Welcome to Tech Support Forum home to more then 136,000 problems solved. Issues have included: Spyware, Malware, Virus Issues, Windows, Microsoft, Linux, Networking, Security, Hardware, and Gaming Getting your problem solved is as easy as:
1. Registering for a free account
2. Asking your question
3. Receiving an answer

Registered members:
* Get free support
* Communicate privately with other members (PM).
* Removal of this message
* See fewer ads.
* And much more..

 


Want to know how to post a question? click here Having problems with spyware and pop-ups? First Steps
Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads
Reload this Page 'blackworm'/popup troubles (am i good to go?)
User Name
Password
Site Map Register Donate Rules Blogs Mark Forums Read


Resolved HJT Threads Resolved spyware and popup issues.

 
 
LinkBack Thread Tools
Old 04-06-2006, 04:58 AM   #1 (permalink)
Registered User
 
Join Date: Apr 2006
Posts: 16
OS: xp


EEK! 'blackworm'/popup troubles (am i good to go?)
hello all,

had a lot of popups recently telling me i'm infected with the blackworm virus and telling me to download winantivirus pro (which of course i didn't) I've been running spybot/adaware/zonealarm/spysweeper as well as my antivirus software.

i ran a vundofix and haven't had any problems recently, but just wondered if someone could take a look at my HJT log and give me the all clear.

here's the vundofix log and HJT log.....

VundoFix V4.2.45

Checking Java version...

Java version is 1.4.2.5

Java version is 1.5.0.4

Scan started at 20:37:05 03/04/2006

Listing files found while scanning....

C:\WINDOWS\system32\ssttu.dll
C:\WINDOWS\system32\uttss.ini
C:\WINDOWS\system32\uttss.bak1
C:\WINDOWS\system32\uttss.bak2

C:\WINDOWS\system32\uttss.bak1
C:\WINDOWS\system32\uttss.bak2
C:\WINDOWS\system32\uttss.ini
C:\WINDOWS\system32\ssttu.dll
Attempting to delete C:\WINDOWS\system32\ssttu.dll
C:\WINDOWS\system32\ssttu.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\uttss.ini
C:\WINDOWS\system32\uttss.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\uttss.bak1
C:\WINDOWS\system32\uttss.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\uttss.bak2
C:\WINDOWS\system32\uttss.bak2 Has been deleted!

Performing Repairs to the registry.
Done!



so the HJT now reads....................

Logfile of HijackThis v1.99.1
Scan saved at 20:42:17, on 03/04/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\NVIDIA Corporation\NvMixer\NvMixerTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\Program Files\WinTV\Ir.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\PROGRA~1\Upsmon\Upsag_nt.exe
C:\Program Files\iPod\bin\iPodService.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\HiJack This\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: IGMONObj Class - {02464DDC-3187-11D8-8004-0020ED227566} - C:\Program Files\iGetter\Integration\IGMON.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [NvMixerTray] C:\Program Files\NVIDIA Corporation\NvMixer\NvMixerTray.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: AutoStart IR.lnk = C:\Program Files\WinTV\Ir.exe
O8 - Extra context menu item: Download all with iGetter - C:\Program Files\iGetter\Integration\igetall.html
O8 - Extra context menu item: Download with iGetter - C:\Program Files\iGetter\Integration\iget.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/sh...3/mcinsctl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/sh...20/mcgdmgr.cab
O17 - HKLM\System\CS2\Services\Tcpip\..\{04FC589F-E626-4F0B-B921-DCD5921EC655}: NameServer = 212.67.96.129 212.67.120.148
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: Upsagent - UPS Monitor (Upsagent) - Unknown owner - C:\PROGRA~1\Upsmon\Upsag_nt.exe

am i good to go now?
#coin-op# is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Important Information
Join the #1 Tech Support Forum Today - It's Totally Free!

TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free.

Join TechSupportforum.com Today - Click Here

Old 04-06-2006, 06:32 PM   #2 (permalink)
Manager, Security Center, TSF Academy; Analyst, Security Team
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 35,611
OS: 2000 Pro; XP Pro; XP Home


Looks like you got it, but there may be other files remaining. There's a bit more work to do:

We need to update your Java as it is out of date. The older version is most likely the cause of your infection, and it needs to be updated so that you do not contract this infection again.

Updating Java:
  • Go to Start > Control Panel double-click on the Software icon > add/remove programs.
  • Search in the list for all previous installed versions of Java. (J2SE Runtime Environment.... )

    It may have a coffee cup icon next to it.
    Select it and click Remove.
  • Then Download and install the newest version from here:
    http://www.java.com/en/download/manual.jsp

---------------------------------------------------

Perform an online scan with Internet Explorer with Panda ActiveScan

Click on the "Free To Use ActiveScan" located on the top right hand corner
  1. Click Check Now and a "pop up" window will appear. * Please ensure that your pop up blocker doesn't block it *
  2. Enter your e-mail address, country, and state & click Scan Now * The download of the 8 MB Panda's ActiveX control will take place *
Begin the scan by selecting My Computer
  • If it finds any malware, it will offer you a report.
  • Please ignore any entry it finds and the offer to buy the program to remove the entry, as we will address this later.
  • Click on See report then click Save report
*Turn off the real time scanner of any existing antivirus program while performing the online scan

---------------------------------------------------

It also appears that you may have McAfee installed alongside Avast. 2 AVs on one system can cause conflicts.
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of ASAP since 2005
Proud Member of UNITE since 2006

Microsoft MVP - Consumer Security 2009
Last edited by tetonbob; 04-06-2006 at 06:34 PM.
tetonbob is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 04-10-2006, 06:48 AM   #3 (permalink)
Registered User
 
Join Date: Apr 2006
Posts: 16
OS: xp


thanks for the help man. this thing was starting to get me down

followed your steps and updated the java and ran the online scan.

here are the results:

Incident Status Location

Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\ANT\Cookies\ant@ad.yieldmanager[1].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\ANT\Cookies\ant@realmedia[1].txt
Spyware:Cookie/Xmts Not disinfected C:\Documents and Settings\ANT\Cookies\ant@xmts[1].txt
Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\ANT\Application Data\Mozilla\Firefox\Profiles\1ghrhp4a.default\cookies.txt[.toplist.cz/]
Spyware:Cookie/WinFixer Not disinfected C:\Documents and Settings\ANT\Application Data\Mozilla\Firefox\Profiles\1ghrhp4a.default\cookies.txt[.winfixer.com/]
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\ANT\Application Data\Mozilla\Firefox\Profiles\1ghrhp4a.default\cookies.txt[.as-us.falkag.net/]
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\ANT\Application Data\Mozilla\Firefox\Profiles\1ghrhp4a.default\cookies.txt[.casalemedia.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\ANT\Application Data\Mozilla\Firefox\Profiles\1ghrhp4a.default\cookies.txt[.serving-sys.com/]
Spyware:Cookie/Bs.serving-sys Not disinfected C:\Documents and Settings\ANT\Application Data\Mozilla\Firefox\Profiles\1ghrhp4a.default\cookies.txt[.bs.serving-sys.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\ANT\Application Data\Mozilla\Firefox\Profiles\1ghrhp4a.default\cookies.txt[.realmedia.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\ANT\Application Data\Mozilla\Firefox\Profiles\1ghrhp4a.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\ANT\Application Data\Mozilla\Firefox\Profiles\1ghrhp4a.default\cookies.txt[.adrevolver.com/]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\ANT\Application Data\Mozilla\Firefox\Profiles\1ghrhp4a.default\cookies.txt[.com.com/]
Spyware:Cookie/bravenetA Not disinfected C:\Documents and Settings\ANT\Application Data\Mozilla\Firefox\Profiles\1ghrhp4a.default\cookies.txt[.bravenet.com/]
Spyware:Cookie/Xmts Not disinfected C:\Documents and Settings\ANT\Application Data\Mozilla\Firefox\Profiles\1ghrhp4a.default\cookies.txt[.xmts.net/]
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\ANT\Application Data\Mozilla\Firefox\Profiles\1ghrhp4a.default\cookies.txt[.apmebf.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\ANT\Application Data\Mozilla\Firefox\Profiles\1ghrhp4a.default\cookies.txt[.112.2o7.net/]
Spyware:Cookie/24/7 Realmedia Not disinfected C:\Documents and Settings\ANT\Application Data\Mozilla\Firefox\Profiles\1ghrhp4a.default\cookies.txt[.247realmedia.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\ANT\Application Data\Mozilla\Firefox\Profiles\1ghrhp4a.default\cookies.txt[.2o7.net/]
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\ANT\Application Data\Mozilla\Firefox\Profiles\1ghrhp4a.default\cookies.txt[.ads.pointroll.com/]
Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\ANT\Application Data\Mozilla\Firefox\Profiles\1ghrhp4a.default\cookies.txt[.adtech.de/]
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\ANT\Application Data\Mozilla\Firefox\Profiles\1ghrhp4a.default\cookies.txt[.as-eu.falkag.net/]
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\ANT\Application Data\Mozilla\Firefox\Profiles\1ghrhp4a.default\cookies.txt[.atwola.com/]
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\ANT\Application Data\Mozilla\Firefox\Profiles\1ghrhp4a.default\cookies.txt[.belnk.com/]
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\ANT\Application Data\Mozilla\Firefox\Profiles\1ghrhp4a.default\cookies.txt[.burstnet.com/]
Spyware:Cookie/Cd Freaks Not disinfected C:\Documents and Settings\ANT\Application Data\Mozilla\Firefox\Profiles\1ghrhp4a.default\cookies.txt[.cdfreaks.com/]
Spyware:Cookie/Clickbank Not disinfected C:\Documents and Settings\ANT\Application Data\Mozilla\Firefox\Profiles\1ghrhp4a.default\cookies.txt[.clickbank.net/]
Spyware:Cookie/Cd Freaks Not disinfected C:\Documents and Settings\ANT\Application Data\Mozilla\Firefox\Profiles\1ghrhp4a.default\cookies.txt[.club.cdfreaks.com/]
Spyware:Cookie/FortuneCity Not disinfected C:\Documents and Settings\ANT\Application Data\Mozilla\Firefox\Profiles\1ghrhp4a.default\cookies.txt[.fortunecity.com/]
Spyware:Cookie/HotLog Not disinfected C:\Documents and Settings\ANT\Application Data\Mozilla\Firefox\Profiles\1ghrhp4a.default\cookies.txt[.hotlog.ru/]
Spyware:Cookie/MediaTickets Not disinfected C:\Documents and Settings\ANT\Application Data\Mozilla\Firefox\Profiles\1ghrhp4a.default\cookies.txt[.kinghost.com/]
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\ANT\Application Data\Mozilla\Firefox\Profiles\1ghrhp4a.default\cookies.txt[.maxserving.com/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\ANT\Application Data\Mozilla\Firefox\Profiles\1ghrhp4a.default\cookies.txt[.overture.com/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\ANT\Application Data\Mozilla\Firefox\Profiles\1ghrhp4a.default\cookies.txt[.perf.overture.com/]
Spyware:Cookie/QkSrv Not disinfected C:\Documents and Settings\ANT\Application Data\Mozilla\Firefox\Profiles\1ghrhp4a.default\cookies.txt[.qksrv.net/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\ANT\Application Data\Mozilla\Firefox\Profiles\1ghrhp4a.default\cookies.txt[.questionmarket.com/]
Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\ANT\Application Data\Mozilla\Firefox\Profiles\1ghrhp4a.default\cookies.txt[.revenue.net/]
Spyware:Cookie/SpyLog Not disinfected C:\Documents and Settings\ANT\Application Data\Mozilla\Firefox\Profiles\1ghrhp4a.default\cookies.txt[.spylog.com/]
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\ANT\Application Data\Mozilla\Firefox\Profiles\1ghrhp4a.default\cookies.txt[.statcounter.com/]
Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and Settings\ANT\Application Data\Mozilla\Firefox\Profiles\1ghrhp4a.default\cookies.txt[.tradedoubler.com/]
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\ANT\Application Data\Mozilla\Firefox\Profiles\1ghrhp4a.default\cookies.txt[.trafficmp.com/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\ANT\Application Data\Mozilla\Firefox\Profiles\1ghrhp4a.default\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/Tucows Not disinfected C:\Documents and Settings\ANT\Application Data\Mozilla\Firefox\Profiles\1ghrhp4a.default\cookies.txt[.tucows.com/]
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\ANT\Application Data\Mozilla\Firefox\Profiles\1ghrhp4a.default\cookies.txt[.xiti.com/]
Spyware:Cookie/Yadro Not disinfected C:\Documents and Settings\ANT\Application Data\Mozilla\Firefox\Profiles\1ghrhp4a.default\cookies.txt[.yadro.ru/]
Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\ANT\Application Data\Mozilla\Firefox\Profiles\1ghrhp4a.default\cookies.txt[.z1.adserver.com/]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\ANT\Application Data\Mozilla\Firefox\Profiles\1ghrhp4a.default\cookies.txt[.zedo.com/]
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\ANT\Application Data\Mozilla\Firefox\Profiles\1ghrhp4a.default\cookies.txt[as1.falkag.de/]
Spyware:Cookie/DomainSponsor Not disinfected C:\Documents and Settings\ANT\Application Data\Mozilla\Firefox\Profiles\1ghrhp4a.default\cookies.txt[landing.domainsponsor.com/]
Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\ANT\Application Data\Mozilla\Firefox\Profiles\1ghrhp4a.default\cookies.txt[searchportal.information.com/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\ANT\Application Data\Mozilla\Firefox\Profiles\1ghrhp4a.default\cookies.txt[server.iad.liveperson.net/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\ANT\Application Data\Mozilla\Firefox\Profiles\1ghrhp4a.default\cookies.txt[server.iad.liveperson.net/hc/73465159]
Spyware:Cookie/onestat.com Not disinfected C:\Documents and Settings\ANT\Application Data\Mozilla\Firefox\Profiles\1ghrhp4a.default\cookies.txt[stat.onestat.com/]
Spyware:Cookie/Reliablestats Not disinfected C:\Documents and Settings\ANT\Application Data\Mozilla\Firefox\Profiles\1ghrhp4a.default\cookies.txt[stats1.reliablestats.com/]
Spyware:Cookie/Seeq Not disinfected C:\Documents and Settings\ANT\Application Data\Mozilla\Firefox\Profiles\1ghrhp4a.default\cookies.txt[www48.seeq.com/]
Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\ANT\Application Data\Mozilla\Firefox\Profiles\1ghrhp4a.default\cookies.txt[]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\ANT\Application Data\Mozilla\Firefox\Profiles\1ghrhp4a.default\cookies.txt[73465159]
Spyware:Cookie/onestat.com Not disinfected C:\Documents and Settings\ANT\Application Data\Mozilla\Firefox\Profiles\1ghrhp4a.default\cookies.txt[]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\ANT\Cookies\ant@ad.yieldmanager[1].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\ANT\Cookies\ant@realmedia[1].txt
Spyware:Cookie/Xmts Not disinfected C:\Documents and Settings\ANT\Cookies\ant@xmts[1].txt
Virus:Trj/ShellHook.R Disinfected C:\WINDOWS\system32\vturp.dll


i think most of those i usually get rid of with ad aware and spybot. but since i got htis new thing, i've ben reluctant to do anything without proper advice for fear of making things worse

as for mcAfee and avast: i used to run mcAfee before i changed to avast. think something went wrong with the uninstall because i've noticed a few references to it on my pc before. ran a clean up tool to get rid of the remaining files which i got from the mcAfee site a while ago which got rid of the pesky 'NT On Access scanner' which kept freezing up my system but obviously all trace of the program hasnt been removed still.

next step?
#coin-op# is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 04-10-2006, 08:44 AM   #4 (permalink)
Manager, Security Center, TSF Academy; Analyst, Security Team
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 35,611
OS: 2000 Pro; XP Pro; XP Home


Download Ewido Security Suite
  • Install Ewido Security Suite
  • When installing, under "Additional Options" uncheck..
    • Install background guard
    • Install scan via context menu
  • Double-click the icon on Desktop to launch Ewido
You will need to update Ewido to the latest definition files.
  • On the left hand side of the main screen click update.
  • Then click on Start Update.
The update will start and a progress bar will show the updates being installed.
If you are having problems with the updater, you can use this link to manually update Ewido
When you have finished updating, EXIT Ewido.

---------------------------------------------------------------------------------------------

Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 only
  • Double-click ATF-Cleaner.exe to run the program.
    Under Main choose: Select All
    Click the Empty Selected button.
If you use Firefox browser
  • Click Firefox at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser
  • Click Opera at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

---------------------------------------------------------------------------------------------
  • Double click on HijackThis.exe to run it.
  • Click on Open the Misc Tools section
  • click the button labelled "Delete A File on Reboot..."
  • In the dialogue that shows up, enter the path (type, or copy and paste) of the file in "file name:" field C:\WINDOWS\system32\vturp.dll
  • When you have selected the file, Click the "Open" Button
  • Click yes at the next prompt and your system will reboot.

---------------------------------------------------------------------------------------------

Restart your computer and boot into Safe Mode by hitting the F8 key repeatedly until a menu shows up (and choose Safe Mode from the list). In some systems, this may be the F5 key, so try that if F8 doesn't work. Login on your usual account. Make sure to close any open browsers.

---------------------------------------------------------------------------------------------

Run Ewido with it's updated definitions:(...it's important that all windows must be closed)
  • Click Scanner
  • Click Complete System Scan to begin scanning.
  • Click OK when prompted to clean files
With the first file it prompts to clean, select the option:
  • "Perform action on all infections"
  • Choose clean and click OK.
Once finished, click the Save report button & save the report to your desktop

** Ewido scan would require at least an hour.

---------------------------------------------------------------------------------------------

Restart in normal mode.

---------------------------------------------------------------------------------------------

Run this online scan:

Establish an internet connection & perform an online scan with Internet Explorer at Kaspersky Online Scanner

Answer Yes, when prompted to install an ActiveX component.
  • The program will then begin downloading the latest definition files.
  • Once the files have been downloaded click on NEXT
  • Locate the Scan Settings button & configure to:
    • Scan using the following Anti-Virus database:
      • Extended
    • Scan Options:
      • Scan Archives
      • Scan Mail Bases
  • Click OK & have it scan My Computer
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  • Click the Save as Text button to save the file to your desktop so that you may post it in your next reply
* Turn off the real time scanner of any existing antivirus program while performing the online scan

---------------------------------------------------

Run a new HijackThis scan. Save the log file and post it here, along with the results from Kaspersky and Ewido.

---------------------------------------------------------------------------------------------
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of ASAP since 2005
Proud Member of UNITE since 2006

Microsoft MVP - Consumer Security 2009
tetonbob is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 04-10-2006, 02:30 PM   #5 (permalink)
Registered User
 
Join Date: Apr 2006
Posts: 16
OS: xp


ok, done all those things. the kaspersky scan came back as clean and so offered no log file, but here are the other two:

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 17:37:51, 10/04/2006
+ Report-Checksum: 22049CED

+ Scan result:

:mozilla.30:C:\Documents and Settings\ANT\Application Data\Mozilla\Firefox\Profiles\1ghrhp4a.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup
:mozilla.31:C:\Documents and Settings\ANT\Application Data\Mozilla\Firefox\Profiles\1ghrhp4a.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup
:mozilla.32:C:\Documents and Settings\ANT\Application Data\Mozilla\Firefox\Profiles\1ghrhp4a.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup
:mozilla.33:C:\Documents and Settings\ANT\Application Data\Mozilla\Firefox\Profiles\1ghrhp4a.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup
:mozilla.34:C:\Documents and Settings\ANT\Application Data\Mozilla\Firefox\Profiles\1ghrhp4a.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup
:mozilla.35:C:\Documents and Settings\ANT\Application Data\Mozilla\Firefox\Profiles\1ghrhp4a.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.36:C:\Documents and Settings\ANT\Application Data\Mozilla\Firefox\Profiles\1ghrhp4a.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.37:C:\Documents and Settings\ANT\Application Data\Mozilla\Firefox\Profiles\1ghrhp4a.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.38:C:\Documents and Settings\ANT\Application Data\Mozilla\Firefox\Profiles\1ghrhp4a.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.39:C:\Documents and Settings\ANT\Application Data\Mozilla\Firefox\Profiles\1ghrhp4a.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.40:C:\Documents and Settings\ANT\Application Data\Mozilla\Firefox\Profiles\1ghrhp4a.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.85:C:\Documents and Settings\ANT\Application Data\Mozilla\Firefox\Profiles\1ghrhp4a.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.86:C:\Documents and Settings\ANT\Application Data\Mozilla\Firefox\Profiles\1ghrhp4a.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.87:C:\Documents and Settings\ANT\Application Data\Mozilla\Firefox\Profiles\1ghrhp4a.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.88:C:\Documents and Settings\ANT\Application Data\Mozilla\Firefox\Profiles\1ghrhp4a.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.89:C:\Documents and Settings\ANT\Application Data\Mozilla\Firefox\Profiles\1ghrhp4a.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.104:C:\Documents and Settings\ANT\Application Data\Mozilla\Firefox\Profiles\1ghrhp4a.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.105:C:\Documents and Settings\ANT\Application Data\Mozilla\Firefox\Profiles\1ghrhp4a.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.106:C:\Documents and Settings\ANT\Application Data\Mozilla\Firefox\Profiles\1ghrhp4a.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.107:C:\Documents and Settings\ANT\Application Data\Mozilla\Firefox\Profiles\1ghrhp4a.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.108:C:\Documents and Settings\ANT\Application Data\Mozilla\Firefox\Profiles\1ghrhp4a.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.117:C:\Documents and Settings\ANT\Application Data\Mozilla\Firefox\Profiles\1ghrhp4a.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.118:C:\Documents and Settings\ANT\Application Data\Mozilla\Firefox\Profiles\1ghrhp4a.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.119:C:\Documents and Settings\ANT\Application Data\Mozilla\Firefox\Profiles\1ghrhp4a.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.120:C:\Documents and Settings\ANT\Application Data\Mozilla\Firefox\Profiles\1ghrhp4a.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.121:C:\Documents and Settings\ANT\Application Data\Mozilla\Firefox\Profiles\1ghrhp4a.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.122:C:\Documents and Settings\ANT\Application Data\Mozilla\Firefox\Profiles\1ghrhp4a.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.129:C:\Documents and Settings\ANT\Application Data\Mozilla\Firefox\Profiles\1ghrhp4a.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.130:C:\Documents and Settings\ANT\Application Data\Mozilla\Firefox\Profiles\1ghrhp4a.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.131:C:\Documents and Settings\ANT\Application Data\Mozilla\Firefox\Profiles\1ghrhp4a.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.132:C:\Documents and Settings\ANT\Application Data\Mozilla\Firefox\Profiles\1ghrhp4a.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.135:C:\Documents and Settings\ANT\Application Data\Mozilla\Firefox\Profiles\1ghrhp4a.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.136:C:\Documents and Settings\ANT\Application Data\Mozilla\Firefox\Profiles\1ghrhp4a.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.137:C:\Documents and Settings\ANT\Application Data\Mozilla\Firefox\Profiles\1ghrhp4a.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.138:C:\Documents and Settings\ANT\Application Data\Mozilla\Firefox\Profiles\1ghrhp4a.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.139:C:\Documents and Settings\ANT\Application Data\Mozilla\Firefox\Profiles\1ghrhp4a.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.140:C:\Documents and Settings\ANT\Application Data\Mozilla\Firefox\Profiles\1ghrhp4a.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.147:C:\Documents and Settings\ANT\Application Data\Mozilla\Firefox\Profiles\1ghrhp4a.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup
:mozilla.148:C:\Documents and Settings\ANT\Application Data\Mozilla\Firefox\Profiles\1ghrhp4a.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup
:mozilla.182:C:\Documents and Settings\ANT\Application Data\Mozilla\Firefox\Profiles\1ghrhp4a.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.183:C:\Documents and Settings\ANT\Application Data\Mozilla\Firefox\Profiles\1ghrhp4a.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.184:C:\Documents and Settings\ANT\Application Data\Mozilla\Firefox\Profiles\1ghrhp4a.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.185:C:\Documents and Settings\ANT\Application Data\Mozilla\Firefox\Profiles\1ghrhp4a.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.186:C:\Documents and Settings\ANT\Application Data\Mozilla\Firefox\Profiles\1ghrhp4a.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned with backup
:mozilla.187:C:\Documents and Settings\ANT\Application Data\Mozilla\Firefox\Profiles\1ghrhp4a.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned with backup
:mozilla.188:C:\Documents and Settings\ANT\Application Data\Mozilla\Firefox\Profiles\1ghrhp4a.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.189:C:\Documents and Settings\ANT\Application Data\Mozilla\Firefox\Profiles\1ghrhp4a.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.190:C:\Documents and Settings\ANT\Application Data\Mozilla\Firefox\Profiles\1ghrhp4a.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.191:C:\Documents and Settings\ANT\Application Data\Mozilla\Firefox\Profiles\1ghrhp4a.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.192:C:\Documents and Settings\ANT\Application Data\Mozilla\Firefox\Profiles\1ghrhp4a.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.193:C:\Documents and Settings\ANT\Application Data\Mozilla\Firefox\Profiles\1ghrhp4a.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.194:C:\Documents and Settings\ANT\Application Data\Mozilla\Firefox\Profiles\1ghrhp4a.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.195:C:\Documents and Settings\ANT\Application Data\Mozilla\Firefox\Profiles\1ghrhp4a.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.196:C:\Documents and Settings\ANT\Application Data\Mozilla\Firefox\Profiles\1ghrhp4a.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.197:C:\Documents and Settings\ANT\Application Data\Mozilla\Firefox\Profiles\1ghrhp4a.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.198:C:\Documents and Settings\ANT\Application Data\Mozilla\Firefox\Profiles\1ghrhp4a.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.199:C:\Documents and Settings\ANT\Application Data\Mozilla\Firefox\Profiles\1ghrhp4a.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.200:C:\Documents and Settings\ANT\Application Data\Mozilla\Firefox\Profiles\1ghrhp4a.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.201:C:\Documents and Settings\ANT\Application Data\Mozilla\Firefox\Profiles\1ghrhp4a.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.202:C:\Documents and Settings\ANT\Application Data\Mozilla\Firefox\Profiles\1ghrhp4a.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.203:C:\Documents and Settings\ANT\Application Data\Mozilla\Firefox\Profiles\1ghrhp4a.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.204:C:\Documents and Settings\ANT\Application Data\Mozilla\Firefox\Profiles\1ghrhp4a.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.205:C:\Documents and Settings\ANT\Application Data\Mozilla\Firefox\Profiles\1ghrhp4a.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.206:C:\Documents and Settings\ANT\Application Data\Mozilla\Firefox\Profiles\1ghrhp4a.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.207:C:\Documents and Settings\ANT\Application Data\Mozilla\Firefox\Profiles\1ghrhp4a.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.208:C:\Documents and Settings\ANT\Application Data\Mozilla\Firefox\Profiles\1ghrhp4a.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.209:C:\Documents and Settings\ANT\Application Data\Mozilla\Firefox\Profiles\1ghrhp4a.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.210:C:\Documents and Settings\ANT\Application Data\Mozilla\Firefox\Profiles\1ghrhp4a.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.211:C:\Documents and Settings\ANT\Application Data\Mozilla\Firefox\Profiles\1ghrhp4a.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.212:C:\Documents and Settings\ANT\Application Data\Mozilla\Firefox\Profiles\1ghrhp4a.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.213:C:\Documents and Settings\ANT\Application Data\Mozilla\Firefox\Profiles\1ghrhp4a.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.229:C:\Documents and Settings\ANT\Application Data\Mozilla\Firefox\Profiles\1ghrhp4a.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup
:mozilla.235:C:\Documents and Settings\ANT\Application Data\Mozilla\Firefox\Profiles\1ghrhp4a.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.236:C:\Documents and Settings\ANT\Application Data\Mozilla\Firefox\Profiles\1ghrhp4a.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.237:C:\Documents and Settings\ANT\Application Data\Mozilla\Firefox\Profiles\1ghrhp4a.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.238:C:\Documents and Settings\ANT\Application Data\Mozilla\Firefox\Profiles\1ghrhp4a.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.239:C:\Documents and Settings\ANT\Application Data\Mozilla\Firefox\Profiles\1ghrhp4a.default\cookies.txt -> TrackingCookie.Adtech : Cleaned with backup
:mozilla.240:C:\Documents and Settings\ANT\Application Data\Mozilla\Firefox\Profiles\1ghrhp4a.default\cookies.txt -> TrackingCookie.Adtech : Cleaned with backup
:mozilla.258:C:\Documents and Settings\ANT\Application Data\Mozilla\Firefox\Profiles\1ghrhp4a.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.285:C:\Documents and Settings\ANT\Application Data\Mozilla\Firefox\Profiles\1ghrhp4a.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup
:mozilla.300:C:\Documents and Settings\ANT\Application Data\Mozilla\Firefox\Profiles\1ghrhp4a.default\cookies.txt -> TrackingCookie.Clickbank : Cleaned with backup
:mozilla.305:C:\Documents and Settings\ANT\Application Data\Mozilla\Firefox\Profiles\1ghrhp4a.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.326:C:\Documents and Settings\ANT\Application Data\Mozilla\Firefox\Profiles\1ghrhp4a.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.327:C:\Documents and Settings\ANT\Application Data\Mozilla\Firefox\Profiles\1ghrhp4a.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.328:C:\Documents and Settings\ANT\Application Data\Mozilla\Firefox\Profiles\1ghrhp4a.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.329:C:\Documents and Settings\ANT\Application Data\Mozilla\Firefox\Profiles\1ghrhp4a.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.330:C:\Documents and Settings\ANT\Application Data\Mozilla\Firefox\Profiles\1ghrhp4a.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.331:C:\Documents and Settings\ANT\Application Data\Mozilla\Firefox\Profiles\1ghrhp4a.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.332:C:\Documents and Settings\ANT\Application Data\Mozilla\Firefox\Profiles\1ghrhp4a.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.333:C:\Documents and Settings\ANT\Application Data\Mozilla\Firefox\Profiles\1ghrhp4a.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.334:C:\Documents and Settings\ANT\Application Data\Mozilla\Firefox\Profiles\1ghrhp4a.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.382:C:\Documents and Settings\ANT\Application Data\Mozilla\Firefox\Profiles\1ghrhp4a.default\cookies.txt -> TrackingCookie.Hotlog : Cleaned with backup
:mozilla.449:C:\Documents and Settings\ANT\Application Data\Mozilla\Firefox\Profiles\1ghrhp4a.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.450:C:\Documents and Settings\ANT\Application Data\Mozilla\Firefox\Profiles\1ghrhp4a.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.513:C:\Documents and Settings\ANT\Application Data\Mozilla\Firefox\Profiles\1ghrhp4a.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup
:mozilla.514:C:\Documents and Settings\ANT\Application Data\Mozilla\Firefox\Profiles\1ghrhp4a.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup
:mozilla.516:C:\Documents and Settings\ANT\Application Data\Mozilla\Firefox\Profiles\1ghrhp4a.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.519:C:\Documents and Settings\ANT\Application Data\Mozilla\Firefox\Profiles\1ghrhp4a.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup
:mozilla.529:C:\Documents and Settings\ANT\Application Data\Mozilla\Firefox\Profiles\1ghrhp4a.default\cookies.txt -> TrackingCookie.Qksrv : Cleaned with backup
:mozilla.530:C:\Documents and Settings\ANT\Application Data\Mozilla\Firefox\Profiles\1ghrhp4a.default\cookies.txt -> TrackingCookie.Qksrv : Cleaned with backup
:mozilla.531:C:\Documents and Settings\ANT\Application Data\Mozilla\Firefox\Profiles\1ghrhp4a.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.535:C:\Documents and Settings\ANT\Application Data\Mozilla\Firefox\Profiles\1ghrhp4a.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup
:mozilla.536:C:\Documents and Settings\ANT\Application Data\Mozilla\Firefox\Profiles\1ghrhp4a.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup
:mozilla.537:C:\Documents and Settings\ANT\Application Data\Mozilla\Firefox\Profiles\1ghrhp4a.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup
:mozilla.538:C:\Documents and Settings\ANT\Application Data\Mozilla\Firefox\Profiles\1ghrhp4a.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup
:mozilla.542:C:\Documents and Settings\ANT\Application Data\Mozilla\Firefox\Profiles\1ghrhp4a.default\cookies.txt -> TrackingCookie.Revenue : Cleaned with backup
:mozilla.598:C:\Documents and Settings\ANT\Application Data\Mozilla\Firefox\Profiles\1ghrhp4a.default\cookies.txt -> TrackingCookie.Spylog : Cleaned with backup
:mozilla.601:C:\Documents and Settings\ANT\Application Data\Mozilla\Firefox\Profiles\1ghrhp4a.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.602:C:\Documents and Settings\ANT\Application Data\Mozilla\Firefox\Profiles\1ghrhp4a.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.603:C:\Documents and Settings\ANT\Application Data\Mozilla\Firefox\Profiles\1ghrhp4a.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.604:C:\Documents and Settings\ANT\Application Data\Mozilla\Firefox\Profiles\1ghrhp4a.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.605:C:\Documents and Settings\ANT\Application Data\Mozilla\Firefox\Profiles\1ghrhp4a.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.606:C:\Documents and Settings\ANT\Application Data\Mozilla\Firefox\Profiles\1ghrhp4a.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.607:C:\Documents and Settings\ANT\Application Data\Mozilla\Firefox\Profiles\1ghrhp4a.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.608:C:\Documents and Settings\ANT\Application Data\Mozilla\Firefox\Profiles\1ghrhp4a.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.609:C:\Documents and Settings\ANT\Application Data\Mozilla\Firefox\Profiles\1ghrhp4a.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.610:C:\Documents and Settings\ANT\Application Data\Mozilla\Firefox\Profiles\1ghrhp4a.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.611:C:\Documents and Settings\ANT\Application Data\Mozilla\Firefox\Profiles\1ghrhp4a.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.612:C:\Documents and Settings\ANT\Application Data\Mozilla\Firefox\Profiles\1ghrhp4a.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.613:C:\Documents and Settings\ANT\Application Data\Mozilla\Firefox\Profiles\1ghrhp4a.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.614:C:\Documents and Settings\ANT\Application Data\Mozilla\Firefox\Profiles\1ghrhp4a.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.615:C:\Documents and Settings\ANT\Application Data\Mozilla\Firefox\Profiles\1ghrhp4a.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.616:C:\Documents and Settings\ANT\Application Data\Mozilla\Firefox\Profiles\1ghrhp4a.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.617:C:\Documents and Settings\ANT\Application Data\Mozilla\Firefox\Profiles\1ghrhp4a.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.618:C:\Documents and Settings\ANT\Application Data\Mozilla\Firefox\Profiles\1ghrhp4a.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.619:C:\Documents and Settings\ANT\Application Data\Mozilla\Firefox\Profiles\1ghrhp4a.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup
:mozilla.622:C:\Documents and Settings\ANT\Application Data\Mozilla\Firefox\Profiles\1ghrhp4a.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.623:C:\Documents and Settings\ANT\Application Data\Mozilla\Firefox\Profiles\1ghrhp4a.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.649:C:\Documents and Settings\ANT\Application Data\Mozilla\Firefox\Profiles\1ghrhp4a.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned with backup
:mozilla.650:C:\Documents and Settings\ANT\Application Data\Mozilla\Firefox\Profiles\1ghrhp4a.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned with backup
:mozilla.651:C:\Documents and Settings\ANT\Application Data\Mozilla\Firefox\Profiles\1ghrhp4a.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned with backup
:mozilla.652:C:\Documents and Settings\ANT\Application Data\Mozilla\Firefox\Profiles\1ghrhp4a.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned with backup
:mozilla.653:C:\Documents and Settings\ANT\Application Data\Mozilla\Firefox\Profiles\1ghrhp4a.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned with backup
:mozilla.654:C:\Documents and Settings\ANT\Application Data\Mozilla\Firefox\Profiles\1ghrhp4a.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.655:C:\Documents and Settings\ANT\Application Data\Mozilla\Firefox\Profiles\1ghrhp4a.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.656:C:\Documents and Settings\ANT\Application Data\Mozilla\Firefox\Profiles\1ghrhp4a.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.657:C:\Documents and Settings\ANT\Application Data\Mozilla\Firefox\Profiles\1ghrhp4a.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.658:C:\Documents and Settings\ANT\Application Data\Mozilla\Firefox\Profiles\1ghrhp4a.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.659:C:\Documents and Settings\ANT\Application Data\Mozilla\Firefox\Profiles\1ghrhp4a.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.660:C:\Documents and Settings\ANT\Application Data\Mozilla\Firefox\Profiles\1ghrhp4a.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.661:C:\Documents and Settings\ANT\Application Data\Mozilla\Firefox\Profiles\1ghrhp4a.default\cookies.txt -> TrackingCookie.Trafic : Cleaned with backup
:mozilla.663:C:\Documents and Settings\ANT\Application Data\Mozilla\Firefox\Profiles\1ghrhp4a.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.690:C:\Documents and Settings\ANT\Application Data\Mozilla\Firefox\Profiles\1ghrhp4a.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned with backup
:mozilla.691:C:\Documents and Settings\ANT\Application Data\Mozilla\Firefox\Profiles\1ghrhp4a.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned with backup
:mozilla.692:C:\Documents and Settings\ANT\Application Data\Mozilla\Firefox\Profiles\1ghrhp4a.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned with backup
:mozilla.693:C:\Documents and Settings\ANT\Application Data\Mozilla\Firefox\Profiles\1ghrhp4a.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned with backup
:mozilla.707:C:\Documents and Settings\ANT\Application Data\Mozilla\Firefox\Profiles\1ghrhp4a.default\cookies.txt -> TrackingCookie.Yadro : Cleaned with backup
:mozilla.716:C:\Documents and Settings\ANT\Application Data\Mozilla\Firefox\Profiles\1ghrhp4a.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.717:C:\Documents and Settings\ANT\Application Data\Mozilla\Firefox\Profiles\1ghrhp4a.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.734:C:\Documents and Settings\ANT\Application Data\Mozilla\Firefox\Profiles\1ghrhp4a.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.735:C:\Documents and Settings\ANT\Application Data\Mozilla\Firefox\Profiles\1ghrhp4a.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.736:C:\Documents and Settings\ANT\Application Data\Mozilla\Firefox\Profiles\1ghrhp4a.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.737:C:\Documents and Settings\ANT\Application Data\Mozilla\Firefox\Profiles\1ghrhp4a.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.788:C:\Documents and Settings\ANT\Application Data\Mozilla\Firefox\Profiles\1ghrhp4a.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned with backup
:mozilla.793:C:\Documents and Settings\ANT\Application Data\Mozilla\Firefox\Profiles\1ghrhp4a.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.794:C:\Documents and Settings\ANT\Application Data\Mozilla\Firefox\Profiles\1ghrhp4a.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.795:C:\Documents and Settings\ANT\Application Data\Mozilla\Firefox\Profiles\1ghrhp4a.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned with backup
:mozilla.796:C:\Documents and Settings\ANT\Application Data\Mozilla\Firefox\Profiles\1ghrhp4a.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned with backup
:mozilla.798:C:\Documents and Settings\ANT\Application Data\Mozilla\Firefox\Profiles\1ghrhp4a.default\cookies.txt -> TrackingCookie.Onestat : Cleaned with backup
:mozilla.799:C:\Documents and Settings\ANT\Application Data\Mozilla\Firefox\Profiles\1ghrhp4a.default\cookies.txt -> TrackingCookie.Onestat : Cleaned with backup
:mozilla.800:C:\Documents and Settings\ANT\Application Data\Mozilla\Firefox\Profiles\1ghrhp4a.default\cookies.txt -> TrackingCookie.Onestat : Cleaned with backup
:mozilla.801:C:\Documents and Settings\ANT\Application Data\Mozilla\Firefox\Profiles\1ghrhp4a.default\cookies.txt -> TrackingCookie.Onestat : Cleaned with backup
:mozilla.803:C:\Documents and Settings\ANT\Application Data\Mozilla\Firefox\Profiles\1ghrhp4a.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
:mozilla.804:C:\Documents and Settings\ANT\Application Data\Mozilla\Firefox\Profiles\1ghrhp4a.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
:mozilla.805:C:\Documents and Settings\ANT\Application Data\Mozilla\Firefox\Profiles\1ghrhp4a.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
:mozilla.806:C:\Documents and Settings\ANT\Application Data\Mozilla\Firefox\Profiles\1ghrhp4a.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
:mozilla.807:C:\Documents and Settings\ANT\Application Data\Mozilla\Firefox\Profiles\1ghrhp4a.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
:mozilla.864:C:\Documents and Settings\ANT\Application Data\Mozilla\Firefox\Profiles\1ghrhp4a.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.865:C:\Documents and Settings\ANT\Application Data\Mozilla\Firefox\Profiles\1ghrhp4a.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.866:C:\Documents and Settings\ANT\Application Data\Mozilla\Firefox\Profiles\1ghrhp4a.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.867:C:\Documents and Settings\ANT\Application Data\Mozilla\Firefox\Profiles\1ghrhp4a.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup


::Report End



and the new HJT log:



Logfile of HijackThis v1.99.1
Scan saved at 21:29:54, on 10/04/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\PROGRA~1\Upsmon\Upsag_nt.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\NVIDIA Corporation\NvMixer\NvMixerTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\HiJack This\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: IGMONObj Class - {02464DDC-3187-11D8-8004-0020ED227566} - C:\Program Files\iGetter\Integration\IGMON.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - (no file)
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [NvMixerTray] C:\Program Files\NVIDIA Corporation\NvMixer\NvMixerTray.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: AutoStart IR.lnk = C:\Program Files\WinTV\Ir.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\1.1.454.29157\GoogleUpdater.exe
O8 - Extra context menu item: Convert To Image - C:\Program Files\HTML To Image Wizard Trial\html2image.htm
O8 - Extra context menu item: Download all with iGetter - C:\Program Files\iGetter\Integration\igetall.html
O8 - Extra context menu item: Download with iGetter - C:\Program Files\iGetter\Integration\iget.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english...an_unicode.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/sh...3/mcinsctl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/sh...20/mcgdmgr.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{04FC589F-E626-4F0B-B921-DCD5921EC655}: NameServer = 212.67.96.129 212.67.120.148
O17 - HKLM\System\CS1\Services\Tcpip\..\{04FC589F-E626-4F0B-B921-DCD5921EC655}: NameServer = 212.67.96.129 212.67.120.148
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe (file missing)
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe (file missing)
O23 - Service: Upsagent - UPS Monitor (Upsagent) - Unknown owner - C:\PROGRA~1\Upsmon\Upsag_nt.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

thanks again for your help, it's much appreciated.
#coin-op# is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 04-10-2006, 06:35 PM   #6 (permalink)
Manager, Security Center, TSF Academy; Analyst, Security Team
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 35,611
OS: 2000 Pro; XP Pro; XP Home


Well done. Your logs are clean. Any more issues? If not you should be good to go. We still have a few items to address.


Reset hidden/system files and folders
  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View tab.
  • Deselect the Show hidden files and folders option.
  • Select the Hide file extensions for known types option.
  • Select the Hide protected operating system files option.
  • Click Yes to confirm.
  • Click OK.

Create a new System Restore point
  • click Start >> Run - type SYSDM.CPL & press Enter
  • select the System Restore Tab
  • tick on the checkbox - "Turn off System Restore on all drives"
  • click Apply
  • then untick the same checkbox & click OK

Please ensure that you have already patched your system against the recent WMF exploit.
Go to this page to get the KB912919 patch.

Enable Windows Auto Update
  • Go to Start>Run - type wuaucpl.cpl
  • tick on the checkbox - "Keep my computer up to date"
  • Under settings, choose "Automatically download the updates, and install them on the schedule that I specify".
  • Click on "OK".

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programs:
  • SpywareBlaster to help prevent spyware from installing in the first place.
    • Install & update SpywareBlaster with the latest definitions.
      After you have updated, click the button - enable protection for all unprotected items
  • SpywareGuard to catch and block spyware before it can execute.
  • SPYBOT - SEARCH & DESTROY
    Download and install Spybot - Search & Destroy with its TeaTimer option. This will provide realtime spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with the program on a regular basis just as you would an antivirus software. A tutorial on installing & using this product can be found here
  • AD-AWARE
    Download and install Ad-Aware. You should use this program to scan your computer on a regular basis just as you would an antivirus software in conjunction with Spybot. A tutorial on installing & using this product can be found here
  • IE-SPYAD
    IE/Spyad places more than 4000 dubious websites and domains in the IE Restricted list. This severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites.
    • Download IE-SpyAD - Extract the contents to a new folder
      From within the folder, double-click install.bat
      Select Option #2 - Install the new IE-SPYAD list.
      Then return to the main menu.
      Select option #4 - Add the old porn sites domain


  • MVPS HOST FILE
    The MVPS Hosts file replaces your current HOSTS file with one that will restrict known ad sites form serving you unsolicited advertisements. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is the IP of your local computer.
    • Download Host.zip to your desktop.
    • From your Desktop right-click (hosts.zip) and select:
      Extract All from the menu.
    • Click Next, click Next, select the option:
      "Show Extracted files", click Finish
    • This will open the newly created hosts folder on your Desktop.
    • Double-click on the included mvps.bat file, this will rename the existing HOSTS file to HOSTS.MVP, then it will copy the included updated HOSTS file to the correct location on your machine.


  • ANTIVIRUS SOFTWARE
    It is very important that you have anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future.

    See this link for a listing of some online antivirus scanners:

    Anti-Spyware Tutorial

    Here are two very good free Antivirus products which are available:
  • Avast!

  • AVG

  • Winpatrol - Download and install the free version of Winpatrol.
    A tutorial for this product is located here:
    Using Winpatrol to protect your computer from malicious software

If you do not have a firewall, here are 4 free ones available for personal use:


In light of your recent troubles, I'm sure you'll like to avoid any future infections. Please take a look at these well written articles
If you want to fight back the Malware Writers that have made your life a misery, please take a look here and read what you can do against it.

Please respond to this thread one more time so we can mark this thread as resolved.
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of ASAP since 2005
Proud Member of UNITE since 2006

Microsoft MVP - Consumer Security 2009
tetonbob is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 04-11-2006, 03:46 PM   #7 (permalink)
Registered User
 
Join Date: Apr 2006
Posts: 16
OS: xp


a million thank you's.

expect a donation asap

: )
#coin-op# is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
 

« Previous Thread | Next Thread »

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off



All times are GMT -7. The time now is 08:33 PM.

Contact Us - Tech Support Forum - Archive - Privacy Statement - Top


Copyright 2001 - 2009, Tech Support Forum
Home Tips Plus | Outdoor Basecamp | Automotive Support Forum

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85