jslong17 Posted October 31, 2007 Report Share Posted October 31, 2007 I've done a full scan with cw shredder, c cleaner, AVG Free, Spy bot S&D, and sys clean as well as HJT I just need some help to see if there any other problems hiding on the drive Thanks, JoeyLogfile of Trend Micro HijackThis v2.0.2Scan saved at 10:36:00 AM, on 10/26/2007Platform: Windows XP (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 (6.00.2600.0000)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exec:\Program Files\Norton AntiVirus\navapsvc.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\wdfmgr.exeC:\windows\system\hpsysdrv.exeC:\Program Files\WildTangent\DDC\DDCManager\DDCMan.exeC:\WINDOWS\System32\igfxtray.exeC:\WINDOWS\system32\ps2.exeC:\PROGRA~1\NORTON~1\navapw32.exeC:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exeC:\Program Files\Real\RealPlayer\RealPlay.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\HP\HP Software Update\HPWuSchd2.exeC:\Program Files\Yahoo!\Messenger\ypager.exeC:\Program Files\HP\Digital Imaging\bin\hpqtra08.exeC:\Program Files\iPod\bin\iPodService.exeC:\Program Files\HP\Digital Imaging\bin\hpqimzone.exeC:\WINDOWS\explorer.exeC:\Documents and Settings\Owner\Desktop\sysclean.comC:\Documents and Settings\Owner\Desktop\sysclean.exeE:\Spybot - Search & Destroy\SpybotSD.exeE:\HijackThis\HijackThis.exeC:\WINDOWS\System32\wbem\wmiprvse.exeE:\CCleaner\CCleaner.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us6.hpwis.com/R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us6.hpwis.com/R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.htmlR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.comR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.comR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.htmlR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.comR0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://srch-us6.hpwis.com/R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://srch-us6.hpwis.com/R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.comR1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhostO2 - BHO: 0 - {00FE8D32-9AFD-4853-25AC-A0C91F2FD991} - C:\Program Files\MSN Gaming Zone\qudasulu189.dll (file missing)O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dllO2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocxO2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dllO2 - BHO: BndDrive2 BHO Class - {8B27CC68-110C-46a9-80D3-F3107DE6EB98} - C:\Program Files\ISM\BndDrive4.dllO2 - BHO: (no name) - {A9C833ED-A67A-4690-9F27-A59B935A7CDA} - C:\Program Files\Messenger\meroze83122.dllO2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dllO3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLLO3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dllO3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dllO3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocxO4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exeO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initializeO4 - HKLM\..\Run: [nwiz] nwiz.exe /installO4 - HKLM\..\Run: [storageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /rO4 - HKLM\..\Run: [DDCM] "C:\Program Files\WildTangent\DDC\DDCManager\DDCMan.exe" -BackgroundO4 - HKLM\..\Run: [DDCActiveMenu] "C:\Program Files\WildTangent\DDC\ActiveMenu\DDCActiveMenu.exe" -bootO4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXEO4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray.exeO4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exeO4 - HKLM\..\Run: [NAV CfgWiz] c:\PROGRA~1\NORTON~1\Cfgwiz.exe /RO4 - HKLM\..\Run: [NAV Agent] c:\PROGRA~1\NORTON~1\navapw32.exeO4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exeO4 - HKLM\..\Run: [checktime] c:\program files\HPSelect\Frontend\ct.exeO4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYERO4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exeO4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quietO4 - .DEFAULT User Startup: AutoPlay.exe (User 'Default user')O4 - Global Startup: hp center UI.lnk = C:\Program Files\hp center\137903\Shadow\ShadowBar.exeO4 - Global Startup: hp center.lnk = C:\Program Files\hp center\137903\Program\BackWeb-137903.exeO4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exeO4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exeO8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htmO8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htmO8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htmO8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htmO9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dllO9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htmO9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htmO9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dllO10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dllO12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dllO16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://activation.rr.com/install/download/tgctlcm.cabO16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dllO16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://www.nick.com/common/groove/gx/GrooveAX27.cabO20 - Winlogon Notify: awttuuv - awttuuv.dll (file missing)O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exeO23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exeO23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exeO24 - Desktop Component 0: (no name) - C:\Program Files\MSN Gaming Zone\rtemehdofse.html Link to post Share on other sites
mikex Posted October 31, 2007 Report Share Posted October 31, 2007 An admin will move this post to the Malware section of Besttechie. Once they have you all clean please feel free to post back to the PC Support area for any issues you have that are not malware related.Mike Link to post Share on other sites
Andro1d Posted November 1, 2007 Report Share Posted November 1, 2007 Hello and Welcome to BT. I am MoNsTeReNeRgY22 and I will be assisting you with your malware problem today. Step 1Download Deckard's System Scanner (DSS) to your Desktop.Close all applications and windows.Double-click on DSS.exe to run it, and follow the prompts.When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.Extra Note: When running DSS, some firewalls may warn that sigcheck.exe is trying to access the internet - please ensure that you allow sigcheck.exe permission to do so. Also, it may happen that your Antivirus flags DSS as suspicious. Please allow the Deckard's System Scanner to run and don't let your Antivirus delete it. (In this case, it may be better to temporary disable your Antivirus)Step 2Please do an online scan with Kaspersky WebScannerClick on Kaspersky Online ScannerYou will be promted to install an ActiveX component from Kaspersky, Click Yes.The program will launch and then begin downloading the latest definition files:Once the files have been downloaded click on NEXTNow click on Scan SettingsIn the scan settings make that the following are selected:Scan using the following Anti-Virus database:Extended (if available otherwise Standard)Scan Options:Scan ArchivesScan Mail Bases[*]Click OK[*]Now under select a target to scan:Select My Computer[*]This will program will start and scan your system.[*]The scan will take a while so be patient and let it run.[*]Once the scan is complete it will display if your system has been infected.Now click on the Save as Text button:[*]Save the file to your desktop.[*]Copy and paste that information in your next post. Link to post Share on other sites
jslong17 Posted November 5, 2007 Author Report Share Posted November 5, 2007 Ok, i downloaded the programs and ran them, not having anymore problems, took a few scans but i think i finally got the little buggers. Link to post Share on other sites
jslong17 Posted November 5, 2007 Author Report Share Posted November 5, 2007 Thank you to all who helped me, and sorry i posted on the wrong board the first go around. Link to post Share on other sites
Andro1d Posted November 5, 2007 Report Share Posted November 5, 2007 Could you please post the log just to be sure you are clean. Link to post Share on other sites
jslong17 Posted November 7, 2007 Author Report Share Posted November 7, 2007 I will post the extra.txt log file on requestDeckard's System Scanner v20071014.68Run by Owner on 2007-11-07 08:01:01Computer is in Safe Mode.--------------------------------------------------------------------------------Total Physical Memory: 511 MiB (512 MiB recommended).-- HijackThis (run as Owner.exe) -----------------------------------------------Logfile of Trend Micro HijackThis v2.0.2Scan saved at 8:01:04 AM, on 11/7/2007Platform: Windows XP (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 (6.00.2600.0000)Boot mode: Safe modeRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\notepad.exeG:\dss.exeC:\DOCUME~1\Owner\Desktop\Owner.exeR1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhostO2 - BHO: 0 - {00FE8D32-9AFD-4853-25AC-A0C91F2FD991} - C:\Program Files\MSN Gaming Zone\qudasulu189.dll (file missing)O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dllO2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocxO2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dllO2 - BHO: BndDrive2 BHO Class - {8B27CC68-110C-46a9-80D3-F3107DE6EB98} - C:\Program Files\ISM\BndDrive4.dll (file missing)O2 - BHO: (no name) - {A9C833ED-A67A-4690-9F27-A59B935A7CDA} - C:\Program Files\Messenger\meroze83122.dll (file missing)O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dllO3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLLO3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dllO3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dllO3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocxO4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exeO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initializeO4 - HKLM\..\Run: [nwiz] nwiz.exe /installO4 - HKLM\..\Run: [storageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /rO4 - HKLM\..\Run: [DDCM] "C:\Program Files\WildTangent\DDC\DDCManager\DDCMan.exe" -BackgroundO4 - HKLM\..\Run: [DDCActiveMenu] "C:\Program Files\WildTangent\DDC\ActiveMenu\DDCActiveMenu.exe" -bootO4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXEO4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray.exeO4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exeO4 - HKLM\..\Run: [NAV CfgWiz] c:\PROGRA~1\NORTON~1\Cfgwiz.exe /RO4 - HKLM\..\Run: [NAV Agent] c:\PROGRA~1\NORTON~1\navapw32.exeO4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exeO4 - HKLM\..\Run: [checktime] c:\program files\HPSelect\Frontend\ct.exeO4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYERO4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exeO4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\bin\tgcmd.exe" /server /startmonitor /deafO4 - HKLM\..\Run: [searchIndexer] rundll32.exe "C:\WINDOWS\System32\ywtwxcpc.dll",sitypnowO4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exeO4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quietO4 - HKCU\..\Run: [iSMModule4] "C:\Program Files\ISM\ISMModule4.exe"O4 - .DEFAULT User Startup: AutoPlay.exe (User 'Default user')O4 - Startup: TA_Start.lnk = C:\WINDOWS\system32\ksdsrngl.exeO4 - Startup: Think-Adz.lnk = C:\WINDOWS\system32\mwintldt.exeO4 - Global Startup: hp center UI.lnk = C:\Program Files\hp center\137903\Shadow\ShadowBar.exeO4 - Global Startup: hp center.lnk = C:\Program Files\hp center\137903\Program\BackWeb-137903.exeO4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exeO4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exeO8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htmO8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htmO8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htmO8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htmO9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dllO9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dllO9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dllO12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dllO16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://activation.rr.com/install/download/tgctlcm.cabO16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dllO16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://www.nick.com/common/groove/gx/GrooveAX27.cabO20 - Winlogon Notify: awttuuv - awttuuv.dll (file missing)O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exeO23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exeO23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exeO23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exeO23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - Unknown owner - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe (file missing)O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exeO23 - Service: AVG E-mail Scanner (AVGEMS) - Unknown owner - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe (file missing)O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exeO23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exeO23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe--End of file - 6988 bytes-- Files created between 2007-10-07 and 2007-11-07 -----------------------------2007-11-06 08:31:27 0 dr-h----- C:\Documents and Settings\Owner\Recent2007-11-05 11:21:10 3308 --a------ C:\WINDOWS\System32\tmp.reg2007-11-02 14:20:00 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft2007-11-02 10:35:30 0 d-------- C:\Program Files\Alwil Software2007-10-30 12:53:08 0 dr-h----- C:\$VAULT$.AVG2007-10-30 09:57:15 0 d-------- C:\Documents and Settings\Owner\Application Data\AVG72007-10-30 09:56:53 0 d-------- C:\Documents and Settings\LocalService\Application Data\AVG72007-10-30 09:56:12 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft2007-10-24 10:49:12 0 d-------- C:\Documents and Settings\All Users\Application Data\Avg72007-10-24 07:08:47 0 dr-h----- C:\Documents and Settings\Administrator\Recent2007-10-22 16:03:35 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy2007-10-22 15:59:35 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft2007-10-22 15:59:35 0 d-------- C:\Documents and Settings\Administrator\Application Data\InterTrust2007-10-22 15:59:35 0 d-------- C:\Documents and Settings\Administrator\Application Data\Identities2007-10-22 15:59:35 0 d-------- C:\Documents and Settings\Administrator\Application Data\Adobe2007-10-22 15:59:34 0 d--h----- C:\Documents and Settings\Administrator\PrintHood2007-10-22 15:59:34 0 d--h----- C:\Documents and Settings\Administrator\NetHood2007-10-22 15:59:34 0 dr------- C:\Documents and Settings\Administrator\My Documents2007-10-22 15:59:34 0 d--h----- C:\Documents and Settings\Administrator\Local Settings2007-10-22 15:59:34 0 dr------- C:\Documents and Settings\Administrator\Favorites2007-10-22 15:59:34 0 d-------- C:\Documents and Settings\Administrator\Desktop2007-10-22 15:59:34 0 d---s---- C:\Documents and Settings\Administrator\Cookies2007-10-22 15:59:34 0 dr-h----- C:\Documents and Settings\Administrator\Application Data2007-10-22 15:59:34 0 d-------- C:\Documents and Settings\Administrator\Application Data\VERITAS2007-10-22 15:59:34 0 d-------- C:\Documents and Settings\Administrator\Application Data\Symantec2007-10-22 15:59:34 0 d-------- C:\Documents and Settings\Administrator\Application Data\Share-to-Web Upload Folder2007-10-22 15:59:33 0 d-------- C:\Documents and Settings\Administrator\WINDOWS2007-10-22 15:59:33 0 d--h----- C:\Documents and Settings\Administrator\Templates2007-10-22 15:59:33 0 dr------- C:\Documents and Settings\Administrator\Start Menu2007-10-22 15:59:33 0 dr-h----- C:\Documents and Settings\Administrator\SendTo2007-10-22 15:59:32 843776 --a------ C:\Documents and Settings\Administrator\NTUSER.DAT2007-10-18 17:14:56 0 d-------- C:\WINDOWS\pss-- Find3M Report ---------------------------------------------------------------2007-11-05 09:09:58 0 d-------- C:\Program Files\support.com2007-11-02 14:18:53 0 d-------- C:\Program Files\Common Files2007-11-02 10:50:24 0 d-------- C:\Program Files\Messenger2007-10-30 12:53:10 0 d-------- C:\Program Files\MSN Gaming Zone2007-10-03 17:47:03 1499169 --ahs---- C:\WINDOWS\System32\kjkkj.bak22007-09-15 23:31:57 0 --a------ C:\WINDOWS\System32\kernel32.exe2007-09-15 16:48:50 6448 --ahs---- C:\WINDOWS\System32\kjkkj.bak1-- Registry Dump ---------------------------------------------------------------*Note* empty entries & legit default entries are not shown[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00FE8D32-9AFD-4853-25AC-A0C91F2FD991}] C:\Program Files\MSN Gaming Zone\qudasulu189.dll[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8B27CC68-110C-46a9-80D3-F3107DE6EB98}] C:\Program Files\ISM\BndDrive4.dll[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A9C833ED-A67A-4690-9F27-A59B935A7CDA}] C:\Program Files\Messenger\meroze83122.dll[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [05/07/1998 06:04 PM]"NvCplDaemon"="NvQTwk" []"nwiz"="nwiz.exe" [05/03/2002 07:06 PM C:\WINDOWS\system32\nwiz.exe]"StorageGuard"="C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" [05/09/2002 01:01 AM]"DDCM"="C:\Program Files\WildTangent\DDC\DDCManager\DDCMan.exe" [06/08/2002 03:18 AM]"DDCActiveMenu"="C:\Program Files\WildTangent\DDC\ActiveMenu\DDCActiveMenu.exe" [06/08/2002 03:20 AM]"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [12/19/2001 01:39 AM]"IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [05/15/2002 05:29 AM]"PS2"="C:\WINDOWS\system32\ps2.exe" [06/14/2002 06:39 PM]"NAV CfgWiz"="c:\PROGRA~1\NORTON~1\Cfgwiz.exe" [02/27/2002 08:28 PM]"NAV Agent"="c:\PROGRA~1\NORTON~1\navapw32.exe" [02/27/2002 08:27 PM]"HPDJ Taskbar Utility"="C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe" [05/22/2002 01:28 AM]"checktime"="c:\program files\HPSelect\Frontend\ct.exe" [01/26/2002 03:05 PM]"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [04/25/2004 02:32 PM]"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [10/30/2006 09:36 AM]"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [09/23/2005 11:08 PM]"tgcmd"="C:\Program Files\Support.com\bin\tgcmd.exe" [10/18/2005 02:33 PM]"SearchIndexer"="C:\WINDOWS\System32\ywtwxcpc.dll" []"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [10/25/2006 06:58 PM]"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [10/25/2007 11:20 AM][HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\ypager.exe" [08/19/2005 07:34 PM]"ISMModule4"="C:\Program Files\ISM\ISMModule4.exe" [][HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]"System"="lsass.exe"[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awttuuv] awttuuv.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]"Authentication Packages"= msv1_0 C:\\WINDOWS\\System32\\jkkjk-- End of Deckard's System Scanner: finished at 2007-11-07 08:01:25 ------------ Link to post Share on other sites
Andro1d Posted November 8, 2007 Report Share Posted November 8, 2007 (edited) Hi,I am sorry to say that you are not completly clean, so pleae do the following.Before we begin, you should save these instructions in Notepad to your desktop, or print them, for easy reference. Much of our fix will be done in Safe mode, and you will be unable to access this thread at that time. If you have questions at any point, or are unsure of the instructions, feel free to post here and ask for clarification before proceeding.Step 1Please re-open HijackThis and scan. Check the boxes next to all the entries listed below. O2 - BHO: BndDrive2 BHO Class - {8B27CC68-110C-46a9-80D3-F3107DE6EB98} - C:\Program Files\ISM\BndDrive4.dll (file missing)O4 - HKLM\..\Run: [searchIndexer] rundll32.exe "C:\WINDOWS\System32\ywtwxcpc.dll",sitypnowO4 - HKCU\..\Run: [iSMModule4] "C:\Program Files\ISM\ISMModule4.exe"O4 - Startup: TA_Start.lnk = C:\WINDOWS\system32\ksdsrngl.exeO4 - Startup: Think-Adz.lnk = C:\WINDOWS\system32\mwintldt.exeO20 - Winlogon Notify: awttuuv - awttuuv.dll (file missing)Now close all windows other than Hijackthis, then click Fix Checked. Close HijackThis. Reboot into safe mode.Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.Please enter Safe Mode by using the Arrow Keys and then hit Enter.Please go to Start > Control Panel > Add or Remove Programs and remove the following (if present):ISMPlease note any other programs that you dont recognize in that list in your next responseUsing Windows Explorer (to get there right-click your Start button and go to "Explore"), please delete these folders (if present):C:\Program Files\ISMUsing Windows Explorer (to get there right-click your Start button and go to "Explore"), please delete these files (if present):C:\WINDOWS\system32\ksdsrngl.exeC:\WINDOWS\system32\mwintldt.exeC:\WINDOWS\System32\ywtwxcpc.dlAfter that, Reboot to Normal Mode.Step 2Anti-Virus programs take up an enormous amount of your computer's resources when they are actively scanning your computer. Having two anti-virus programs running at the same time can cause your computer to run very slow, become unstable and even, in rare cases, crash.If you choose to install more than one Anti-Virus program on your computer, then only one of them should be active in memory at a time.There are basically two types of these programs: On-Access and On-DemandOn-Access ScannersAs the name implies, are scanners that run in the background all the time the PC is turned on and running. The main function of an On-Access scanner is to monitor activity on your machine.On-Demand ScannersAs the name implies, are scanners that only run when you ask them to.Such as, Online Scans and scanners that run on your machine but are not actively scanning your machine.You are using three Antivirus Programs: Norton AntiVirus, AVG7, avast!. I would suggest you remove them all, except for AVG7 unless you have a paid subscription for Norton still active.Step 3Please do an online scan with Kaspersky WebScannerClick on Kaspersky Online ScannerYou will be promted to install an ActiveX component from Kaspersky, Click Yes.The program will launch and then begin downloading the latest definition files:Once the files have been downloaded click on NEXTNow click on Scan SettingsIn the scan settings make that the following are selected:Scan using the following Anti-Virus database:Extended (if available otherwise Standard)Scan Options:Scan ArchivesScan Mail Bases[*]Click OK[*]Now under select a target to scan:Select My Computer[*]This will program will start and scan your system.[*]The scan will take a while so be patient and let it run.[*]Once the scan is complete it will display if your system has been infected.Now click on the Save as Text button:[*]Save the file to your desktop.[*]Copy and paste that information in your next post. Edited November 8, 2007 by MoNsTeReNeRgY22 Link to post Share on other sites
jslong17 Posted November 9, 2007 Author Report Share Posted November 9, 2007 ------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER REPORT Friday, November 09, 2007 2:41:43 PM Operating System: Microsoft Windows XP Home Edition, Service Pack 1 (Build 2600) Kaspersky Online Scanner version: 5.0.98.0 Kaspersky Anti-Virus database last update: 9/11/2007 Kaspersky Anti-Virus database records: 455400-------------------------------------------------------------------------------Scan Settings: Scan using the following antivirus database: extended Scan Archives: true Scan Mail Bases: trueScan Target - My Computer: A:\ C:\ D:\ E:\ F:\Scan Statistics: Total number of scanned objects: 73394 Number of viruses found: 2 Number of infected objects: 5 Number of suspicious objects: 0 Duration of the scan process: 01:19:47Infected Object Name / Virus Name / Last ActionC:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skippedC:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skippedC:\Documents and Settings\All Users\Application Data\Support.com\profiles\Owner\triggers.log Object is locked skippedC:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skippedC:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skippedC:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat Object is locked skippedC:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat Object is locked skippedC:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat Object is locked skippedC:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skippedC:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skippedC:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skippedC:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skippedC:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skippedC:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skippedC:\Documents and Settings\Owner\Cookies\index.dat Object is locked skippedC:\Documents and Settings\Owner\Desktop\New Folder\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skippedC:\Documents and Settings\Owner\Desktop\New Folder\SmitfraudFix.exe/data.rar/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skippedC:\Documents and Settings\Owner\Desktop\New Folder\SmitfraudFix.exe/data.rar Infected: not-a-virus:RiskTool.Win32.Reboot.f skippedC:\Documents and Settings\Owner\Desktop\New Folder\SmitfraudFix.exe RarSFX: infected - 2 skippedC:\Documents and Settings\Owner\Local Settings\Application Data\ApplicationHistory\hpqimzone.exe.3204510e.ini.inuse Object is locked skippedC:\Documents and Settings\Owner\Local Settings\Application Data\HP\Digital Imaging\db\administrativeInfo.dbf Object is locked skippedC:\Documents and Settings\Owner\Local Settings\Application Data\HP\Digital Imaging\db\albumImagesTable.cdx Object is locked skippedC:\Documents and Settings\Owner\Local Settings\Application Data\HP\Digital Imaging\db\albumImagesTable.dbf Object is locked skippedC:\Documents and Settings\Owner\Local Settings\Application Data\HP\Digital Imaging\db\albumTable.cdx Object is locked skippedC:\Documents and Settings\Owner\Local Settings\Application Data\HP\Digital Imaging\db\albumTable.dbf Object is locked skippedC:\Documents and Settings\Owner\Local Settings\Application Data\HP\Digital Imaging\db\CB_Server_Errors.txt Object is locked skippedC:\Documents and Settings\Owner\Local Settings\Application Data\HP\Digital Imaging\db\EXIFTable.cdx Object is locked skippedC:\Documents and Settings\Owner\Local Settings\Application Data\HP\Digital Imaging\db\EXIFTable.dbf Object is locked skippedC:\Documents and Settings\Owner\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.cdx Object is locked skippedC:\Documents and Settings\Owner\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.dbf Object is locked skippedC:\Documents and Settings\Owner\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.fpt Object is locked skippedC:\Documents and Settings\Owner\Local Settings\Application Data\HP\Digital Imaging\db\keywordImagesTable.cdx Object is locked skippedC:\Documents and Settings\Owner\Local Settings\Application Data\HP\Digital Imaging\db\keywordImagesTable.dbf Object is locked skippedC:\Documents and Settings\Owner\Local Settings\Application Data\HP\Digital Imaging\db\keywordTable.cdx Object is locked skippedC:\Documents and Settings\Owner\Local Settings\Application Data\HP\Digital Imaging\db\keywordTable.dbf Object is locked skippedC:\Documents and Settings\Owner\Local Settings\Application Data\HP\Digital Imaging\db\managedFolderTable.dbf Object is locked skippedC:\Documents and Settings\Owner\Local Settings\Application Data\HP\Digital Imaging\db\pathnameTable.cdx Object is locked skippedC:\Documents and Settings\Owner\Local Settings\Application Data\HP\Digital Imaging\db\pathnameTable.dbf Object is locked skippedC:\Documents and Settings\Owner\Local Settings\Application Data\HP\Digital Imaging\db\propertiesTable.cdx Object is locked skippedC:\Documents and Settings\Owner\Local Settings\Application Data\HP\Digital Imaging\db\propertiesTable.dbf Object is locked skippedC:\Documents and Settings\Owner\Local Settings\Application Data\HP\Digital Imaging\db\ROFImagesTable.cdx Object is locked skippedC:\Documents and Settings\Owner\Local Settings\Application Data\HP\Digital Imaging\db\ROFImagesTable.dbf Object is locked skippedC:\Documents and Settings\Owner\Local Settings\Application Data\HP\Digital Imaging\db\ROFTable.cdx Object is locked skippedC:\Documents and Settings\Owner\Local Settings\Application Data\HP\Digital Imaging\db\ROFTable.dbf Object is locked skippedC:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skippedC:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skippedC:\Documents and Settings\Owner\Local Settings\History\History.IE5\index.dat Object is locked skippedC:\Documents and Settings\Owner\Local Settings\Temp\~DF1652.tmp Object is locked skippedC:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skippedC:\Documents and Settings\Owner\NTUSER.DAT Object is locked skippedC:\Documents and Settings\Owner\ntuser.dat.LOG Object is locked skippedC:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat Object is locked skippedC:\Program Files\Alwil Software\Avast4\DATA\Avast4.db Object is locked skippedC:\Program Files\Alwil Software\Avast4\DATA\log\AshWebSv.ws Object is locked skippedC:\Program Files\Alwil Software\Avast4\DATA\log\aswMaiSv.log Object is locked skippedC:\Program Files\Alwil Software\Avast4\DATA\log\nshield.log Object is locked skippedC:\Program Files\Alwil Software\Avast4\DATA\report\Resident protection.txt Object is locked skippedC:\Program Files\hp center\137903\Users\Default\Data\chandir.dat Object is locked skippedC:\Program Files\hp center\137903\Users\Default\Data\chandir.idx Object is locked skippedC:\Program Files\hp center\137903\Users\Default\Data\chn.dat Object is locked skippedC:\Program Files\hp center\137903\Users\Default\Data\chn.idx Object is locked skippedC:\Program Files\hp center\137903\Users\Default\Data\D0000000.FCS Object is locked skippedC:\Program Files\hp center\137903\Users\Default\Data\inuse.txt Object is locked skippedC:\Program Files\hp center\137903\Users\Default\Data\L0000072.FCS Object is locked skippedC:\Program Files\hp center\137903\Users\Default\Data\main.log Object is locked skippedC:\Program Files\hp center\137903\Users\Default\Data\prs.dat Object is locked skippedC:\Program Files\hp center\137903\Users\Default\Data\prs.idx Object is locked skippedC:\Program Files\hp center\137903\Users\Default\Data\prs_die.dat Object is locked skippedC:\Program Files\hp center\137903\Users\Default\Data\prs_die.idx Object is locked skippedC:\Program Files\hp center\137903\Users\Default\Data\prs_dnd.dat Object is locked skippedC:\Program Files\hp center\137903\Users\Default\Data\prs_dnd.idx Object is locked skippedC:\Program Files\hp center\137903\Users\Default\Data\prs_ext.dat Object is locked skippedC:\Program Files\hp center\137903\Users\Default\Data\prs_ext.idx Object is locked skippedC:\Program Files\hp center\137903\Users\Default\Data\prs_rcv.dat Object is locked skippedC:\Program Files\hp center\137903\Users\Default\Data\prs_rcv.idx Object is locked skippedC:\Program Files\hp center\137903\Users\Default\Data\storydb.dat Object is locked skippedC:\Program Files\hp center\137903\Users\Default\Data\storydb.idx Object is locked skippedC:\RECYCLER\S-1-5-21-1493418154-1974565712-2106517767-1003\Dc1.html Infected: Trojan-Clicker.HTML.IFrame.dn skippedC:\WINDOWS\Debug\PASSWD.LOG Object is locked skippedC:\WINDOWS\SchedLgU.Txt Object is locked skippedC:\WINDOWS\SoftwareDistribution\DataStore\DataStore.edb Object is locked skippedC:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log Object is locked skippedC:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb Object is locked skippedC:\WINDOWS\SoftwareDistribution\EventCache\{8E904BF0-20C9-4C3E-84AB-44454AF01CF8}.bin Object is locked skippedC:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skippedC:\WINDOWS\Sti_Trace.log Object is locked skippedC:\WINDOWS\system32\config\Antivirus.Evt Object is locked skippedC:\WINDOWS\system32\config\AppEvent.Evt Object is locked skippedC:\WINDOWS\system32\config\default Object is locked skippedC:\WINDOWS\system32\config\default.LOG Object is locked skippedC:\WINDOWS\system32\config\SAM Object is locked skippedC:\WINDOWS\system32\config\SAM.LOG Object is locked skippedC:\WINDOWS\system32\config\SecEvent.Evt Object is locked skippedC:\WINDOWS\system32\config\SECURITY Object is locked skippedC:\WINDOWS\system32\config\SECURITY.LOG Object is locked skippedC:\WINDOWS\system32\config\software Object is locked skippedC:\WINDOWS\system32\config\software.LOG Object is locked skippedC:\WINDOWS\system32\config\SysEvent.Evt Object is locked skippedC:\WINDOWS\system32\config\system Object is locked skippedC:\WINDOWS\system32\config\system.LOG Object is locked skippedC:\WINDOWS\system32\h323log.txt Object is locked skippedC:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skippedC:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skippedC:\WINDOWS\Temp\Perflib_Perfdata_468.dat Object is locked skippedC:\WINDOWS\Temp\_avast4_\Webshlock.txt Object is locked skippedC:\WINDOWS\wiadebug.log Object is locked skippedC:\WINDOWS\wiaservc.log Object is locked skippedC:\WINDOWS\WindowsUpdate.log Object is locked skippedScan process completed. Link to post Share on other sites
Andro1d Posted November 10, 2007 Report Share Posted November 10, 2007 Nice job your log looks clean! How is it running?Please use the following suggestion to help prevent reinfection.Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to infect your system. Please follow these steps to remove older version Java components and update:Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.Scroll down to where it says "Java Runtime Environment (JRE)6 Update 3...allows end-users to run Java applications".Click the "Download" button to the right.Read the License Agreement and then check the box that says: "Accept License Agreement". The page will refresh.Click on the link to download Windows Offline Installation and save the file to your desktop.Close any programs you may have running - especially your web browser.Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.Click the Remove or Change/Remove button.Repeat as many times as necessary to remove each Java versions.Reboot your computer once all Java components are removed.Then from your desktop double-click on jre-6u3-windows-i586-p.exe to install the newest version.Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs from changing those files. This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected)Now we need to make a new System Restore Point for your PC, please do the followingClick Start, Settings, Control PanelDouble-click the System iconClick the Performance tab, File System, Troubleshooting tabCheck "Turn off System Restore" and click "Apply". Please give a moment as it will delete the old System Restore pointsThen uncheck "Turn off System Restore" which will create a new System Restore pointClick OKI highly recommend downloading the following programs, to keep malware of your computer to begin with.The following is a list of tools and utilities that I like to suggest to people. This list is full of great tools and utilities to help you understand how you got infected and how to keep from getting infected again.SUPERAntiSpyware - A very powerful tool which searches and kills malware that infects your system. SpywareBlaster - Great prevention tool to keep malware from installing on your system.**Tutorial on installing & using this product can be found HERE**SpywareGuard - Works as a Spyware "Shield" to protect your computer from getting malware in the first place.**Tutorial on installing & using this product can be found HERE**IE-SpyAd - Puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.**Tutorial on installing & using this product can be found HERE**ATF Cleaner - Cleans temporary files from IE and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out malware that like to reside in the temp folders.Antivirus Program An Antivirus program is a must in today's digital world! I recommend avast! 4 Home Edition, AVG, or Anti-Vir. DO NOT install more than one Antivirus program. They will conflict, and provide less protection, not more.Firewall A firewall is definitely a must have to protect your computer from hackers. I recommend Comodo, Zone Alarm, or Outpost.**Tutorial on Firewalls can be found HERE**Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.You must stay on top of your updates at all times, for the above mentioned applications.It is vitally important to stay on top of your critical updates provided by Microsoft.And finally a little How did I get infected in the first place?(by Tony Klein)Good luck and safe surfing Link to post Share on other sites
jslong17 Posted November 12, 2007 Author Report Share Posted November 12, 2007 Thank you, you have been a tremendous help, I am updating everything now, and it is still running smoothly, (I know not to run more than one AV but I had to run both to get many viruses off this system, every time i used a new program i would find 5 to 10 more viruses. Thank you for your help again Link to post Share on other sites
Andro1d Posted November 12, 2007 Report Share Posted November 12, 2007 Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread. Everyone else please begin a New Topic. Link to post Share on other sites
Recommended Posts