Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Morwillsearch Problems [RESOLVED]

Started by Jefff , Nov 30 2005 12:20 AM

  • This topic is locked This topic is locked

#1
Jefff
Posted 30 November 2005 - 12:20 AM

Jefff

    New Member

  • Member
  • Pip
  • 3 posts
This is my first time using this forum, so I hope I'm doing it right. I'm currently having a lot of problems being hijacked by morwillsearch, commission junction, lycos and some disgusting pornographic sites.

I hope you will be able to help me clean my computer of these problems.

I have already run all of the recommended scans in the "you must read this before posting a hijackthis log" instructions.

I also seem to have a lot of processes running. Is there a way of knowing which ones I should have and which ones I can delete?

I would appreciate any help that you can provide.............

Thanks,
Jeff

Below is a copy of my latest hijackthis log.




Logfile of HijackThis v1.99.1
Scan saved at 11:03:04 PM, on 11/29/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\brsvc01a.exe
C:\WINDOWS\System32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
C:\WINDOWS\System32\hphmon05.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\LTMSG.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
C:\PROGRA~1\MSTARW~1\Service.exe
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~2\VPTray.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\PROGRA~1\VISION~1\ONETOU~2.EXE
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Bho - {F7958756-4CA2-48bd-B8D4-EA1F970C3B72} - C:\WINDOWS\system32\skbadyyi.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~2\VPTray.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKLM\..\Run: [OneTouch Monitor] C:\PROGRA~1\VISION~1\ONETOU~2.EXE
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [PPWebCap] C:\PROGRA~1\ScanSoft\PAPERP~1\PPWebCap.exe
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe
O4 - Global Startup: UserFinder.lnk = C:\Program Files\MSTAR Web Sentinel\UserFinder.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'lslsp.dll' missing
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab31267.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...er.cab31267.cab
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamesp...nch/alaunch.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/.../GrooveAX27.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://messenger.zon...ry/ZAxRcMgr.cab
O16 - DPF: {D1ACD2D8-7312-4D06-BECD-90EB094D2277} - http://mediaplayer.w...ler/install.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: jkkjg - C:\WINDOWS\system32\jkkjg.dll (file missing)
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Web Filter Service - LogiSense Corporation - C:\PROGRA~1\MSTARW~1\Service.exe
  • 0

Advertisements

#2
Crustyoldbloke
Posted 30 November 2005 - 09:29 AM

Crustyoldbloke

    Old Malware Surgeon with a shaky scalpel

  • Retired Staff
  • 15,131 posts
Hello Jeff and welcome to Geeks to Go

As an introduction, please note that I am not Superhuman, I do not know everything, but what I do know has taken me years to learn. I am happy to pass on this information to you, but please bear in mind that I am also fallible.

Please note that you should have Administrator rights to perform the fixes. Also note that multiple identity PC’s (family PC’s) present a different problem; please tell me if your PC has more than one individual’s setting, but continue with the fix.

Before we get underway, you may wish to print these instructions for easy reference during the fix, although please be aware that many of the required URLs are hyperlinks in the red names shown on your screen. Part of the fix may require you to be in Safe Mode, which will not allow you to access the internet, or my instructions!

You have quite a mixture of malware and Trojans that need to be eradicated. Let’s see what we can do with the first sweep.

Firstly could you please disable Microsoft Antispyware from running during the fix, it may just hinder our attempts to change anything. Right click on the icon (looks like an archery target) in the task bar and click on Security Agents Status (Enabled) then click on Disable Real-time Protection. To re enable it, you follow the same steps but click on Enable Real-time Protection.

Please download LSPfix and save it to the Desktop and unzip it.

Run LSPfix and place a checkmark or tick against the I know what I am doing checkbox.

Highlight every instance of the following names and move them from the Keep to the Remove panel. Be sure to move nothing other than the files listed below!

lslsp.dll

When done, click on Finish to exit the programme; do not use the X in the top right-hand corner as nothing will happen!

Please download the following programmes, we will run them later. Please save them to a place that you will remember, I suggest the Desktop:

Killbox by Option^Explicit
CCleaner
Ewido Security Suite

Please visit Kaspersky for an online file scan. Please navigate and upload this file: C:\PROGRA~1\MSTARW~1\Service.exe (the tilde ~ stands for more letters) Please wait for the outcome of that file and let me know the result in your reply.

Install Ewido Security Suite.
  • Install Ewido security suite
  • When installing, under "Additional Options" uncheck..
    • Install background guard
    • Install scan via context menu
    • You will need to update Ewido to the latest definition files.
    • On the left hand side of the main screen click update.
    • Then click on Start Update.
  • The update will start and a progress bar will show the updates being installed.
    (the status bar at the bottom will display "Update successful")
If you are having problems with the updater, you can use this link to manually update Ewido.
Ewido manual updates
Do NOT run a scan yet.

Next, please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.

For additional help in booting into Safe Mode, see the following site:

Safe Mode

Launch Ewido, there should be an icon on your desktop, double-click it.
  • The programme will now open to the main screen.
  • When you run Ewido for the first time, you will get a warning "Database could not be found!". Click OK.
Once the updates are installed do the following:
  • Click on scanner
  • Click on Complete System Scan and the scan will begin.
  • You will be prompted to clean the first infection.
  • Select "Perform action on all infections", then proceed.
  • Once the scan has completed, there will be a button located on the bottom of the screen named Save report
  • Click Save report.
  • Save the report .txt file to your desktop and include it in your reply.
Now close Ewido security suite.

Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

R3 - Default URLSearchHook is missing
O2 - BHO: Bho - {F7958756-4CA2-48bd-B8D4-EA1F970C3B72} - C:\WINDOWS\system32\skbadyyi.dll
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O20 - Winlogon Notify: jkkjg - C:\WINDOWS\system32\jkkjg.dll (file missing)

Now close all windows other than HiJackThis, then click Fix Checked.

Please install Killbox by Option^Explicit.
  • Extract the programme to your desktop and double-click on its folder, then double-click on Killbox.exe to start the programme.
  • In the Killbox programme, select the Delete on Reboot option.
  • Copy the file names below to the clipboard by highlighting them and pressing Control-C:
C:\WINDOWS\system32\skbadyyi.dll
C:\WINDOWS\ALCXMNTR.EXE
  • Return to Killbox, go to the File menu, and choose "Paste from Clipboard".
  • Go to Options > Delete on Reboot > Process ALL in list
  • Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "Yes" at the reboot now prompt.
If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run TheKillbox, click download and run missingfilesetup.exe. Then try TheKillbox again.

There is almost certainly bound to be some junk (leftover bits and pieces) on your system that is doing nothing but taking up space. I would recommend that you run CCleaner. Install it, update it, check the default setting in the left-hand pane, ensure you uncheck old prefetch data found under the system tab, then click Analyze> Run Cleaner. You may be fairly surprised by how much it finds. Also click Issues then Scan for issues – fix selected issues

Post back a fresh HijackThis log (from normal mode) and I will take another look. (2 logs and a file scan report).
  • 0

#3
Jefff
Posted 30 November 2005 - 11:31 PM

Jefff

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
I just went through all of the instructions you gave me and it appears like the Morwillsearch problem is gone. I really appreciate your help on this problem!!!

Here are the reports that you asked for. The first one is the Kaspersky scan on "C:\PROGRAM~1\MSTARW~1\Service.exe". This file is actually MSTAR's WebSentinel which is an internet filter that I am using.

Thanks again for you help,
Jeff



Kaspersky File Scanner
You're clean!
Kaspersky Anti-Virus has not detected any viruses at this time in the file you submitted.
However, only a fully-functional antivirus solution with regularly updated virus definitions can ensure comprehensive protection against malware. If you do not have an antivirus solution installed, you may wish to consider purchasing one today.
• Download a trial version of Kaspersky Anti-Virus
• Purchase Kaspersky Anti-Virus in our E-Store
• Purchase Kaspersky Anti-Virus from a certified partner

Scanned file: Service.exe
Service.exe - OK
Statistics:
Known viruses: 162519 Updated: 01-12-2005
File size (Kb): 920 Virus bodies: 0
Files: 1 Warnings: 0
Archives: 0 Suspicious: 0




---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 8:25:19 PM, 11/30/2005
+ Report-Checksum: 4E642890

+ Scan result:

HKLM\SOFTWARE\Classes\CLSID\{70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} -> Spyware.GameSpyArcade : Cleaned with backup
HKLM\SOFTWARE\Classes\GSDA.GSDACtl\CLSID\\ -> Spyware.GameSpyArcade : Cleaned with backup
HKLM\SOFTWARE\Classes\GSDA.GSDACtl.1\CLSID\\ -> Spyware.GameSpyArcade : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} -> Spyware.GameSpyArcade : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/gsda.dll\\.Owner -> Spyware.GameSpyArcade : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/gsda.dll\\{70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} -> Spyware.GameSpyArcade : Cleaned with backup
HKU\S-1-5-21-3038601130-2682263415-2070977642-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4A2AACF3-ADF6-11D5-98A9-00E018981B9E} -> Spyware.NewDotNet : Cleaned with backup
HKU\S-1-5-21-3038601130-2682263415-2070977642-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{87067F04-DE4C-4688-BC3C-4FCF39D609E7} -> Spyware.WebSearch : Cleaned with backup
HKU\S-1-5-21-3038601130-2682263415-2070977642-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C900B400-CDFE-11D3-976A-00E02913A9E0} -> Spyware.Webhancer : Cleaned with backup
C:\Documents and Settings\All Users\Application Data\linkbho -> Spyware.SpywareWall : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt -> Spyware.Cookie.Pointroll : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@burstnet[2].txt -> Spyware.Cookie.Burstnet : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt -> Spyware.Cookie.Bridgetrack : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@com[1].txt -> Spyware.Cookie.Com : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt -> Spyware.Cookie.Ru4 : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@serving-sys[1].txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@trafficmp[1].txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@tribalfusion[1].txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt -> Spyware.Cookie.Burstbeacon : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt -> Spyware.Cookie.Adserver : Cleaned with backup
C:\Program Files\3yg869ob\3yg869ob.dll.tcf -> Spyware.ClearSearch : Cleaned with backup
C:\Program Files\Common Files\jjddlaed\hlrpftnf\natlntjl.exe -> Adware.Gator : Cleaned with backup
C:\Program Files\Common Files\jjddlaed\jpnpdlabnl\ectanhlpp.exe -> Adware.Gator : Cleaned with backup
C:\Program Files\PestPatrol\Quarantine\20040830224807375.zip/PROGRA~1/MYTOTA~1/bar/1.bin/mtsoestb.dll -> Spyware.MyWebSearch : Cleaned with backup
C:\Program Files\Spybot - Search & Destroy\Includes\Hosts.sbs -> Trojan.Qhost.ew : Cleaned with backup
C:\RECYCLER\S-1-5-21-3851632428-1500968827-3464092083-1003\Dc107.txt -> Spyware.Cookie.Burstnet : Cleaned with backup
C:\RECYCLER\S-1-5-21-3851632428-1500968827-3464092083-1003\Dc143.txt -> Spyware.Cookie.Com : Cleaned with backup
C:\RECYCLER\S-1-5-21-3851632428-1500968827-3464092083-1003\Dc1550\Cdacache\00\00\0D.dat/files\wtvh.dll -> Spyware.WildTangent : Cleaned with backup
C:\RECYCLER\S-1-5-21-3851632428-1500968827-3464092083-1003\Dc176.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\RECYCLER\S-1-5-21-3851632428-1500968827-3464092083-1003\Dc177.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\RECYCLER\S-1-5-21-3851632428-1500968827-3464092083-1003\Dc178.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\RECYCLER\S-1-5-21-3851632428-1500968827-3464092083-1003\Dc179.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\RECYCLER\S-1-5-21-3851632428-1500968827-3464092083-1003\Dc18.txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\RECYCLER\S-1-5-21-3851632428-1500968827-3464092083-1003\Dc180.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\RECYCLER\S-1-5-21-3851632428-1500968827-3464092083-1003\Dc181.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\RECYCLER\S-1-5-21-3851632428-1500968827-3464092083-1003\Dc182.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\RECYCLER\S-1-5-21-3851632428-1500968827-3464092083-1003\Dc183.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\RECYCLER\S-1-5-21-3851632428-1500968827-3464092083-1003\Dc184.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\RECYCLER\S-1-5-21-3851632428-1500968827-3464092083-1003\Dc185.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\RECYCLER\S-1-5-21-3851632428-1500968827-3464092083-1003\Dc186.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\RECYCLER\S-1-5-21-3851632428-1500968827-3464092083-1003\Dc187.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\RECYCLER\S-1-5-21-3851632428-1500968827-3464092083-1003\Dc188.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\RECYCLER\S-1-5-21-3851632428-1500968827-3464092083-1003\Dc189.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\RECYCLER\S-1-5-21-3851632428-1500968827-3464092083-1003\Dc190.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\RECYCLER\S-1-5-21-3851632428-1500968827-3464092083-1003\Dc191.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\RECYCLER\S-1-5-21-3851632428-1500968827-3464092083-1003\Dc192.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\RECYCLER\S-1-5-21-3851632428-1500968827-3464092083-1003\Dc193.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\RECYCLER\S-1-5-21-3851632428-1500968827-3464092083-1003\Dc194.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\RECYCLER\S-1-5-21-3851632428-1500968827-3464092083-1003\Dc195.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\RECYCLER\S-1-5-21-3851632428-1500968827-3464092083-1003\Dc196.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\RECYCLER\S-1-5-21-3851632428-1500968827-3464092083-1003\Dc197.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\RECYCLER\S-1-5-21-3851632428-1500968827-3464092083-1003\Dc198.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\RECYCLER\S-1-5-21-3851632428-1500968827-3464092083-1003\Dc199.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\RECYCLER\S-1-5-21-3851632428-1500968827-3464092083-1003\Dc200.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\RECYCLER\S-1-5-21-3851632428-1500968827-3464092083-1003\Dc201.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\RECYCLER\S-1-5-21-3851632428-1500968827-3464092083-1003\Dc202.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\RECYCLER\S-1-5-21-3851632428-1500968827-3464092083-1003\Dc203.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\RECYCLER\S-1-5-21-3851632428-1500968827-3464092083-1003\Dc204.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\RECYCLER\S-1-5-21-3851632428-1500968827-3464092083-1003\Dc205.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\RECYCLER\S-1-5-21-3851632428-1500968827-3464092083-1003\Dc206.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\RECYCLER\S-1-5-21-3851632428-1500968827-3464092083-1003\Dc207.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\RECYCLER\S-1-5-21-3851632428-1500968827-3464092083-1003\Dc208.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\RECYCLER\S-1-5-21-3851632428-1500968827-3464092083-1003\Dc209.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\RECYCLER\S-1-5-21-3851632428-1500968827-3464092083-1003\Dc210.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\RECYCLER\S-1-5-21-3851632428-1500968827-3464092083-1003\Dc211.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\RECYCLER\S-1-5-21-3851632428-1500968827-3464092083-1003\Dc212.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\RECYCLER\S-1-5-21-3851632428-1500968827-3464092083-1003\Dc213.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\RECYCLER\S-1-5-21-3851632428-1500968827-3464092083-1003\Dc214.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\RECYCLER\S-1-5-21-3851632428-1500968827-3464092083-1003\Dc215.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\RECYCLER\S-1-5-21-3851632428-1500968827-3464092083-1003\Dc216.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\RECYCLER\S-1-5-21-3851632428-1500968827-3464092083-1003\Dc217.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\RECYCLER\S-1-5-21-3851632428-1500968827-3464092083-1003\Dc218.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\RECYCLER\S-1-5-21-3851632428-1500968827-3464092083-1003\Dc296.txt -> Spyware.Cookie.Itrack : Cleaned with backup
C:\RECYCLER\S-1-5-21-3851632428-1500968827-3464092083-1003\Dc363.txt -> Spyware.Cookie.Mysearch : Cleaned with backup
C:\RECYCLER\S-1-5-21-3851632428-1500968827-3464092083-1003\Dc422.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
C:\RECYCLER\S-1-5-21-3851632428-1500968827-3464092083-1003\Dc44.txt -> Spyware.Cookie.Abetterinternet : Cleaned with backup
C:\RECYCLER\S-1-5-21-3851632428-1500968827-3464092083-1003\Dc456.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\RECYCLER\S-1-5-21-3851632428-1500968827-3464092083-1003\Dc48.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\RECYCLER\S-1-5-21-3851632428-1500968827-3464092083-1003\Dc51.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
C:\RECYCLER\S-1-5-21-3851632428-1500968827-3464092083-1003\Dc551.txt -> Spyware.Cookie.Burstbeacon : Cleaned with backup
C:\RECYCLER\S-1-5-21-3851632428-1500968827-3464092083-1003\Dc552.txt -> Spyware.Cookie.Burstbeacon : Cleaned with backup
C:\RECYCLER\S-1-5-21-3851632428-1500968827-3464092083-1003\Dc658.txt -> Spyware.Cookie.Popuptraffic : Cleaned with backup
C:\RECYCLER\S-1-5-21-3851632428-1500968827-3464092083-1003\Dc718.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\RECYCLER\S-1-5-21-3851632428-1500968827-3464092083-1003\Dc719.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\RECYCLER\S-1-5-21-3851632428-1500968827-3464092083-1003\Dc824.fr43F0 -> Spyware.IBIS : Cleaned with backup
C:\RECYCLER\S-1-5-21-3851632428-1500968827-3464092083-1003\Dc825.fr46A6 -> Spyware.IBIS : Cleaned with backup
C:\RECYCLER\S-1-5-21-3851632428-1500968827-3464092083-1003\Dc826.fr53D0 -> Spyware.IBIS : Cleaned with backup
C:\RECYCLER\S-1-5-21-3851632428-1500968827-3464092083-1003\Dc829.fr74E4 -> Spyware.IBIS : Cleaned with backup
C:\RECYCLER\S-1-5-21-3851632428-1500968827-3464092083-1003\Dc841.frC679 -> Spyware.WebSearch : Cleaned with backup
C:\RECYCLER\S-1-5-21-3851632428-1500968827-3464092083-1003\Dc899.fr0A1A -> Spyware.IBIS : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\gsda.dll.tcf -> Dialer.Generic : Cleaned with backup
C:\WINDOWS\system32\config\systemprofile\Cookies\owner@com[2].txt -> Spyware.Cookie.Com : Cleaned with backup
C:\WINDOWS\system32\config\systemprofile\Cookies\owner@specificpop[1].txt -> Spyware.Cookie.Specificpop : Cleaned with backup
C:\WINDOWS\system32\config\systemprofile\Cookies\[email protected][2].txt -> Spyware.Cookie.Burstbeacon : Cleaned with backup
C:\WINDOWS\system32\config\systemprofile\Cookies\owner@y-1shz2prbmdj6wvny-1sez2pra2dj6wfkiggajsloawdj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\WINDOWS\system32\config\systemprofile\Cookies\owner@y-1shz2prbmdj6wvny-1sez2pra2dj6wjlikkdzgdqqidj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\WINDOWS\system32\jkhfd.dll -> Trojan.Crypt.o : Cleaned with backup


::Report End




Logfile of HijackThis v1.99.1
Scan saved at 9:35:01 PM, on 11/30/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\brsvc01a.exe
C:\WINDOWS\System32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
C:\WINDOWS\System32\hphmon05.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\LTMSG.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\PROGRA~1\MSTARW~1\Service.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~2\VPTray.exe
C:\PROGRA~1\VISION~1\ONETOU~2.EXE
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray\sgtray.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~2\VPTray.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKLM\..\Run: [OneTouch Monitor] C:\PROGRA~1\VISION~1\ONETOU~2.EXE
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [PPWebCap] C:\PROGRA~1\ScanSoft\PAPERP~1\PPWebCap.exe
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe
O4 - Global Startup: UserFinder.lnk = C:\Program Files\MSTAR Web Sentinel\UserFinder.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab31267.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...er.cab31267.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/.../GrooveAX27.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://messenger.zon...ry/ZAxRcMgr.cab
O16 - DPF: {D1ACD2D8-7312-4D06-BECD-90EB094D2277} - http://mediaplayer.w...ler/install.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Web Filter Service - LogiSense Corporation - C:\PROGRA~1\MSTARW~1\Service.exe
  • 0

#4
Jefff
Posted 01 December 2005 - 12:03 AM

Jefff

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
I forgot to mention in my last reply that I will send you a donation through PayPal.

Thanks again,
Jeff
  • 0

#5
Crustyoldbloke
Posted 01 December 2005 - 03:00 AM

Crustyoldbloke

    Old Malware Surgeon with a shaky scalpel

  • Retired Staff
  • 15,131 posts
Congratulations! your new log is clean. :tazz: Just a little bit more to do to prevent further infection.

Reset and Re-enable your System Restore to remove bad files that have been backed up by Windows. The files in System Restore are protected to prevent any programmes changing them. This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected.)

To reset your restore points, please note that you will need to log into your computer with an account which has full administrator access. You will know if the account has administrator access because you will be able to see the System Restore tab. If the tab is missing, you are logged in under a limited account.

(Windows XP)
1. Turn off System Restore.On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.
2. Reboot.

3. Turn ON System Restore.On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK.
I recommend going to the following link and update as recommended by Microsoft. This adds more security and extra features including a pop-up blocker for Internet Explorer. Microsoft Update

Now that everything is fixed, I suggest that you consider getting these programmes to help keep the computer clean:

SPYWARE BLASTER - Blocks bad ActiveX items from installing on your computer.
AD-AWARE PERSONAL – A fine free malware detector and removal programme
SPYBOT S&D – Excellent free spyware detector and removal programme
GOOGLE TOOLBAR - Blocks many unwanted pop-ups in Internet Explorer.
FIREFOX - Safer alternative to the Internet Explorer web browser.
AVG ANTIVIRUS FREE EDITION - Free antivirus programme if you currently are not using one.
ZONEALARM - Free firewall programme if you currently are not using one (Windows XP has a built-in firewall).

Remember to update these frequently.

Please note that whilst there is nothing wrong in having more than one antispyware programmes for “on demand” scanning, having two or more antivirus systems is not recommended as they may well interfere with each other.

You may also want to read "How did I get infected in the first place" to learn how to better secure your computer.

Be sure to keep your Windows, antispyware and antivirus updated. :)

Thank you for your generosity and I wish you happy safe surfing!
  • 0

#6
Crustyoldbloke
Posted 11 December 2005 - 11:59 AM

Crustyoldbloke

    Old Malware Surgeon with a shaky scalpel

  • Retired Staff
  • 15,131 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :tazz:

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP