-5-18\software\microsoft\internet explorer\ || searchurl (ID = 139257)
6:06 PM: HKU\WRSS_Profile_S-1-5-21-269332668-2345337513-512522657-1008\software\microsoft\internet explorer\ || searchurl (ID = 139257)
6:06 PM: HKU\S-1-5-20\software\microsoft\internet explorer\main\ || search bar (ID = 139260)
6:06 PM: HKU\S-1-5-19\software\microsoft\internet explorer\main\ || search bar (ID = 139260)
6:06 PM: HKU\S-1-5-18\software\microsoft\internet explorer\main\ || search bar (ID = 139260)
6:06 PM: HKU\WRSS_Profile_S-1-5-21-269332668-2345337513-512522657-1008\software\microsoft\internet explorer\main\ || search bar (ID = 139260)
6:06 PM: HKU\S-1-5-20\software\microsoft\internet explorer\main\ || search page (ID = 139261)
6:06 PM: HKU\S-1-5-19\software\microsoft\internet explorer\main\ || search page (ID = 139261)
6:06 PM: HKU\WRSS_Profile_S-1-5-21-269332668-2345337513-512522657-1008\software\microsoft\internet explorer\main\ || search page (ID = 139261)
6:06 PM: HKU\S-1-5-20\software\microsoft\internet explorer\search\ || searchassistant (ID = 139265)
6:06 PM: HKU\S-1-5-19\software\microsoft\internet explorer\search\ || searchassistant (ID = 139265)
6:06 PM: HKU\S-1-5-18\software\microsoft\internet explorer\search\ || searchassistant (ID = 139265)
6:06 PM: HKU\WRSS_Profile_S-1-5-21-269332668-2345337513-512522657-1008\software\microsoft\internet explorer\search\ || searchassistant (ID = 139265)
6:06 PM: HKU\S-1-5-20\software\microsoft\internet explorer\searchurl\ || searchurl (ID = 139267)
6:06 PM: HKU\S-1-5-19\software\microsoft\internet explorer\searchurl\ || searchurl (ID = 139267)
6:06 PM: HKU\S-1-5-18\software\microsoft\internet explorer\searchurl\ || searchurl (ID = 139267)
6:06 PM: HKU\WRSS_Profile_S-1-5-21-269332668-2345337513-512522657-1008\software\microsoft\internet explorer\searchurl\ || searchurl (ID = 139267)
6:06 PM: HKCR\clsid\{b7156514-a76c-4545-9d5b-a4e1d02c7aec}\ (23 subtraces) (ID = 143925)
6:06 PM: HKLM\software\classes\topsearch.tslink\ (5 subtraces) (ID = 143926)
6:06 PM: HKLM\software\classes\topsearch.tslink.1\ (3 subtraces) (ID = 143927)
6:06 PM: HKLM\software\classes\typelib\{edd3b3e9-3ffd-4836-a6de-d4a9c473a971}\ (9 subtraces) (ID = 143928)
6:06 PM: HKCR\topsearch.tslink\ (5 subtraces) (ID = 143929)
6:06 PM: HKCR\typelib\{edd3b3e9-3ffd-4836-a6de-d4a9c473a971}\ (9 subtraces) (ID = 143930)
6:06 PM: Found Adware: twain-tech
6:06 PM: HKLM\software\twaintec\ (1 subtraces) (ID = 145344)
6:06 PM: Found Adware: webrebates
6:06 PM: HKU\WRSS_Profile_S-1-5-21-269332668-2345337513-512522657-1008\software\microsoft\internet explorer\menuext\web rebates\ (2 subtraces) (ID = 146297)
6:06 PM: Found Adware: winad
6:06 PM: HKCR\appid\loaderx.exe\ (1 subtraces) (ID = 147150)
6:06 PM: HKCR\appid\{735c5a0c-f79f-47a1-8ca1-2a2e482662a8}\ (1 subtraces) (ID = 147151)
6:06 PM: HKCR\clsid\{1e5f0d38-214b-4085-ad2a-d2290e6a2d2c}\ (14 subtraces) (ID = 147153)
6:06 PM: HKCR\mediaaccess.installer\ (5 subtraces) (ID = 147157)
6:06 PM: HKLM\software\classes\appid\loaderx.exe\ (1 subtraces) (ID = 147164)
6:06 PM: HKLM\software\classes\appid\{735c5a0c-f79f-47a1-8ca1-2a2e482662a8}\ (1 subtraces) (ID = 147165)
6:06 PM: HKLM\software\classes\clsid\{1e5f0d38-214b-4085-ad2a-d2290e6a2d2c}\ (14 subtraces) (ID = 147167)
6:06 PM: HKLM\software\classes\mediaaccess.installer\ (5 subtraces) (ID = 147171)
6:06 PM: HKLM\software\classes\typelib\{15696ae2-6ea4-47f4-bea6-a3d32693efc7}\ (9 subtraces) (ID = 147176)
6:06 PM: HKLM\software\microsoft\windows\currentversion\uninstall\media access\ (2 subtraces) (ID = 147230)
6:06 PM: HKCR\typelib\{15696ae2-6ea4-47f4-bea6-a3d32693efc7}\ (9 subtraces) (ID = 147244)
6:06 PM: HKLM\software\gator.com\ (27 subtraces) (ID = 528933)
6:06 PM: Found Adware: cydoor
6:06 PM: HKU\WRSS_Profile_S-1-5-21-269332668-2345337513-512522657-1008\software\cydoor\ (2401 subtraces) (ID = 639126)
6:06 PM: Found Adware: psguard
6:06 PM: HKLM\software\classes\clsid\{e5d78bd8-3874-4aa0-9d45-cfb79382c484}\ (15 subtraces) (ID = 704077)
6:06 PM: HKCR\clsid\{15dc7116-e58e-4395-a45a-a1c99b17c030}\ (6 subtraces) (ID = 704636)
6:06 PM: HKCR\clsid\{e0aa0493-c410-4cbd-b1db-1723374fa8e0}\ (5 subtraces) (ID = 704833)
6:06 PM: HKCR\clsid\{e5d78bd8-3874-4aa0-9d45-cfb79382c484}\ (15 subtraces) (ID = 704839)
6:06 PM: Registry Sweep Complete, Elapsed Time:00:00:16
6:06 PM: Starting Cookie Sweep
6:06 PM: Found Spy Cookie: 2o7.net cookie
6:06 PM: jaime@2o7[1].txt (ID = 1957)
6:06 PM: Found Spy Cookie: go.com cookie
6:06 PM: jaime@abclocal.go[1].txt (ID = 2729)
6:06 PM: Found Spy Cookie: yieldmanager cookie
6:06 PM: jaime@ad.yieldmanager[1].txt (ID = 3751)
6:06 PM: Found Spy Cookie: addynamix cookie
6:06 PM: jaime@ads.addynamix[1].txt (ID = 2062)
6:06 PM: Found Spy Cookie: pointroll cookie
6:06 PM: jaime@ads.pointroll[2].txt (ID = 3148)
6:06 PM: Found Spy Cookie: atwola cookie
6:06 PM: jaime@atwola[2].txt (ID = 2255)
6:06 PM: Found Spy Cookie: belnk cookie
6:06 PM: jaime@belnk[1].txt (ID = 2292)
6:06 PM: Found Spy Cookie: burstnet cookie
6:06 PM: jaime@burstnet[2].txt (ID = 2336)
6:06 PM: jaime@cbs.112.2o7[2].txt (ID = 1958)
6:06 PM: Found Spy Cookie: centrport net cookie
6:06 PM: jaime@centrport[2].txt (ID = 2374)
6:06 PM: Found Spy Cookie: clickbank cookie
6:06 PM: jaime@clickbank[1].txt (ID = 2398)
6:06 PM: jaime@cnn.122.2o7[1].txt (ID = 1958)
6:06 PM: jaime@dist.belnk[2].txt (ID = 2293)
6:06 PM: Found Spy Cookie: ru4 cookie
6:06 PM: jaime@edge.ru4[1].txt (ID = 3269)
6:06 PM: jaime@espn.go[2].txt (ID = 2729)
6:06 PM: Found Spy Cookie: fastclick cookie
6:06 PM: jaime@fastclick[2].txt (ID = 2651)
6:06 PM: jaime@go[1].txt (ID = 2728)
6:06 PM: Found Spy Cookie: ic-live cookie
6:06 PM: jaime@ic-live[1].txt (ID = 2821)
6:06 PM: Found Spy Cookie: touchclarity cookie
6:06 PM: jaime@partypoker.touchclarity[1].txt (ID = 3567)
6:06 PM: Found Spy Cookie: partypoker cookie
6:06 PM: jaime@partypoker[2].txt (ID = 3111)
6:06 PM: Found Spy Cookie: overture cookie
6:06 PM: jaime@perf.overture[1].txt (ID = 3106)
6:06 PM: Found Spy Cookie: questionmarket cookie
6:06 PM: jaime@questionmarket[2].txt (ID = 3217)
6:06 PM: jaime@rsi.espn.go[1].txt (ID = 2729)
6:06 PM: jaime@sports.espn.go[1].txt (ID = 2729)
6:06 PM: Found Spy Cookie: tribalfusion cookie
6:06 PM: jaime@tribalfusion[2].txt (ID = 3589)
6:06 PM: Found Spy Cookie: adserver cookie
6:06 PM: jaime@z1.adserver[2].txt (ID = 2142)
6:06 PM: Found Spy Cookie: zedo cookie
6:06 PM: jaime@zedo[2].txt (ID = 3762)
6:06 PM: Cookie Sweep Complete, Elapsed Time: 00:00:01
6:06 PM: Starting File Sweep
6:06 PM: c:\documents and settings\jaime\start menu\programs\altnet (1 subtraces) (ID = -2147481443)
6:06 PM: c:\program files\altnet\my altnet shares (ID = -2147481439)
6:06 PM: c:\program files\altnet (1 subtraces) (ID = -2147481441)
6:06 PM: c:\program files\media access (4 subtraces) (ID = -2147480020)
6:06 PM: c:\program files\perfectnav (2 subtraces) (ID = -2147480782)
6:06 PM: bridgex.dll (ID = 51443)
6:06 PM: key2.txt (ID = 51468)
6:06 PM: oleext.dll_tobedeleted (ID = 138650)
6:06 PM: info.txt (ID = 90430)
6:06 PM: Found Adware: virtualmaid toolbar
6:06 PM: popuper.exe_tobedeleted (ID = 140477)
6:06 PM: Found Adware: java byteverify
6:06 PM: blackbox.class-75633b70-2034e5a4.class (ID = 64815)
6:07 PM: Warning: Failed to read file "c:\recycler\\dc2.exe". System Error. Code: 2.
The system cannot find the file specified
6:07 PM: Found Trojan Horse: downloader-thph
6:07 PM: telnet.exe (ID = 59169)
6:07 PM: Warning: Failed to read file "c:\recycler\\dc1.exe". System Error. Code: 2.
The system cannot find the file specified
6:07 PM: unstsa2.exe (ID = 51496)
6:07 PM: Found Trojan Horse: trojan-downloader-perf
6:07 PM: idr_load12.exe (ID = 80851)
6:07 PM: Found Adware: exact cashback/bargain buddy
6:07 PM: apuc.dll (ID = 50531)
6:07 PM: topsearch.dll (ID = 79735)
6:07 PM: Found Adware: exact software
6:07 PM: exul.exe (ID = 50614)
6:08 PM: verifierbug.class-314e5702-200e98b2.class (ID = 64831)
6:08 PM: peer points manager.lnk (ID = 49852)
6:08 PM: topsearch.dll (ID = 79735)
6:09 PM: Found Adware: desktop hijacker
6:09 PM: ! secure yourself.url (ID = 57875)
6:09 PM: cd_clint.dll_tobedeleted (ID = 57306)
6:09 PM: Found Trojan Horse: downloader-id5e
6:09 PM: nts-hh64pe.exe (ID = 59147)
6:09 PM: 32ms.exe (ID = 59147)
6:09 PM: perfcl.exe (ID = 80852)
6:09 PM: wuactl2.exe (ID = 80855)
6:09 PM: mediaaccc.dll (ID = 90379)
6:09 PM: Found Adware: exact navisearch
6:09 PM: mscb.dll (ID = 70399)
6:09 PM: msbe.dll (ID = 70396)
6:09 PM: Found Adware: ist istbar
6:09 PM: wininit.ini (ID = 64726)
6:09 PM: dummy.class-56bf106c-30c8cdee.class (ID = 64821)
6:09 PM: gain publishing web site.url (ID = 61372)
6:09 PM: bridgex.inf (ID = 51445)
6:09 PM: File Sweep Complete, Elapsed Time: 00:02:51
6:09 PM: Full Sweep has completed. Elapsed time 00:05:40
6:09 PM: Traces Found: 6792
6:10 PM: Removal process initiated
6:10 PM: Quarantining All Traces: topsearch
6:10 PM: Quarantining All Traces: altnet
6:10 PM: Quarantining All Traces: blazefind
6:10 PM: Quarantining All Traces: clientman
6:10 PM: Quarantining All Traces: coolwebsearch (cws)
6:10 PM: Quarantining All Traces: cydoor peer-to-peer dependency
6:10 PM: Quarantining All Traces: gain-supported software
6:10 PM: Quarantining All Traces: keenvalue/perfectnav
6:10 PM: Quarantining All Traces: 180search assistant/zango
6:10 PM: Quarantining All Traces: s-redirect hijack
6:10 PM: Quarantining All Traces: twain-tech
6:10 PM: Quarantining All Traces: webrebates
6:10 PM: Quarantining All Traces: winad
6:10 PM: Quarantining All Traces: cydoor
6:10 PM: Quarantining All Traces: psguard
6:10 PM: Quarantining All Traces: 2o7.net cookie
6:10 PM: Quarantining All Traces: go.com cookie
6:10 PM: Quarantining All Traces: yieldmanager cookie
6:10 PM: Quarantining All Traces: addynamix cookie
6:10 PM: Quarantining All Traces: pointroll cookie
6:10 PM: Quarantining All Traces: atwola cookie
6:10 PM: Quarantining All Traces: belnk cookie
6:10 PM: Quarantining All Traces: burstnet cookie
6:10 PM: Quarantining All Traces: centrport net cookie
6:10 PM: Quarantining All Traces: clickbank cookie
6:10 PM: Quarantining All Traces: ru4 cookie
6:10 PM: Quarantining All Traces: fastclick cookie
6:10 PM: Quarantining All Traces: ic-live cookie
6:10 PM: Quarantining All Traces: touchclarity cookie
6:10 PM: Quarantining All Traces: partypoker cookie
6:10 PM: Quarantining All Traces: overture cookie
6:10 PM: Quarantining All Traces: questionmarket cookie
6:10 PM: Quarantining All Traces: tribalfusion cookie
6:10 PM: Quarantining All Traces: adserver cookie
6:10 PM: Quarantining All Traces: zedo cookie
6:10 PM: Quarantining All Traces: virtualmaid toolbar
6:10 PM: Quarantining All Traces: java byteverify
6:10 PM: Quarantining All Traces: downloader-thph
6:10 PM: Quarantining All Traces: trojan-downloader-perf
6:10 PM: Quarantining All Traces: exact cashback/bargain buddy
6:10 PM: Quarantining All Traces: exact software
6:10 PM: Quarantining All Traces: desktop hijacker
6:10 PM: Quarantining All Traces: downloader-id5e
6:10 PM: Quarantining All Traces: exact navisearch
6:10 PM: Quarantining All Traces: ist istbar
6:11 PM: Removal process completed. Elapsed time 00:01:17
********
5:55 PM: |··· Start of Session, Wednesday, September 07, 2005 ···|
5:55 PM: Spy Sweeper started
5:55 PM: Sweep initiated using definitions version 530
5:55 PM: Starting Memory Sweep
5:56 PM: Found Adware: topsearch
5:56 PM: Detected running threat: C:\Program Files\Kazaa\TopSearch.dll (ID = 79735)
5:58 PM: Memory Sweep Complete, Elapsed Time: 00:02:18
5:58 PM: Starting Registry Sweep
5:58 PM: Found Adware: altnet
5:58 PM: HKCR\adm.adm.1\ (3 subtraces) (ID = 103441)
5:58 PM: HKCR\adm.adm\ (5 subtraces) (ID = 103442)
5:58 PM: HKCR\appid\adm.exe\ (1 subtraces) (ID = 103448)
5:58 PM: HKCR\appid\altnet signing module.exe\ (1 subtraces) (ID = 103449)
5:58 PM: HKCR\appid\{8b0fef15-54dc-49f5-8377-8172de975f75}\ (1 subtraces) (ID = 103453)
5:58 PM: HKCR\appid\{99a8e2b2-3405-4c0d-9110-131c14caaf62}\ (1 subtraces) (ID = 103454)
5:58 PM: HKCR\clsid\{9bbcf06c-dcd7-495d-80df-cdd5399d0ff8}\ (11 subtraces) (ID = 103461)
5:58 PM: HKCR\clsid\{c15b7ea2-a360-43e8-a591-5faedc7c4e1d}\ (24 subtraces) (ID = 103466)
5:58 PM: HKCR\signingmodule.signingmodule.1\ (3 subtraces) (ID = 103476)
5:58 PM: HKCR\signingmodule.signingmodule\ (5 subtraces) (ID = 103478)
5:58 PM: HKLM\software\altnet\ (1 subtraces) (ID = 103481)
5:58 PM: HKLM\software\classes\adm.adm.1\ (3 subtraces) (ID = 103482)
5:58 PM: HKLM\software\classes\adm.adm\ (5 subtraces) (ID = 103483)
5:58 PM: HKLM\software\classes\appid\adm.exe\ (1 subtraces) (ID = 103488)
5:58 PM: HKLM\software\classes\appid\altnet signing module.exe\ (1 subtraces) (ID = 103489)
5:58 PM: HKLM\software\classes\appid\{8b0fef15-54dc-49f5-8377-8172de975f75}\ (1 subtraces) (ID = 103490)
5:58 PM: HKLM\software\classes\appid\{99a8e2b2-3405-4c0d-9110-131c14caaf62}\ (1 subtraces) (ID = 103491)
5:58 PM: HKLM\software\classes\clsid\{9bbcf06c-dcd7-495d-80df-cdd5399d0ff8}\ (11 subtraces) (ID = 103493)
5:58 PM: HKLM\software\classes\clsid\{b7156514-a76c-4545-9d5b-a4e1d02c7aec}\ (23 subtraces) (ID = 103494)
5:58 PM: HKLM\software\classes\clsid\{c15b7ea2-a360-43e8-a591-5faedc7c4e1d}\ (24 subtraces) (ID = 103495)
5:58 PM: HKLM\software\classes\signingmodule.signingmodule.1\ (3 subtraces) (ID = 103496)
5:58 PM: HKLM\software\classes\signingmodule.signingmodule\ (5 subtraces) (ID = 103497)
5:58 PM: HKLM\software\classes\typelib\{5830698f-7fc0-40cd-a453-9a0cafdf3a64}\ (9 subtraces) (ID = 103503)
5:58 PM: HKLM\software\microsoft\windows\currentversion\uninstall\altnetdm\ (2 subtraces) (ID = 103531)
5:58 PM: Found Adware: blazefind
5:58 PM: HKCR\bridgex.installer\ (3 subtraces) (ID = 104438)
5:58 PM: HKLM\software\classes\bridgex.installer\ (3 subtraces) (ID = 104471)
5:58 PM: HKLM\software\microsoft\windows\currentversion\uninstall\windows sr 2.0\ (4 subtraces) (ID = 104552)
5:58 PM: HKLM\software\microsoft\windows\currentversion\uninstall\wind updates\ (2 subtraces) (ID = 104554)
5:58 PM: HKLM\software\windupdates\ (6 subtraces) (ID = 104559)
5:58 PM: Found Adware: clientman
5:58 PM: HKU\WRSS_Profile_S-1-5-21-269332668-2345337513-512522657-1008\software\microsoft\windows\currentversion\run\ || svc (ID = 105915)
5:58 PM: Found Adware: coolwebsearch (cws)
5:58 PM: HKU\WRSS_Profile_S-1-5-21-269332668-2345337513-512522657-1008\software\microsoft\windows\currentversion\run\ || svc (ID = 105915)
5:58 PM: Found Adware: cydoor peer-to-peer dependency
5:58 PM: HKU\S-1-5-21-269332668-2345337513-512522657-1007\software\kazaa\promotions\cydoor\ (511 subtraces) (ID = 124527)
5:58 PM: HKU\WRSS_Profile_S-1-5-21-269332668-2345337513-512522657-1008\software\kazaa\promotions\cydoor\ (3317 subtraces) (ID = 124527)
5:58 PM: Found Adware: gain-supported software
5:58 PM: HKCR\clsid\{21ffb6c0-0da1-11d5-a9d5-00500413153c}\ (4 subtraces) (ID = 126731)
5:58 PM: HKLM\software\classes\clsid\{21ffb6c0-0da1-11d5-a9d5-00500413153c}\ (4 subtraces) (ID = 126751)
5:58 PM: Found Adware: keenvalue/perfectnav
5:58 PM: HKLM\software\perfectnav\ (10 subtraces) (ID = 129516)
5:58 PM: HKLM\software\updmgr\ (11 subtraces) (ID = 129521)
5:58 PM: Found Adware: 180search assistant/zango
5:58 PM: HKLM\software\180solutions\ (ID = 135618)
5:58 PM: HKU\S-1-5-21-269332668-2345337513-512522657-1007\software\msbb\ (19 subtraces) (ID = 135781)
5:58 PM: HKLM\software\msbb\ (11 subtraces) (ID = 135782)
5:58 PM: Found Adware: s-redirect hijack
5:58 PM: HKU\S-1-5-20\software\microsoft\internet explorer\ || searchurl (ID = 139257)
5:58 PM: HKU\S-1-5-19\software\microsoft\internet explorer\ || searchurl (ID = 139257)
5:58 PM: HKU\S-1-5-18\software\microsoft\internet explorer\ || searchurl (ID = 139257)
5:58 PM: HKU\WRSS_Profile_S-1-5-21-269332668-2345337513-512522657-1008\software\microsoft\internet explorer\ || searchurl (ID = 139257)
5:58 PM: HKU\S-1-5-20\software\microsoft\internet explorer\main\ || search bar (ID = 139260)
5:58 PM: HKU\S-1-5-19\software\microsoft\internet explorer\main\ || search bar (ID = 139260)
5:58 PM: HKU\S-1-5-18\software\microsoft\internet explorer\main\ || search bar (ID = 139260)
5:58 PM: HKU\WRSS_Profile_S-1-5-21-269332668-2345337513-512522657-1008\software\microsoft\internet explorer\main\ || search bar (ID = 139260)
5:58 PM: HKU\S-1-5-20\software\microsoft\internet explorer\main\ || search page (ID = 139261)
5:58 PM: HKU\S-1-5-19\software\microsoft\internet explorer\main\ || search page (ID = 139261)
5:58 PM: HKU\WRSS_Profile_S-1-5-21-269332668-2345337513-512522657-1008\software\microsoft\internet explorer\main\ || search page (ID = 139261)
5:58 PM: HKU\S-1-5-20\software\microsoft\internet explorer\search\ || searchassistant (ID = 139265)
5:58 PM: HKU\S-1-5-19\software\microsoft\internet explorer\search\ || searchassistant (ID = 139265)
5:58 PM: HKU\S-1-5-18\software\microsoft\internet explorer\search\ || searchassistant (ID = 139265)
5:58 PM: HKU\WRSS_Profile_S-1-5-21-269332668-2345337513-512522657-1008\software\microsoft\internet explorer\search\ || searchassistant (ID = 139265)
5:58 PM: HKU\S-1-5-20\software\microsoft\internet explorer\searchurl\ || searchurl (ID = 139267)
5:58 PM: HKU\S-1-5-19\software\microsoft\internet explorer\searchurl\ || searchurl (ID = 139267)
5:58 PM: HKU\S-1-5-18\software\microsoft\internet explorer\searchurl\ || searchurl (ID = 139267)
5:58 PM: HKU\WRSS_Profile_S-1-5-21-269332668-2345337513-512522657-1008\software\microsoft\internet explorer\searchurl\ || searchurl (ID = 139267)
5:58 PM: HKCR\clsid\{b7156514-a76c-4545-9d5b-a4e1d02c7aec}\ (23 subtraces) (ID = 143925)
5:58 PM: HKLM\software\classes\topsearch.tslink\ (5 subtraces) (ID = 143926)
5:58 PM: HKLM\software\classes\topsearch.tslink.1\ (3 subtraces) (ID = 143927)
5:58 PM: HKLM\software\classes\typelib\{edd3b3e9-3ffd-4836-a6de-d4a9c473a971}\ (9 subtraces) (ID = 143928)
5:58 PM: HKCR\topsearch.tslink\ (5 subtraces) (ID = 143929)
5:58 PM: HKCR\typelib\{edd3b3e9-3ffd-4836-a6de-d4a9c473a971}\ (9 subtraces) (ID = 143930)
5:58 PM: Found Adware: twain-tech
5:58 PM: HKLM\software\twaintec\ (1 subtraces) (ID = 145344)
5:58 PM: Found Adware: webrebates
5:58 PM: HKU\WRSS_Profile_S-1-5-21-269332668-2345337513-512522657-1008\software\microsoft\internet explorer\menuext\web rebates\ (2 subtraces) (ID = 146297)
5:58 PM: Found Adware: winad
5:58 PM: HKCR\appid\loaderx.exe\ (1 subtraces) (ID = 147150)
5:58 PM: HKCR\appid\{735c5a0c-f79f-47a1-8ca1-2a2e482662a8}\ (1 subtraces) (ID = 147151)
5:58 PM: HKCR\clsid\{1e5f0d38-214b-4085-ad2a-d2290e6a2d2c}\ (14 subtraces) (ID = 147153)
5:58 PM: HKCR\mediaaccess.installer\ (5 subtraces) (ID = 147157)
5:58 PM: HKLM\software\classes\appid\loaderx.exe\ (1 subtraces) (ID = 147164)
5:58 PM: HKLM\software\classes\appid\{735c5a0c-f79f-47a1-8ca1-2a2e482662a8}\ (1 subtraces) (ID = 147165)
5:58 PM: HKLM\software\classes\clsid\{1e5f0d38-214b-4085-ad2a-d2290e6a2d2c}\ (14 subtraces) (ID = 147167)
5:58 PM: HKLM\software\classes\mediaaccess.installer\ (5 subtraces) (ID = 147171)
5:58 PM: HKLM\software\classes\typelib\{15696ae2-6ea4-47f4-bea6-a3d32693efc7}\ (9 subtraces) (ID = 147176)
5:58 PM: HKLM\software\microsoft\windows\currentversion\uninstall\media access\ (2 subtraces) (ID = 147230)
5:58 PM: HKCR\typelib\{15696ae2-6ea4-47f4-bea6-a3d32693efc7}\ (9 subtraces) (ID = 147244)
5:58 PM: HKLM\software\gator.com\ (27 subtraces) (ID = 528933)
5:58 PM: Found Adware: cydoor
5:58 PM: HKU\WRSS_Profile_S-1-5-21-269332668-2345337513-512522657-1008\software\cydoor\ (2401 subtraces) (ID = 639126)
5:58 PM: Found Adware: psguard
5:58 PM: HKLM\software\classes\clsid\{e5d78bd8-3874-4aa0-9d45-cfb79382c484}\ (15 subtraces) (ID = 704077)
5:58 PM: HKCR\clsid\{15dc7116-e58e-4395-a45a-a1c99b17c030}\ (6 subtraces) (ID = 704636)
5:58 PM: HKCR\clsid\{e0aa0493-c410-4cbd-b1db-1723374fa8e0}\ (5 subtraces) (ID = 704833)
5:58 PM: HKCR\clsid\{e5d78bd8-3874-4aa0-9d45-cfb79382c484}\ (15 subtraces) (ID = 704839)
5:58 PM: Registry Sweep Complete, Elapsed Time:00:00:15
5:58 PM: Starting Cookie Sweep
5:58 PM: Found Spy Cookie: 2o7.net cookie
5:58 PM: jaime@2o7[1].txt (ID = 1957)
5:58 PM: Found Spy Cookie: go.com cookie
5:58 PM: jaime@abclocal.go[1].txt (ID = 2729)
5:58 PM: Found Spy Cookie: yieldmanager cookie
5:58 PM: jaime@ad.yieldmanager[2].txt (ID = 3751)
5:58 PM: Found Spy Cookie: addynamix cookie
5:58 PM: jaime@ads.addynamix[1].txt (ID = 2062)
5:58 PM: Found Spy Cookie: pointroll cookie
5:58 PM: jaime@ads.pointroll[2].txt (ID = 3148)
5:58 PM: Found Spy Cookie: atwola cookie
5:58 PM: jaime@atwola[2].txt (ID = 2255)
5:58 PM: Found Spy Cookie: belnk cookie
5:58 PM: jaime@belnk[1].txt (ID = 2292)
5:58 PM: Found Spy Cookie: burstnet cookie
5:58 PM: jaime@burstnet[2].txt (ID = 2336)
5:58 PM: jaime@cbs.112.2o7[2].txt (ID = 1958)
5:58 PM: Found Spy Cookie: centrport net cookie
5:58 PM: jaime@centrport[2].txt (ID = 2374)
5:58 PM: Found Spy Cookie: clickbank cookie
5:58 PM: jaime@clickbank[1].txt (ID = 2398)
5:58 PM: jaime@cnn.122.2o7[1].txt (ID = 1958)
5:58 PM: jaime@dist.belnk[2].txt (ID = 2293)
5:58 PM: Found Spy Cookie: ru4 cookie
5:58 PM: jaime@edge.ru4[1].txt (ID = 3269)
5:58 PM: jaime@espn.go[2].txt (ID = 2729)
5:58 PM: Found Spy Cookie: fastclick cookie
5:58 PM: jaime@fastclick[2].txt (ID = 2651)
5:58 PM: jaime@go[1].txt (ID = 2728)
5:58 PM: Found Spy Cookie: ic-live cookie
5:58 PM: jaime@ic-live[1].txt (ID = 2821)
5:58 PM: Found Spy Cookie: touchclarity cookie
5:58 PM: jaime@partypoker.touchclarity[1].txt (ID = 3567)
5:58 PM: Found Spy Cookie: partypoker cookie
5:58 PM: jaime@partypoker[2].txt (ID = 3111)
5:58 PM: Found Spy Cookie: overture cookie
5:58 PM: jaime@perf.overture[1].txt (ID = 3106)
5:58 PM: Found Spy Cookie: questionmarket cookie
5:58 PM: jaime@questionmarket[2].txt (ID = 3217)
5:58 PM: jaime@rsi.espn.go[1].txt (ID = 2729)
5:58 PM: jaime@sports.espn.go[1].txt (ID = 2729)
5:58 PM: Found Spy Cookie: tribalfusion cookie
5:58 PM: jaime@tribalfusion[2].txt (ID = 3589)
5:58 PM: Found Spy Cookie: adserver cookie
5:58 PM: jaime@z1.adserver[2].txt (ID = 2142)
5:58 PM: Found Spy Cookie: zedo cookie
5:58 PM: jaime@zedo[2].txt (ID = 3762)
5:58 PM: Cookie Sweep Complete, Elapsed Time: 00:00:01
5:58 PM: Starting File Sweep
5:58 PM: c:\documents and settings\jaime\start menu\programs\altnet (1 subtraces) (ID = -2147481443)
5:58 PM: c:\program files\altnet\my altnet shares (ID = -2147481439)
5:58 PM: c:\program files\altnet (1 subtraces) (ID = -2147481441)
5:58 PM: c:\program files\media access (4 subtraces) (ID = -2147480020)
5:58 PM: c:\program files\perfectnav (2 subtraces) (ID = -2147480782)
5:58 PM: bridgex.dll (ID = 51443)
5:58 PM: key2.txt (ID = 51468)
5:58 PM: oleext.dll_tobedeleted (ID = 138650)
5:58 PM: info.txt (ID = 90430)
5:58 PM: Found Adware: virtualmaid toolbar
5:58 PM: popuper.exe_tobedeleted (ID = 140477)
5:58 PM: Found Adware: java byteverify
5:58 PM: blackbox.class-75633b70-2034e5a4.class (ID = 64815)
5:59 PM: Warning: Failed to read file "c:\recycler\\dc2.exe". System Error. Code: 2.
The system cannot find the file specified
5:59 PM: Found Trojan Horse: downloader-thph
5:59 PM: telnet.exe (ID = 59169)
5:59 PM: Warning: Failed to read file "c:\recycler\\dc1.exe". System Error. Code: 2.
The system cannot find the file specified
5:59 PM: unstsa2.exe (ID = 51496)
5:59 PM: Found Trojan Horse: trojan-downloader-perf
5:59 PM: idr_load12.exe (ID = 80851)
5:59 PM: Found Adware: exact cashback/bargain buddy
5:59 PM: apuc.dll (ID = 50531)
6:00 PM: topsearch.dll (ID = 79735)
6:00 PM: Found Adware: exact software
6:00 PM: exul.exe (ID = 50614)
6:00 PM: verifierbug.class-314e5702-200e98b2.class (ID = 64831)
6:01 PM: peer points manager.lnk (ID = 49852)
6:01 PM: topsearch.dll (ID = 79735)
6:01 PM: Found Adware: desktop hijacker
6:01 PM: ! secure yourself.url (ID = 57875)
6:01 PM: cd_clint.dll_tobedeleted (ID = 57306)
6:01 PM: Found Trojan Horse: downloader-id5e
6:01 PM: nts-hh64pe.exe (ID = 59147)
6:01 PM: 32ms.exe (ID = 59147)
6:01 PM: perfcl.exe (ID = 80852)
6:01 PM: wuactl2.exe (ID = 80855)
6:01 PM: mediaaccc.dll (ID = 90379)
6:01 PM: Found Adware: exact navisearch
6:01 PM: mscb.dll (ID = 70399)
6:01 PM: msbe.dll (ID = 70396)
6:01 PM: Found Adware: ist istbar
6:01 PM: wininit.ini (ID = 64726)
6:01 PM: dummy.class-56bf106c-30c8cdee.class (ID = 64821)
6:01 PM: gain publishing web site.url (ID = 61372)
6:01 PM: bridgex.inf (ID = 51445)
6:01 PM: File Sweep Complete, Elapsed Time: 00:03:01
6:01 PM: Full Sweep has completed. Elapsed time 00:05:42
6:01 PM: Traces Found: 6791
********
5:55 PM: |··· Start of Session, Wednesday, September 07, 2005 ···|
5:55 PM: Spy Sweeper started
5:55 PM: |··· End of Session, Wednesday, September 07, 2005 ···|
  • 0

Advertisements


#26
Buckeye_Sam

Buckeye_Sam

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 10,019 posts
I can almost hear your computer going "Aaaaahhhh....that's better." :tazz:

Here are some optional fixes you can make with Hijackthis. They are not malware. These are programs that run automatically at startup. They are not necessary to be run at every startup and hog your computer's resources. Fixing these will improve boot up time and performance.

O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [KAZAA] C:\Program Files\Kazaa\kazaa.exe /SYSTRAY
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup




How is everything working for you now?
  • 0

#27
ChrisOD94

ChrisOD94

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
Everything is working wornderfully now....I cannot thank you enough as there is no way that I would have been able to do that on my own. I will take your advice in the previous thread...but my computer has never run better!!!! Thanks again...I will make sure to make a donation as it was well worth it!
  • 0

#28
Buckeye_Sam

Buckeye_Sam

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 10,019 posts
I'm glad I could help out. :)

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:
  • Disable and Enable System Restore. - If you are using Windows ME or XP then you should disable and reenable system restore to make sure there are no infected files found in a restore point left over from what we have just cleaned.

    You can find instructions on how to enable and reenable system restore here:

    Managing Windows Millenium System Restore

    or

    Windows XP System Restore Guide

    Renable system restore with instructions from tutorial above

  • Make your Internet Explorer more secure - This can be done by following these simple instructions:
    • From within Internet Explorer click on the Tools menu and then click on Options.
    • Click once on the Security tab
    • Click once on the Internet icon so it becomes highlighted.
    • Click once on the Custom Level button.
      • Change the Download signed ActiveX controls to Prompt
      • Change the Download unsigned ActiveX controls to Disable
      • Change the Initialize and script ActiveX controls not marked as safe to Disable
      • Change the Installation of desktop items to Prompt
      • Change the Launching programs and files in an IFRAME to Prompt
      • Change the Navigate sub-frames across different domains to Prompt
      • When all these settings have been made, click on the OK button.
      • If it prompts you as to whether or not you want to save the settings, press the Yes button.
    • Next press the Apply button and then the OK to exit the Internet Properties page.
  • Use an AntiVirus Software - It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future.

    See this link for a listing of some online & their stand-alone antivirus programs:

    Virus, Spyware, and Malware Protection and Removal Resources

  • Update your AntiVirus Software - It is imperitive that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.

  • Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is succeptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.

    For a tutorial on Firewalls and a listing of some available ones see the link below:

    Understanding and Using Firewalls

  • Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

  • Install Spybot - Search and Destroy - Install and download Spybot - Search and Destroy with its TeaTimer option. This will provide realtime spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with program on a regular basis just as you would an antivirus software.

    A tutorial on installing & using this product can be found here:

    Using Spybot - Search & Destroy to remove Spyware , Malware, and Hijackers

  • Install Ad-Aware - Install and download Ad-Aware. ou should also scan your computer with program on a regular basis just as you would an antivirus software in conjunction with Spybot.

    A tutorial on installing & using this product can be found here:

    Using Ad-aware to remove Spyware, Malware, & Hijackers from Your Computer

  • Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

    A tutorial on installing & using this product can be found here:

    Using SpywareBlaster to protect your computer from Spyware and Malware

  • Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Follow this list and your potential for being infected again will reduce dramatically.

:tazz: :)
  • 0

#29
Buckeye_Sam

Buckeye_Sam

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 10,019 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :tazz:

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP