Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93101 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Vundo/Vturo help... Hijack This Log enclosed!


  • This topic is locked This topic is locked
13 replies to this topic

#1 Zincdust

Zincdust

    New Member

  • New Member
  • Pip
  • 12 posts

Posted 09 April 2006 - 12:45 PM

Hey gang,
So, my wife recently discovered MySpace, and it may be where we got the Vundo problem. I downloaded and ran VundoFix, and it seemed to clear up the problem, but then today Norton's popped up and said that we had an infected file that could not be repaired or deleted: C:\WINDOWS\system32\vturo.dll
Can anyone advise? Here is the Hijack This! log:

Logfile of HijackThis v1.99.1
Scan saved at 11:03:37 AM, on 4/9/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXE
C:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\System32\hphmon05.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\ps2.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Messenger\msmsgs.exe
C:\The R Files\Hijack This\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...lion&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.h...lion&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...lion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.h...lion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.h...lion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.h...lion&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...lion&pf=desktop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll
O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [UpdateManager] "c:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKCU\..\Run: [BackupNotify] c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe
O4 - HKCU\..\Run: [Norton SystemWorks] "C:\Program Files\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Add To HP Organize... - C:\PROGRA~1\HEWLET~1\HPORGA~1\bin\core.hp.main\SendTo.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.s...sa/LSSupCtl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1142808952000
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {BCBC9371-595D-11D4-A96D-00105A1CEF6C} (View22RTE Class) - http://onlinedesigne...p/view22rte.cab
O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} (Downloader Class) - http://www.stopzilla...ller/dwnldr.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.s...sa/SymAData.cab
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXE
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

Thanks a million! :D

    Advertisements

Register to Remove


#2 Susan528

Susan528

    SuperMember

  • Authentic Member
  • PipPipPipPipPip
  • 3,194 posts

Posted 09 April 2006 - 04:10 PM

Hello Zincdust and Welcome to TomCoyote,

Please do the following:

STEP 1.
======
SpySweeper

Double-click My Computer.
Click the Tools menu, and then click Folder Options.
Click the View tab.
Clear "Hide file extensions for known file types."
Under the "Hidden files" folder, select "Show hidden files and folders."
Clear "Hide protected operating system files."
Click Apply, and then click OK.


Please do not delete anything unless you are instructed to.


Download the trial version of Spy Sweeper from Here

Install it using the Standard Install option. (You will be asked for your e-mail address, it is safe to give it. If you receive alerts from your firewall, allow all activities for Spy Sweeper)

You will be prompted to check for updated definitions, please do so.
(This may take several minutes)

Click on Options > Sweep Options and check Sweep all Folders on Selected drives. Check Local Disc C. Under What to Sweep, check every box.

Click on Sweep and allow it to fully scan your system.If you are prompted to restart the computer, do so immediately. This is a necessary step to kill the infection!

When the sweep has finished, click Remove. Click Select All and then Next

From 'Results', select the Session Log tab. Click Save to File and save the log somewhere convenient.

Exit Spy Sweeper.


STEP 2.
======
Ewido Trojan Scanner
Please download, install, and update the NEW free version of Ewido trojan scanner:
  • When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
  • When you run ewido for the first time, you may get a warning "Database could not be found!". Click OK. We will fix this in a moment.
  • From the main ewido screen, click on update in the left menu, then click the Start update button.
  • After the update finishes (the status bar at the bottom will display "Update successful")
  • Click on the Scanner button in the left menu, then click on Complete System Scan. This scan can take quite a while to run.
  • If ewido finds anything, it will pop up a notification. Select "clean" and check the boxes "Perform action with all infections" and "Create encrypted backup" before clicking on OK.
  • When the scan finishes, click on "Save Report". This will create a text file. Make sure you know where to find this file again.

Update Your Java
Update your Java to the latest version.
  • Uninstall any and all versions you have listed in add/remove programs
  • Install the latest version from here: http://www.java.com/en/

Please set your system to show all files; please see here if you're unsure how to do this.

Scan with HijackThis. Place a check against each of the following:
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE

Close all windows or browsers except for Hijackthis. Click on Fix Checked when finished and exit HijackThis.

Empty Recycle Bin
Reboot

Please post the results from SpySweeper, ewido and a new hijackthis log.
Posted Image

Proud member of ASAP since 2005

The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online.

Want to help others? Come join us in the Class Room and learn how.

#3 Zincdust

Zincdust

    New Member

  • New Member
  • Pip
  • 12 posts

Posted 10 April 2006 - 10:24 AM

Good morning Susan!
Thank you so much for the help. Here what I have for you:
I downloaded and ran SpySweeper, and it went off without a hitch. I have the results below.
I then downloaded and ran Ewido. It did the system scan without a problem. It stated that it came up with 57.011 infections. When it started to clean the infections, it got to 6014 cleaned, and then it froze up. It would unfreeze after from anywhere between 45 seconds and five minutes, cleaned about 1500 to 2000 more infections, and then freeze up again. So I let it run all night. When I got up this morning, it was frozen at 17972 infections cleaned. I let it sit for an hour, but it didn't budge. I noted the file it was stuck at:
:mozilla.166:C:\RECYCLER\NPROTECT\00260899.MOZ
and then used Windows Task Manager to end the program. Now when I try to start Ewido, WTM says that it is Not Responding right off the bat. So I'm not for sure if something is interfering with it. Is this something that I should be concerned about? Oh, I also forgot to mention that my PC is running very slowly since the freeze on Ewido took place.
Anyway, I replaced Java, fixed the suggested files in Hijack This, emptied the recycle bin and rebooted. Here are my SpySweeper and new HJT logs:

Spysweeper:
4:11 PM: | Start of Session, Sunday, April 09, 2006 |
4:11 PM: Spy Sweeper started
4:11 PM: Sweep initiated using definitions version 652
4:11 PM: Starting Memory Sweep
4:17 PM: Memory Sweep Complete, Elapsed Time: 00:06:31
4:17 PM: Starting Registry Sweep
4:18 PM: Registry Sweep Complete, Elapsed Time:00:00:41
4:18 PM: Starting Cookie Sweep
4:18 PM: Found Spy Cookie: 2o7.net cookie
4:18 PM: owner@2o7[2].txt (ID = 1957)
4:18 PM: Found Spy Cookie: websponsors cookie
4:18 PM: owner@a.websponsors[1].txt (ID = 3665)
4:18 PM: Found Spy Cookie: about cookie
4:18 PM: owner@about[2].txt (ID = 2037)
4:18 PM: owner@actionfigures.about[2].txt (ID = 2038)
4:18 PM: Found Spy Cookie: yieldmanager cookie
4:18 PM: owner@ad.yieldmanager[2].txt (ID = 3751)
4:18 PM: Found Spy Cookie: adecn cookie
4:18 PM: owner@adecn[2].txt (ID = 2063)
4:18 PM: Found Spy Cookie: adknowledge cookie
4:18 PM: owner@adknowledge[2].txt (ID = 2072)
4:18 PM: Found Spy Cookie: adlegend cookie
4:18 PM: owner@adlegend[1].txt (ID = 2074)
4:18 PM: Found Spy Cookie: hbmediapro cookie
4:18 PM: owner@adopt.hbmediapro[2].txt (ID = 2768)
4:18 PM: Found Spy Cookie: specificclick.com cookie
4:18 PM: owner@adopt.specificclick[1].txt (ID = 3400)
4:18 PM: Found Spy Cookie: cc214142 cookie
4:18 PM: owner@ads.cc214142[2].txt (ID = 2367)
4:18 PM: Found Spy Cookie: adultfriendfinder cookie
4:18 PM: owner@adultfriendfinder[2].txt (ID = 2165)
4:18 PM: Found Spy Cookie: tacoda cookie
4:18 PM: owner@anat.tacoda[1].txt (ID = 6445)
4:18 PM: owner@animatedtv.about[1].txt (ID = 2038)
4:18 PM: Found Spy Cookie: ask cookie
4:18 PM: owner@ask[1].txt (ID = 2245)
4:18 PM: owner@baking.about[1].txt (ID = 2038)
4:18 PM: Found Spy Cookie: searchingbooth cookie
4:18 PM: owner@banners.searchingbooth[1].txt (ID = 3322)
4:18 PM: Found Spy Cookie: belnk cookie
4:18 PM: owner@belnk[1].txt (ID = 2292)
4:18 PM: owner@birding.about[1].txt (ID = 2038)
4:18 PM: owner@buildabear.122.2o7[1].txt (ID = 1958)
4:18 PM: Found Spy Cookie: burstnet cookie
4:18 PM: owner@burstnet[1].txt (ID = 2336)
4:18 PM: owner@busycooks.about[1].txt (ID = 2038)
4:18 PM: Found Spy Cookie: classmates cookie
4:18 PM: owner@classmates[2].txt (ID = 2384)
4:18 PM: Found Spy Cookie: 360i cookie
4:18 PM: owner@ct.360i[1].txt (ID = 1962)
4:18 PM: Found Spy Cookie: overture cookie
4:18 PM: owner@data1.perf.overture[1].txt (ID = 3106)
4:18 PM: owner@data2.perf.overture[1].txt (ID = 3106)
4:18 PM: owner@data3.perf.overture[2].txt (ID = 3106)
4:18 PM: Found Spy Cookie: go.com cookie
4:18 PM: owner@disney.go[1].txt (ID = 2729)
4:18 PM: owner@disney.images.go[1].txt (ID = 2729)
4:18 PM: owner@disneyshopping.go[1].txt (ID = 2729)
4:18 PM: owner@dist.belnk[2].txt (ID = 2293)
4:18 PM: owner@ecnext.122.2o7[1].txt (ID = 1958)
4:18 PM: Found Spy Cookie: esurance cookie
4:18 PM: owner@esurance[1].txt (ID = 2625)
4:18 PM: Found Spy Cookie: exitexchange cookie
4:18 PM: owner@exitexchange[1].txt (ID = 2633)
4:18 PM: owner@folica.122.2o7[1].txt (ID = 1958)
4:18 PM: Found Spy Cookie: go2net.com cookie
4:18 PM: owner@go2net[1].txt (ID = 2730)
4:18 PM: owner@go[2].txt (ID = 2728)
4:18 PM: owner@hbmediapro[1].txt (ID = 2767)
4:18 PM: Found Spy Cookie: clickandtrack cookie
4:18 PM: owner@hits.clickandtrack[2].txt (ID = 2397)
4:18 PM: Found Spy Cookie: tripod cookie
4:18 PM: owner@htmlgear.tripod[1].txt (ID = 3592)
4:18 PM: Found Spy Cookie: ic-live cookie
4:18 PM: owner@ic-live[1].txt (ID = 2821)
4:18 PM: Found Spy Cookie: infospace cookie
4:18 PM: owner@infospace[2].txt (ID = 2865)
4:18 PM: owner@lists.classmates[1].txt (ID = 2385)
4:18 PM: Found Spy Cookie: top-banners cookie
4:18 PM: owner@media.top-banners[1].txt (ID = 3548)
4:18 PM: owner@netsecurity.about[2].txt (ID = 2038)
4:18 PM: Found Spy Cookie: realmedia cookie
4:18 PM: owner@network.realmedia[1].txt (ID = 3236)
4:18 PM: Found Spy Cookie: nextag cookie
4:18 PM: owner@nextag[2].txt (ID = 5014)
4:18 PM: Found Spy Cookie: one-time-offer cookie
4:18 PM: owner@one-time-offer[2].txt (ID = 3095)
4:18 PM: owner@partygaming.122.2o7[1].txt (ID = 1958)
4:18 PM: Found Spy Cookie: partypoker cookie
4:18 PM: owner@partypoker[1].txt (ID = 3111)
4:18 PM: Found Spy Cookie: paypopup cookie
4:18 PM: owner@paypopup[1].txt (ID = 3119)
4:18 PM: Found Spy Cookie: questionmarket cookie
4:18 PM: owner@questionmarket[1].txt (ID = 3217)
4:18 PM: owner@register.go[1].txt (ID = 2729)
4:18 PM: Found Spy Cookie: adjuggler cookie
4:18 PM: owner@rotator.adjuggler[2].txt (ID = 2071)
4:18 PM: owner@rotator.dex.adjuggler[1].txt (ID = 2070)
4:18 PM: owner@secure.disney.go[1].txt (ID = 2729)
4:18 PM: Found Spy Cookie: directtrack cookie
4:18 PM: owner@sideshow.directtrack[1].txt (ID = 2528)
4:18 PM: owner@southernfood.about[2].txt (ID = 2038)
4:18 PM: Found Spy Cookie: reliablestats cookie
4:18 PM: owner@stats1.reliablestats[1].txt (ID = 3254)
4:18 PM: owner@tacoda[2].txt (ID = 6444)
4:18 PM: owner@thunderbolt.adjuggler[2].txt (ID = 2070)
4:18 PM: Found Spy Cookie: trb.com cookie
4:18 PM: owner@trb[1].txt (ID = 3587)
4:18 PM: owner@webclipart.about[1].txt (ID = 2038)
4:18 PM: Found Spy Cookie: burstbeacon cookie
4:18 PM: owner@www.burstbeacon[2].txt (ID = 2335)
4:18 PM: owner@yieldmanager[2].txt (ID = 3749)
4:18 PM: Cookie Sweep Complete, Elapsed Time: 00:00:11
4:18 PM: Starting File Sweep
4:59 PM: Warning: Failed to open file "d:\recycled\nprotect\nprotect.log". The process cannot access the file because it is being used by another process
4:59 PM: Warning: Unhandled Archive Type
5:00 PM: Warning: Invalid file - not a PKZip file
5:00 PM: Warning: Unhandled Archive Type
5:01 PM: Warning: Unhandled Archive Type
5:01 PM: Warning: Invalid file - not a PKZip file
5:11 PM: Warning: Invalid Stream
5:11 PM: Warning: Invalid Stream
5:11 PM: Warning: Invalid Stream
5:11 PM: Warning: Invalid Stream
5:11 PM: Warning: Invalid Stream
5:11 PM: Warning: Invalid Stream
5:11 PM: Warning: Invalid Stream
5:11 PM: Warning: Invalid Stream
5:11 PM: Warning: Invalid Stream
5:11 PM: Warning: Invalid Stream
5:13 PM: Warning: Invalid file - not a PKZip file
5:13 PM: Warning: Invalid file - not a PKZip file
5:13 PM: Warning: Invalid file - not a PKZip file
5:13 PM: Warning: Invalid file - not a PKZip file
5:13 PM: Warning: Invalid file - not a PKZip file
5:13 PM: Warning: Invalid file - not a PKZip file
5:13 PM: File Sweep Complete, Elapsed Time: 00:54:48
5:13 PM: Full Sweep has completed. Elapsed time 01:02:19
5:13 PM: Traces Found: 65
5:14 PM: Removal process initiated
5:14 PM: Quarantining All Traces: 2o7.net cookie
5:14 PM: Quarantining All Traces: 360i cookie
5:14 PM: Quarantining All Traces: about cookie
5:14 PM: Quarantining All Traces: adecn cookie
5:15 PM: Quarantining All Traces: adjuggler cookie
5:15 PM: Quarantining All Traces: adknowledge cookie
5:15 PM: Quarantining All Traces: adlegend cookie
5:15 PM: Quarantining All Traces: adultfriendfinder cookie
5:15 PM: Quarantining All Traces: ask cookie
5:15 PM: Quarantining All Traces: belnk cookie
5:15 PM: Quarantining All Traces: burstbeacon cookie
5:15 PM: Quarantining All Traces: burstnet cookie
5:15 PM: Quarantining All Traces: cc214142 cookie
5:15 PM: Quarantining All Traces: classmates cookie
5:15 PM: Quarantining All Traces: clickandtrack cookie
5:15 PM: Quarantining All Traces: directtrack cookie
5:15 PM: Quarantining All Traces: esurance cookie
5:15 PM: Quarantining All Traces: exitexchange cookie
5:15 PM: Quarantining All Traces: go.com cookie
5:15 PM: Quarantining All Traces: go2net.com cookie
5:15 PM: Quarantining All Traces: hbmediapro cookie
5:15 PM: Quarantining All Traces: ic-live cookie
5:15 PM: Quarantining All Traces: infospace cookie
5:15 PM: Quarantining All Traces: nextag cookie
5:15 PM: Quarantining All Traces: one-time-offer cookie
5:15 PM: Quarantining All Traces: overture cookie
5:15 PM: Quarantining All Traces: partypoker cookie
5:15 PM: Quarantining All Traces: paypopup cookie
5:15 PM: Quarantining All Traces: questionmarket cookie
5:15 PM: Quarantining All Traces: realmedia cookie
5:15 PM: Quarantining All Traces: reliablestats cookie
5:15 PM: Quarantining All Traces: searchingbooth cookie
5:15 PM: Quarantining All Traces: specificclick.com cookie
5:15 PM: Quarantining All Traces: tacoda cookie
5:15 PM: Quarantining All Traces: top-banners cookie
5:15 PM: Quarantining All Traces: trb.com cookie
5:15 PM: Quarantining All Traces: tripod cookie
5:15 PM: Quarantining All Traces: websponsors cookie
5:15 PM: Quarantining All Traces: yieldmanager cookie
5:15 PM: Removal process completed. Elapsed time 00:00:32
********
4:06 PM: | Start of Session, Sunday, April 09, 2006 |
4:06 PM: Spy Sweeper started
4:07 PM: Your spyware definitions have been updated.
4:11 PM: | End of Session, Sunday, April 09, 2006 |


Hijack This!:
Logfile of HijackThis v1.99.1
Scan saved at 9:04:55 AM, on 4/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXE
C:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\System32\hphmon05.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\ps2.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\igfxtray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HP\hpcoretech\comp\hpdarc.exe
C:\The R Files\Hijack This\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...lion&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.h...lion&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...lion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.h...lion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.h...lion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.h...lion&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...lion&pf=desktop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll
O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [UpdateManager] "c:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKCU\..\Run: [BackupNotify] c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe
O4 - HKCU\..\Run: [Norton SystemWorks] "C:\Program Files\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Add To HP Organize... - C:\PROGRA~1\HEWLET~1\HPORGA~1\bin\core.hp.main\SendTo.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.s...sa/LSSupCtl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1142808952000
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {BCBC9371-595D-11D4-A96D-00105A1CEF6C} (View22RTE Class) - http://onlinedesigne...p/view22rte.cab
O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} (Downloader Class) - http://www.stopzilla...ller/dwnldr.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.s...sa/SymAData.cab
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXE
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

Thanks again for the help! :)

#4 Susan528

Susan528

    SuperMember

  • Authentic Member
  • PipPipPipPipPip
  • 3,194 posts

Posted 10 April 2006 - 12:09 PM

Since ewido will not run, let's try these scans.

STEP 1.
======
Please download ATF Cleaner by Atribune.

This program is for XP and Windows 2000 only
  • Double-click ATF-Cleaner.exe to run the program.
  • Under Main choose: Select All
  • Click the Empty Selected button.
If you use Firefox browser
  • Click Firefox at the top and choose:Select All
  • Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click
  • No at the prompt.
If you use Opera browser
  • Click Opera at the top and choose: Select All
  • Click the Empty Selected button.
  • NOTE:If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

STEP 2
======
A2 Free

Since ewido will not run now, please do the following:

You will have to register name and email address but this is free too.
Download A2
and run. Post the results please.


STEP 3
======
I like to use Kapersky too. It will not clean everything but the information is useful for seeing what needs to be cleaned.
Now run this online scan using Internet Explorer:
Kaspersky WebScanner from http://www.kaspersky.com/virusscanner

Next Click on Launch Kaspersky Anti-Virus Web Scanner

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
  • Scan using the following Anti-Virus database:
  • Standard
  • Scan Options:
  • Scan Archives
  • Scan Mail Bases
  • Click OK
  • Now under select a target to scan:
  • Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
  • Now click on the Save as Text button:
  • Save the file to your desktop.
Copy and paste that information from Kapersky in your next post.

So please post the results from A2 and Kapersky.
Posted Image

Proud member of ASAP since 2005

The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online.

Want to help others? Come join us in the Class Room and learn how.

#5 Zincdust

Zincdust

    New Member

  • New Member
  • Pip
  • 12 posts

Posted 10 April 2006 - 03:57 PM

Hi Susan! Here are the results from A-Squared (I didn't know if I should remove these objects or not, so I left the window open until you could advise): a-squared Report Scan started: 4/10/2006 11:27:37 AM Scan finished: 4/10/2006 12:26:13 PM Scan duration: 0h 58min 36sec Scanned files: 162070 Infected files: 25 Object Diagnosis Value: HKEY_LOCAL_MACHINE\SOFTWARE\Panicware\XA\{08994120-0128-11d7-8EEF-000347F103DC} --> Path Trace.Registry.Pop-Up Stopper Value: HKEY_LOCAL_MACHINE\SOFTWARE\Panicware\XA\{1BDE76E1-F7D4-11d6-8EEF-000347F103DC} --> Path Trace.Registry.Pop-Up Stopper Value: HKEY_LOCAL_MACHINE\SOFTWARE\Panicware\XA\{1F56FAA1-FC9C-11d6-8EEF-000347F103DC} --> Path Trace.Registry.Pop-Up Stopper Value: HKEY_LOCAL_MACHINE\SOFTWARE\Panicware\XA\{39D5D0C0-FE24-11d6-8EEF-000347F103DC} --> Path Trace.Registry.Pop-Up Stopper Value: HKEY_LOCAL_MACHINE\SOFTWARE\Panicware\XA\{59AA8DC1-429C-11d7-935D-000AE6309654} --> Path Trace.Registry.Pop-Up Stopper Value: HKEY_LOCAL_MACHINE\SOFTWARE\Panicware\XA\{633D36C0-F7AC-11d6-8EEF-000347F103DC} --> Path Trace.Registry.Pop-Up Stopper Value: HKEY_LOCAL_MACHINE\SOFTWARE\Panicware\XA\{76DFA7C0-011C-11d7-8EEF-000347F103DC} --> Path Trace.Registry.Pop-Up Stopper Value: HKEY_LOCAL_MACHINE\SOFTWARE\Panicware\XA\{7F721C21-0099-11d7-8EEF-000347F103DC} --> Path Trace.Registry.Pop-Up Stopper Value: HKEY_LOCAL_MACHINE\SOFTWARE\Panicware\XA\{816527E0-F638-11d6-8EEF-000347F103DC} --> Path Trace.Registry.Pop-Up Stopper Value: HKEY_LOCAL_MACHINE\SOFTWARE\Panicware\XA\{846B4D01-F248-11d6-8EEF-000347F103DC} --> Path Trace.Registry.Pop-Up Stopper Value: HKEY_LOCAL_MACHINE\SOFTWARE\Panicware\XA\{9355CA61-FD5C-11d6-8EEF-000347F103DC} --> Path Trace.Registry.Pop-Up Stopper Value: HKEY_LOCAL_MACHINE\SOFTWARE\Panicware\XA\{9614B841-F264-11d6-8EEF-000347F103DC} --> Path Trace.Registry.Pop-Up Stopper Value: HKEY_LOCAL_MACHINE\SOFTWARE\Panicware\XA\{991693C1-428B-11d7-935D-000AE6309654} --> Path Trace.Registry.Pop-Up Stopper Value: HKEY_LOCAL_MACHINE\SOFTWARE\Panicware\XA\{A05349C1-F575-11d6-8EEF-000347F103DC} --> Path Trace.Registry.Pop-Up Stopper Value: HKEY_LOCAL_MACHINE\SOFTWARE\Panicware\XA\{A5EE3BC0-F24F-11d6-8EEF-000347F103DC} --> Path Trace.Registry.Pop-Up Stopper Value: HKEY_LOCAL_MACHINE\SOFTWARE\Panicware\XA\{A5EE3BC1-F24F-11d6-8EEF-000347F103DC} --> Path Trace.Registry.Pop-Up Stopper Value: HKEY_LOCAL_MACHINE\SOFTWARE\Panicware\XA\{A5EE3BC2-F24F-11d6-8EEF-000347F103DC} --> Path Trace.Registry.Pop-Up Stopper Value: HKEY_LOCAL_MACHINE\SOFTWARE\Panicware\XA\{A5EE3BC3-F24F-11d6-8EEF-000347F103DC} --> Path Trace.Registry.Pop-Up Stopper Value: HKEY_LOCAL_MACHINE\SOFTWARE\Panicware\XA\{BCDF5160-0137-11d7-8EEF-000347F103DC} --> Path Trace.Registry.Pop-Up Stopper Value: HKEY_LOCAL_MACHINE\SOFTWARE\Panicware\XA\{C9ECD301-2937-11d7-935D-000AE6309654} --> Path Trace.Registry.Pop-Up Stopper Value: HKEY_LOCAL_MACHINE\SOFTWARE\Panicware\XA\{CA749FA0-FADF-11d6-8EEF-000347F103DC} --> Path Trace.Registry.Pop-Up Stopper Value: HKEY_LOCAL_MACHINE\SOFTWARE\Panicware\XA\{F53C3720-2947-11d7-935D-000AE6309654} --> Path Trace.Registry.Pop-Up Stopper Value: HKEY_LOCAL_MACHINE\SOFTWARE\Panicware\XA\{FA849862-F244-11d6-8EEF-000347F103DC} --> Path Trace.Registry.Pop-Up Stopper Value: HKEY_CURRENT_USER\Software\Microsoft\Office\10.0\Common\Internet --> UseRWHlinkNavigation Trace.Registry.SideStep IE SideBar C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe Adware.BackWeb.a Kaspersky: ------------------------------------------------------------------------------- KASPERSKY ON-LINE SCANNER REPORT Monday, April 10, 2006 2:48:23 PM Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600) Kaspersky On-line Scanner version: 5.0.78.0 Kaspersky Anti-Virus database last update: 10/04/2006 Kaspersky Anti-Virus database records: 176065 ------------------------------------------------------------------------------- Scan Settings: Scan using the following antivirus database: standard Scan Archives: true Scan Mail Bases: true Scan Target - My Computer: A:\ C:\ D:\ E:\ Scan Statistics: Total number of scanned objects: 139976 Number of viruses found: 10 Number of infected objects: 40 Number of suspicious objects: 0 Duration of the scan process: 02:06:09 Infected Object Name / Virus Name / Last Action C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\18BA6D2F.tmp Infected: Trojan-Downloader.Java.OpenConnection.v skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1B431EAC.htm Infected: Exploit.HTML.Mht skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\20FA2264.htm Infected: Exploit.HTML.Mht skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\20FE4C60.htm Infected: Exploit.HTML.Mht skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\22BC661A.tmp Infected: Trojan.Java.ClassLoader.z skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2C0079B4.tmp Infected: Trojan.Java.ClassLoader.z skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2CED42F0.htm Infected: Exploit.HTML.Mht skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\396E72D5.tmp Infected: Trojan.Java.ClassLoader.ak skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3B984310.cla Infected: Trojan.Java.ClassLoader.b skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3B9C6D0D.cla Infected: Trojan.Java.ClassLoader.Dummy.a skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3B9C6D0D.zip/a.class Infected: Trojan.Java.ClassLoader.b skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3B9C6D0D.zip/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3B9C6D0D.zip/VerifierBug.class Infected: Trojan.Java.ClassLoader.u skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3B9C6D0D.zip ZIP: infected - 3 skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3B9C6D0D.zip CryptFF: infected - 3 skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3BAC3EFB.cla Infected: Trojan.Java.ClassLoader.u skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3BAC3EFB.zip/a.class Infected: Trojan.Java.ClassLoader.b skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3BAC3EFB.zip/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3BAC3EFB.zip/VerifierBug.class Infected: Trojan.Java.ClassLoader.u skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3BAC3EFB.zip ZIP: infected - 3 skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3BAC3EFB.zip CryptFF: infected - 3 skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\448E0350.tmp Infected: Trojan.Java.ClassLoader.ak skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\496B267F.tmp Infected: Trojan.Java.ClassLoader.z skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5D536C43.htm Infected: Exploit.HTML.Mht skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\71301E05.tmp Infected: Trojan.Java.ClassLoader.ak skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\739B6682.htm Infected: Exploit.HTML.Mht skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\75417D3C.cla Infected: Trojan.Java.ClassLoader.u skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\77891E14.tmp Infected: Trojan-Downloader.Java.OpenConnection.v skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7F475532.zip/GetAccess.class Infected: Trojan.Java.ClassLoader.c skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7F475532.zip/InsecureClassLoader.class Infected: Exploit.Java.ByteVerify skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7F475532.zip/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7F475532.zip/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.v skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7F475532.zip ZIP: infected - 4 skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7F475532.zip CryptFF: infected - 4 skipped C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{FD25AF82-E85C-427E-B407-2883BF49331D}\Microsoft\Outlook Express\Companies.dbx/[From eBay <custservice_ref_2851261850005@ebay.com>][Date Mon, 10 Feb 2003 21:59:12 +0500]/UNNAMED/html Infected: Trojan-Spy.HTML.Bayfraud.hn skipped C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{FD25AF82-E85C-427E-B407-2883BF49331D}\Microsoft\Outlook Express\Companies.dbx/[From eBay <custservice_ref_2851261850005@ebay.com>][Date Mon, 10 Feb 2003 21:59:12 +0500]/UNNAMED Infected: Trojan-Spy.HTML.Bayfraud.hn skipped C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{FD25AF82-E85C-427E-B407-2883BF49331D}\Microsoft\Outlook Express\Companies.dbx Mail MS Outlook 5: infected - 2 skipped C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{FD25AF82-E85C-427E-B407-2883BF49331D}\Microsoft\Outlook Express\Off-eBay Activity.dbx/[From eBay Inc <custservice_id_735962998@ebay.com>][Date Sat, 17 Dec 2005 17:17:23 +0500]/UNNAMED/html Infected: Trojan-Spy.HTML.Bayfraud.hn skipped C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{FD25AF82-E85C-427E-B407-2883BF49331D}\Microsoft\Outlook Express\Off-eBay Activity.dbx/[From eBay Inc <custservice_id_735962998@ebay.com>][Date Sat, 17 Dec 2005 17:17:23 +0500]/UNNAMED Infected: Trojan-Spy.HTML.Bayfraud.hn skipped C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{FD25AF82-E85C-427E-B407-2883BF49331D}\Microsoft\Outlook Express\Off-eBay Activity.dbx Mail MS Outlook 5: infected - 2 skipped Scan process completed.

#6 Susan528

Susan528

    SuperMember

  • Authentic Member
  • PipPipPipPipPip
  • 3,194 posts

Posted 10 April 2006 - 05:02 PM

I would leave the A2 results alone and don't remove those. I will study the other results and get back to you.
Posted Image

Proud member of ASAP since 2005

The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online.

Want to help others? Come join us in the Class Room and learn how.

#7 Zincdust

Zincdust

    New Member

  • New Member
  • Pip
  • 12 posts

Posted 10 April 2006 - 06:27 PM

Sounds great, Susan! Looking forward to hearing from you again. Thanks again for the help! :thumbup:

#8 Susan528

Susan528

    SuperMember

  • Authentic Member
  • PipPipPipPipPip
  • 3,194 posts

Posted 11 April 2006 - 01:03 PM

Hello Zincdust,

You need to delete the infected emails from your MS Outlook Express.

You may need to compact the folders first.
In OE check out the menu item > File > Folder > Compact

In MS Outlook Right click the main file - normally called 'outlook today' > Properties > General Tab > Advanced > Compact Now.

Now use this list from Kapersky to identify the infected files.
C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{FD25AF82-E85C-427E-B407-2883BF49331D}\Microsoft\Outlook Express\Companies.dbx/[From eBay <custservice_ref_2851261850005@ebay.com>][Date Mon, 10 Feb 2003 21:59:12 +0500]/UNNAMED/html Infected: Trojan-Spy.HTML.Bayfraud.hn skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{FD25AF82-E85C-427E-B407-2883BF49331D}\Microsoft\Outlook Express\Companies.dbx/[From eBay <custservice_ref_2851261850005@ebay.com>][Date Mon, 10 Feb 2003 21:59:12 +0500]/UNNAMED Infected: Trojan-Spy.HTML.Bayfraud.hn skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{FD25AF82-E85C-427E-B407-2883BF49331D}\Microsoft\Outlook Express\Companies.dbx Mail MS Outlook 5: infected - 2 skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{FD25AF82-E85C-427E-B407-2883BF49331D}\Microsoft\Outlook Express\Off-eBay Activity.dbx/[From eBay Inc <custservice_id_735962998@ebay.com>][Date Sat, 17 Dec 2005 17:17:23 +0500]/UNNAMED/html Infected: Trojan-Spy.HTML.Bayfraud.hn skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{FD25AF82-E85C-427E-B407-2883BF49331D}\Microsoft\Outlook Express\Off-eBay Activity.dbx/[From eBay Inc v<custservice_id_735962998@ebay.com>][Date Sat, 17 Dec 2005 17:17:23 +0500]/UNNAMED Infected: Trojan-Spy.HTML.Bayfraud.hn skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{FD25AF82-E85C-427E-B407-2883BF49331D}\Microsoft\Outlook Express\Off-eBay Activity.dbx Mail MS Outlook 5: infected - 2 skipped


Please run Kapersky again to make sure you deleted them all.

Please post back with another Kapersky log.
Posted Image

Proud member of ASAP since 2005

The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online.

Want to help others? Come join us in the Class Room and learn how.

#9 Zincdust

Zincdust

    New Member

  • New Member
  • Pip
  • 12 posts

Posted 12 April 2006 - 10:39 AM

Hi Susan! Thanks again for the help. Here are the results from the most recent Kaspersky scan: ------------------------------------------------------------------------------- KASPERSKY ON-LINE SCANNER REPORT Wednesday, April 12, 2006 9:29:42 AM Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600) Kaspersky On-line Scanner version: 5.0.78.0 Kaspersky Anti-Virus database last update: 12/04/2006 Kaspersky Anti-Virus database records: 176334 ------------------------------------------------------------------------------- Scan Settings: Scan using the following antivirus database: standard Scan Archives: true Scan Mail Bases: true Scan Target - My Computer: A:\ C:\ D:\ E:\ Scan Statistics: Total number of scanned objects: 126502 Number of viruses found: 9 Number of infected objects: 34 Number of suspicious objects: 0 Duration of the scan process: 01:48:33 Infected Object Name / Virus Name / Last Action C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\18BA6D2F.tmp Infected: Trojan-Downloader.Java.OpenConnection.v skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1B431EAC.htm Infected: Exploit.HTML.Mht skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\20FA2264.htm Infected: Exploit.HTML.Mht skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\20FE4C60.htm Infected: Exploit.HTML.Mht skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\22BC661A.tmp Infected: Trojan.Java.ClassLoader.z skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2C0079B4.tmp Infected: Trojan.Java.ClassLoader.z skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2CED42F0.htm Infected: Exploit.HTML.Mht skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\396E72D5.tmp Infected: Trojan.Java.ClassLoader.ak skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3B984310.cla Infected: Trojan.Java.ClassLoader.b skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3B9C6D0D.cla Infected: Trojan.Java.ClassLoader.Dummy.a skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3B9C6D0D.zip/a.class Infected: Trojan.Java.ClassLoader.b skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3B9C6D0D.zip/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3B9C6D0D.zip/VerifierBug.class Infected: Trojan.Java.ClassLoader.u skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3B9C6D0D.zip ZIP: infected - 3 skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3B9C6D0D.zip CryptFF: infected - 3 skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3BAC3EFB.cla Infected: Trojan.Java.ClassLoader.u skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3BAC3EFB.zip/a.class Infected: Trojan.Java.ClassLoader.b skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3BAC3EFB.zip/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3BAC3EFB.zip/VerifierBug.class Infected: Trojan.Java.ClassLoader.u skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3BAC3EFB.zip ZIP: infected - 3 skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3BAC3EFB.zip CryptFF: infected - 3 skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\448E0350.tmp Infected: Trojan.Java.ClassLoader.ak skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\496B267F.tmp Infected: Trojan.Java.ClassLoader.z skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5D536C43.htm Infected: Exploit.HTML.Mht skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\71301E05.tmp Infected: Trojan.Java.ClassLoader.ak skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\739B6682.htm Infected: Exploit.HTML.Mht skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\75417D3C.cla Infected: Trojan.Java.ClassLoader.u skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\77891E14.tmp Infected: Trojan-Downloader.Java.OpenConnection.v skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7F475532.zip/GetAccess.class Infected: Trojan.Java.ClassLoader.c skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7F475532.zip/InsecureClassLoader.class Infected: Exploit.Java.ByteVerify skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7F475532.zip/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7F475532.zip/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.v skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7F475532.zip ZIP: infected - 4 skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7F475532.zip CryptFF: infected - 4 skipped Scan process completed.

#10 Zincdust

Zincdust

    New Member

  • New Member
  • Pip
  • 12 posts

Posted 13 April 2006 - 08:54 PM

Bumpity. :D :thumbup:

#11 Susan528

Susan528

    SuperMember

  • Authentic Member
  • PipPipPipPipPip
  • 3,194 posts

Posted 14 April 2006 - 04:42 AM

Just post one more hijackthis and let me make sure nothing has changed please.
Posted Image

Proud member of ASAP since 2005

The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online.

Want to help others? Come join us in the Class Room and learn how.

#12 Zincdust

Zincdust

    New Member

  • New Member
  • Pip
  • 12 posts

Posted 15 April 2006 - 12:26 AM

Can do!

Logfile of HijackThis v1.99.1
Scan saved at 11:17:23 PM, on 4/14/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXE
C:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\System32\hphmon05.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\ps2.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\igfxtray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\The R Files\Hijack This\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...lion&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.h...lion&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...lion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.h...lion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.h...lion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.h...lion&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...lion&pf=desktop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll
O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [UpdateManager] "c:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKCU\..\Run: [BackupNotify] c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe
O4 - HKCU\..\Run: [Norton SystemWorks] "C:\Program Files\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Add To HP Organize... - C:\PROGRA~1\HEWLET~1\HPORGA~1\bin\core.hp.main\SendTo.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.s...sa/LSSupCtl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1142808952000
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {BCBC9371-595D-11D4-A96D-00105A1CEF6C} (View22RTE Class) - http://onlinedesigne...p/view22rte.cab
O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} (Downloader Class) - http://www.stopzilla...ller/dwnldr.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.s...sa/SymAData.cab
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXE
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

#13 Susan528

Susan528

    SuperMember

  • Authentic Member
  • PipPipPipPipPip
  • 3,194 posts

Posted 15 April 2006 - 04:18 AM

Hello Zincdust,

Congratulations! :) Your hijackthis log appears to be clean and the infected files found by Kapersky are in Quarantine.


So please do the final steps:

STEP 1.
======
Cleanmgr
To clean temporary files:
  • Go > start > run and type cleanmgr and click OK
  • Scan your system for files to remove.
  • Make sure Temporary Files, Temporary Internet Files and Recycle Bin are the only things checked.
  • Click OK to remove those files.
  • Click Yes to confirm deletion.
STEP 2.( Windows XP only)
======
Prefetch Folder
Open C:\Windows\Prefetch\
Delete All files in this folder but not the Prefetch folder

STEP 3.
======
System Restore for Windows XP

Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs changing those files. This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected)
  • Turn off System Restore.
  • On the Desktop, right-click My Computer.
  • Click Properties.
  • Click the System Restore tab.
  • Check Turn off System Restore.
  • Click Apply, and then click OK.
Reboot.

Turn ON System Restore.
  • On the Desktop, right-click My Computer.
  • Click Properties.
  • Click the System Restore tab.
  • UN-Check *Turn off System Restore*.
  • Click Apply, and then click OK.

STEP 4.
======
DON’T BECOME OVERCONFIDENT WITH ANTIVIRUS APPLICATIONS INSTALLED!!!

http://forum.malware...39eba6ea0b5e8ee

Stay up to date on security patches and be extremely wary of clicking on links and attachments that arrive unbidden in instant messages and e-mail.

"The number one thing the majority of the malicious code we're seeing now does is disable or delete anti-virus and other security software," Dunham said. "In a lot of cases, once the user clicks on that attachment, it's already too late."


Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:
  • Update your AntiVirus Software - It is imperative that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.

  • Test your Firewall - Please test your firewall and make sure it is working properly.
    Test Firewall

  • Visit Microsoft's Update Site Frequently - It is important that you visit Windows Updates regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

  • Install Spybot - Search and Destroy - Install and download Spybot - Search and Destroy with its TeaTimer option. This will provide realtime spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with program on a regular basis just as you would an antivirus software.
    A tutorial on installing & using this product can be found here:
    Using Spybot - Search & Destroy to remove Spyware , Malware, and Hijackers

  • Install Ad-Aware - Install and download Ad-Aware. ou should also scan your computer with program on a regular basis just as you would an antivirus software in conjunction with Spybot.
    A tutorial on installing & using this product can be found here:
    Using Ad-aware to remove Spyware, Malware, & Hijackers from Your Computer

  • Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.
    A tutorial on installing & using this product can be found here:
    Using SpywareBlaster to protect your computer from Spyware and Malware


  • Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.

  • More info on how to prevent malware you can also find here (By Tony Klein)
    and here: http://wiki.castleco...nt_Re-infection
Follow this list and your potential for being infected again will reduce dramatically.

Thank you for allowing me to assist you.

Susan
Posted Image

Proud member of ASAP since 2005

The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online.

Want to help others? Come join us in the Class Room and learn how.

#14 Zincdust

Zincdust

    New Member

  • New Member
  • Pip
  • 12 posts

Posted 15 April 2006 - 09:51 AM

Thank you so much for your help, Susan! :D :thumbup: :wavey:

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users