Jump to content

Build Theme!
  •  
  • Unreplied Topics
  • Downloads
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93101 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Can't get rid of Spyware/Malware/Popups - HighJack Log Included

Started by TheAccuser , Apr 10 2006 04:38 AM

  • This topic is locked This topic is locked
10 replies to this topic

#1 TheAccuser

TheAccuser

    New Member

  • New Member
  • Pip
  • 5 posts

Posted 10 April 2006 - 04:38 AM

Logfile of HijackThis v1.99.1
Scan saved at 5:31:10 AM, on 4/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINMC\System32\smss.exe
C:\WINMC\system32\winlogon.exe
C:\WINMC\system32\services.exe
C:\WINMC\system32\lsass.exe
C:\WINMC\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINMC\System32\svchost.exe
C:\WINMC\system32\spoolsv.exe
C:\WINMC\system32\netdde.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINMC\system32\cisvc.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\WINMC\eHome\ehRecvr.exe
C:\WINMC\eHome\ehSched.exe
C:\WINMC\System32\svchost.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINMC\ehome\RMSvc.exe
C:\WINMC\system32\svchost.exe
C:\WINMC\system32\wbem\wmiapsrv.exe
C:\WINMC\System32\dmadmin.exe
C:\WINMC\system32\svchost.exe
C:\WINMC\system32\dllhost.exe
C:\WINMC\Explorer.EXE
C:\WINMC\system32\RUNDLL32.EXE
C:\WINMC\system32\hphmon04.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\WINMC\ehome\RMSysTry.exe
C:\Program Files\MCE\MCEVideoEncoder\MCEVideoEncoder.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\Documents and Settings\Tim Lastoria.OFFICEPC\Desktop\hijackthis\HijackThis.exe
C:\WINMC\system32\cidaemon.exe
C:\WINMC\system32\cidaemon.exe
C:\Program Files\Internet Explorer\iexplore.exe

F2 - REG:system.ini: Shell=Explorer.exe, C:\WINMC\system32\mudak.exe
F2 - REG:system.ini: UserInit=C:\WINMC\SYSTEM32\Userinit.exe,xqkdvnr.exe
O2 - BHO: web compressor - {23FB5ADD-DA37-4a40-9FC0-B0E2384CDE92} - C:\WINMC\system32\nsa174.dll
O2 - BHO: ngsh35.clsIS - {279A1B41-6CAC-4ABF-B39C-72C8E489F685} - C:\WINMC\system32\ngsh35.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: RieMon Class - {70F6A776-579A-4C95-BA88-134253907752} - C:\WINMC\system32\irsmsqwc.dll
O2 - BHO: (no name) - {7D9CB362-375B-4FB9-8024-E55079CC69D1}" - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINMC\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINMC\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HPHmon04] C:\WINMC\system32\hphmon04.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - Startup: MCEVideoEncoder.lnk = ?
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
O4 - Global Startup: Extender Resource Monitor.lnk = C:\WINMC\ehome\RMSysTry.exe
O8 - Extra context menu item: &Download by NetAnts - C:\PROGRA~1\NetAnts\NAGet.htm
O8 - Extra context menu item: Download &All by NetAnts - C:\PROGRA~1\NetAnts\NAGetAll.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Subscribe in default RSS reader - C:\Documents and Settings\Tim Lastoria.OFFICEPC\Application Data\RssBandit\iecontext_subscribefeed.htm
O8 - Extra context menu item: Transfer with Image Converter 2 - C:\Program Files\Sony\Image Converter 2\menu.htm
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINMC\system32\dmonwv.dll
O9 - Extra 'Tools' menuitem: Java - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINMC\system32\dmonwv.dll
O9 - Extra button: NetAnts - {57E91B47-F40A-11D1-B792-444553540000} - C:\PROGRA~1\NetAnts\NetAnts.exe
O9 - Extra 'Tools' menuitem: &NetAnts - {57E91B47-F40A-11D1-B792-444553540000} - C:\PROGRA~1\NetAnts\NetAnts.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINMC\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINMC\system32\shdocvw.dll
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\WINMC\system32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://files.member....s/sbc/yinst.cab
O16 - DPF: {656FAD09-4DE3-4C34-9600-0928C855FD7A} (AxTaskList Class) - http://moneycentral....bs/pmupd806.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1142219215765
O16 - DPF: {9AC54695-69A4-46F1-BE10-10C74F9520D5} - http://cabs.elitemed...s/mediaview.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zon...ro.cab32846.cab
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Measurement Services Client v.3.7) - http://advisor.futur...lobal/msc37.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zon...ss.cab31267.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.c...driveragent.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINMC\system32\BTXPPanel.dll
O20 - Winlogon Notify: MacDrive-iTunes compatibility - C:\Program Files\Common Files\Mediafour\MacDriveiTunesPatch.dll
O20 - Winlogon Notify: NavLogon - C:\WINMC\system32\NavLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINMC\SYSTEM32\WRLogonNTF.dll
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe

    Advertisements

Register to Remove

#2 TheAccuser

TheAccuser

    New Member

  • New Member
  • Pip
  • 5 posts

Posted 11 April 2006 - 10:56 PM

BUMP

#3 TheAccuser

TheAccuser

    New Member

  • New Member
  • Pip
  • 5 posts

Posted 12 April 2006 - 05:15 PM

Did I not post in the right area? I'm not sure why I am not getting a response.

#4 ken545

ken545

    Forum God

  • Retired Classroom Teacher
  • 23,225 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 15 April 2006 - 11:49 AM

TheAccuser :D

Welcome to the Tom Coyote Forum, sorry about the delay but the logs are many and us volunteers are few, plus the fact that when we search for logs, we look for ones with zero replies and by you replying to yourself , you took yourself out of that catagory.



Open HJT Scan Only, close your browser and all open windows, put checkmark in these entries and click on Fix Checked.


F2 - REG:system.ini: Shell=Explorer.exe, C:\WINMC\system32\mudak.exe
F2 - REG:system.ini: UserInit=C:\WINMC\SYSTEM32\Userinit.exe,xqkdvnr.exe

O2 - BHO: ngsh35.clsIS - {279A1B41-6CAC-4ABF-B39C-72C8E489F685} - C:\WINMC\system32\ngsh35.dll
O2 - BHO: web compressor - {23FB5ADD-DA37-4a40-9FC0-B0E2384CDE92} - C:\WINMC\system32\nsa174.dll
O2 - BHO: RieMon Class - {70F6A776-579A-4C95-BA88-134253907752} - C:\WINMC\system32\irsmsqwc.dll
O2 - BHO: (no name) - {7D9CB362-375B-4FB9-8024-E55079CC69D1}" - (no file)

O9 - Extra 'Tools' menuitem: Java - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINMC\system32\dmonwv.dll

O16 - DPF: {9AC54695-69A4-46F1-BE10-10C74F9520D5} - http://cabs.elitemed...s/mediaview.cab





Download and install Ewido Anti-Malware
Ewido Anti-Malware
* When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu
* Launch Ewido, there should be an icon on your desktop for it to double-click.
o Click on update
o You should see Update Complete when done.
o Now close out the program <-- Dont run it yet


Now reboot into Safemode
To Enter SAFEMODE

* Go to START/ SHUT OF YOUR COMPUTER/ RESTART
* As the computer starts to boot-up, Tap the F8 KEY somewhat rapidly, this will bring up a menu.
* Use the UP AND DOWN ARROW KEYS to scroll up to SAFEMODE
* Then press the ENTER KEY ON YOUR KEYBOARD


Now open Ewido
o Click on scanner.
o Run a full system scan
o Let the program scan the machine.
o While the scan is in progress you will be prompted to clean files, click OK.
o Once the scan has completed, there will be a button located on the bottom of the screen named Save report.
o Click Save report.
o Save the report to your desktop.



Still in Safemode, look for and delete the following files by right clicking on Start and then clicking on EXPLORE and navigate to the following directory.

C:\WINMC\system32\dmonwv.dll
C:\WINMC\system32\irsmsqwc.dll
C:\WINMC\system32\mudak.exe
C:\WINMC\system32\ngsh35.dll
C:\WINMC\system32\nsa174.dll

xqkdvnr.exe <-- this one you will have to search for.


Reboot normally



Download and Install CCleaner
* Click on Run Cleaner

Tutorial for CCleaner



Post back with the Ewido Report and a new HJT log.

Ken :D

 
 
The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
donate.gif
 
Find us on Facebook
Please LIKE and SHARE
 
 
Just a reminder that threads will be closed if no reply in 3 days.

#5 TheAccuser

TheAccuser

    New Member

  • New Member
  • Pip
  • 5 posts

Posted 15 April 2006 - 08:44 PM

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 9:17:54 PM, 4/15/2006
+ Report-Checksum: 743DFAEC

+ Scan result:

HKU\S-1-5-21-299502267-1547161642-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{279A1B41-6CAC-4ABF-B39C-72C8E489F685} -> Adware.AdBlaster : Cleaned with backup
HKU\S-1-5-21-299502267-1547161642-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{55BE9F0D-6CAF-4C3E-B125-5A13A8C9D0EC} -> Adware.Generic : Cleaned with backup
[948] C:\WINMC\system32\cslvcqd.dll -> Downloader.Qoologic.bj : Cleaned with backup
C:\Documents and Settings\Dina Turchek\Cookies\dina turchek@ad.adition[2].txt -> TrackingCookie.Adition : Cleaned with backup
C:\Documents and Settings\Dina Turchek\Cookies\dina turchek@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Dina Turchek\Cookies\dina turchek@adopt.specificclick[1].txt -> TrackingCookie.Specificclick : Cleaned with backup
C:\Documents and Settings\Dina Turchek\Cookies\dina turchek@amazonbebe.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Dina Turchek\Cookies\dina turchek@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned with backup
C:\Documents and Settings\Dina Turchek\Cookies\dina turchek@burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned with backup
C:\Documents and Settings\Dina Turchek\Cookies\dina turchek@cbs.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Dina Turchek\Cookies\dina turchek@data2.perf.overture[1].txt -> TrackingCookie.Overture : Cleaned with backup
C:\Documents and Settings\Dina Turchek\Cookies\dina turchek@data3.perf.overture[2].txt -> TrackingCookie.Overture : Cleaned with backup
C:\Documents and Settings\Dina Turchek\Cookies\dina turchek@doubleclick[2].txt -> TrackingCookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\Dina Turchek\Cookies\dina turchek@e-2dj6wfkogidjmfo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Dina Turchek\Cookies\dina turchek@e-2dj6wfliehcjidq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Dina Turchek\Cookies\dina turchek@e-2dj6wjl4amczgeo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Dina Turchek\Cookies\dina turchek@e-2dj6wjlycod5ggo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Dina Turchek\Cookies\dina turchek@e-2dj6wjnyaiazmbp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Dina Turchek\Cookies\dina turchek@e-2dj6wjnyelc5kgo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Dina Turchek\Cookies\dina turchek@e-2dj6wjnyqmcjwfp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Dina Turchek\Cookies\dina turchek@goldenpalace[1].txt -> TrackingCookie.Goldenpalace : Cleaned with backup
C:\Documents and Settings\Dina Turchek\Cookies\dina turchek@maxim.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Dina Turchek\Cookies\dina turchek@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned with backup
C:\Documents and Settings\Dina Turchek\Cookies\dina turchek@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Dina Turchek\Cookies\dina turchek@sales.liveperson[2].txt -> TrackingCookie.Liveperson : Cleaned with backup
C:\Documents and Settings\Dina Turchek\Cookies\dina turchek@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned with backup
C:\Documents and Settings\Dina Turchek\Cookies\dina turchek@www.burstbeacon[2].txt -> TrackingCookie.Burstbeacon : Cleaned with backup
C:\Documents and Settings\Tim Lastoria\Cookies\tim lastoria@com[2].txt -> TrackingCookie.Com : Cleaned with backup
C:\Documents and Settings\Tim Lastoria.OFFICEPC\Cookies\tim lastoria@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Tim Lastoria.OFFICEPC\Cookies\tim lastoria@adopt.euroclick[2].txt -> TrackingCookie.Euroclick : Cleaned with backup
C:\Documents and Settings\Tim Lastoria.OFFICEPC\Cookies\tim lastoria@casalemedia[1].txt -> TrackingCookie.Casalemedia : Cleaned with backup
C:\Documents and Settings\Tim Lastoria.OFFICEPC\Cookies\tim lastoria@com[1].txt -> TrackingCookie.Com : Cleaned with backup
C:\Documents and Settings\Tim Lastoria.OFFICEPC\Cookies\tim lastoria@statcounter[2].txt -> TrackingCookie.Statcounter : Cleaned with backup
C:\Documents and Settings\Tim Lastoria.OFFICEPC\Cookies\tim lastoria@stats1.reliablestats[2].txt -> TrackingCookie.Reliablestats : Cleaned with backup
C:\Documents and Settings\Tim Lastoria.OFFICEPC\Cookies\tim lastoria@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned with backup
C:\Documents and Settings\Tim Lastoria.OFFICEPC\Cookies\tim lastoria@www.myaffiliateprogram[1].txt -> TrackingCookie.Myaffiliateprogram : Cleaned with backup
C:\Documents and Settings\Tim Lastoria.OFFICEPC\Cookies\tim lastoria@zedo[2].txt -> TrackingCookie.Zedo : Cleaned with backup
C:\Documents and Settings\Tim Lastoria.OFFICEPC\Desktop\hijackthis\backups\backup-20060415-172426-257.dll -> Adware.AdBlaster : Cleaned with backup
C:\Documents and Settings\Tim Lastoria.OFFICEPC\Desktop\hijackthis\backups\backup-20060415-172426-458.dll -> Adware.SafeSurfing : Cleaned with backup
C:\Documents and Settings\Tim Lastoria.OFFICEPC\Local Settings\Temp\tp7543.exe -> Downloader.Qoologic.ax : Cleaned with backup
C:\Documents and Settings\Tim Lastoria.OFFICEPC\Local Settings\Temporary Internet Files\Content.IE5\8H23GPEN\rcverlib[1].exe -> Downloader.Qoologic.ax : Cleaned with backup
C:\Program Files\Radmin\raddrv.dll -> Not-A-Virus.RemoteAdmin.Win32.RAdmin.22 : Cleaned with backup
C:\RECYCLER\S-1-5-21-1085031214-1123561945-725345543-1003\Dc10.dll -> Adware.Look2Me : Cleaned with backup
C:\RECYCLER\S-1-5-21-1085031214-1123561945-725345543-1003\Dc9.dll -> Adware.Look2Me : Cleaned with backup
C:\WINMC\876057.exe -> Adware.Mirar : Cleaned with backup
C:\WINMC\pss\osxwr.exeCommon Startup -> Downloader.Qoologic.bj : Cleaned with backup
C:\WINMC\Sngsh40.dll -> Adware.AdBlaster : Cleaned with backup
C:\WINMC\system\sngsh35.dll -> Adware.AdBlaster : Cleaned with backup
C:\WINMC\system32\cjbyw.dat -> Downloader.Qoologic.bj : Cleaned with backup
C:\WINMC\system32\dmonwv.dll -> Downloader.Agent.agw : Cleaned with backup
C:\WINMC\system32\irismon.dll -> Adware.SafeSurfing : Cleaned with backup
C:\WINMC\system32\irssyncd.exe -> Adware.SafeSurfing : Cleaned with backup
C:\WINMC\system32\ngsh35.dll -> Adware.AdBlaster : Cleaned with backup
C:\WINMC\system32\ngsh40.dll -> Adware.AdBlaster : Cleaned with backup
C:\WINMC\system32\qkdsregp.exe -> Adware.ZenoSearch : Cleaned with backup
C:\WINMC\system32\raddrv.dll -> Not-A-Virus.RemoteAdmin.Win32.RAdmin.22 : Cleaned with backup
C:\WINMC\system32\sms_msn.exe -> Adware.AdBlaster : Cleaned with backup
C:\WINMC\system32\sms_msn40.exe -> Adware.AdBlaster : Cleaned with backup
C:\WINMC\system32\w5332cb3.dll -> Downloader.Agent.ahv : Cleaned with backup
C:\WINMC\unwn.exe -> Trojan.Qoologic : Cleaned with backup
D:\My Documents\My Utilities\Newsbin Pro v5.0.1.5807\Patch.exe -> Downloader.VB.ts : Cleaned with backup
D:\My Documents\PPC-6700\Current Software\Resco Audio Recorder v3.21\keygen.exe -> Logger.ProAgent.t : Cleaned with backup


::Report End

Logfile of HijackThis v1.99.1
Scan saved at 9:35:37 PM, on 4/15/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINMC\System32\smss.exe
C:\WINMC\system32\winlogon.exe
C:\WINMC\system32\services.exe
C:\WINMC\system32\lsass.exe
C:\WINMC\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINMC\System32\svchost.exe
C:\WINMC\system32\spoolsv.exe
C:\WINMC\Explorer.EXE
C:\WINMC\system32\hphmon04.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\WINMC\system32\netdde.exe
C:\WINMC\ehome\RMSysTry.exe
C:\Program Files\Nimblesoft\360 Friends\XboxFriendsList.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\MCE\MCEVideoEncoder\MCEVideoEncoder.exe
C:\WINMC\system32\cisvc.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\WINMC\eHome\ehRecvr.exe
C:\WINMC\eHome\ehSched.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINMC\System32\svchost.exe
C:\WINMC\system32\msiexec.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINMC\ehome\RMSvc.exe
C:\WINMC\system32\r_server.exe
C:\WINMC\system32\svchost.exe
C:\WINMC\system32\wbem\wmiapsrv.exe
C:\WINMC\System32\dmadmin.exe
C:\WINMC\system32\svchost.exe
C:\WINMC\system32\dllhost.exe
C:\WINMC\system32\wscntfy.exe
C:\WINMC\system32\wuauclt.exe
C:\Documents and Settings\Tim Lastoria.OFFICEPC\Desktop\hijackthis\HijackThis.exe

F2 - REG:system.ini: Shell=Explorer.exe, C:\WINMC\system32\mudak.exe
F2 - REG:system.ini: UserInit=C:\WINMC\SYSTEM32\Userinit.exe,xqkdvnr.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINMC\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINMC\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HPHmon04] C:\WINMC\system32\hphmon04.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [Orb] C:\Program Files\ORB Networks\ORB\bin\OrbTray.exe
O4 - Startup: 360 Friends.lnk = ?
O4 - Startup: MCEVideoEncoder.lnk = ?
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
O4 - Global Startup: Extender Resource Monitor.lnk = C:\WINMC\ehome\RMSysTry.exe
O8 - Extra context menu item: &Download by NetAnts - C:\PROGRA~1\NetAnts\NAGet.htm
O8 - Extra context menu item: Download &All by NetAnts - C:\PROGRA~1\NetAnts\NAGetAll.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Subscribe in default RSS reader - C:\Documents and Settings\Tim Lastoria.OFFICEPC\Application Data\RssBandit\iecontext_subscribefeed.htm
O8 - Extra context menu item: Transfer with Image Converter 2 - C:\Program Files\Sony\Image Converter 2\menu.htm
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: NetAnts - {57E91B47-F40A-11D1-B792-444553540000} - C:\PROGRA~1\NetAnts\NetAnts.exe
O9 - Extra 'Tools' menuitem: &NetAnts - {57E91B47-F40A-11D1-B792-444553540000} - C:\PROGRA~1\NetAnts\NetAnts.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINMC\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINMC\system32\shdocvw.dll
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\WINMC\system32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://files.member....s/sbc/yinst.cab
O16 - DPF: {656FAD09-4DE3-4C34-9600-0928C855FD7A} (AxTaskList Class) - http://moneycentral....bs/pmupd806.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1142219215765
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zon...ro.cab32846.cab
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Measurement Services Client v.3.7) - http://advisor.futur...lobal/msc37.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zon...ss.cab31267.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.c...driveragent.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINMC\system32\BTXPPanel.dll
O20 - Winlogon Notify: MacDrive-iTunes compatibility - C:\Program Files\Common Files\Mediafour\MacDriveiTunesPatch.dll
O20 - Winlogon Notify: NavLogon - C:\WINMC\system32\NavLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINMC\SYSTEM32\WRLogonNTF.dll
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: Remote Administrator Service (r_server) - Unknown owner - C:\WINMC\system32\r_server.exe" /service (file missing)

#6 ken545

ken545

    Forum God

  • Retired Classroom Teacher
  • 23,225 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 15 April 2006 - 09:13 PM

Hello,

Lets do this...

C:\WINMC\system32\mudak.exe
C:\WINMC\system32\netdde.exe
C:\WINMC\system32\xqkdvnr.exe


Download Pocket Killbox to your desktop, unzip it to a folder that you can find


* Highlight all the files with the complete path in the quote and press Ctrl C on your keyboard.

* Open Pocket Killbox
* Go to File > Paste from clipboard
* Set it to Delete on Reboot
* Tick the box that says End Explorer shell while killing file
* If its not greyed out..Click the radio button that say Unregister .dll before deleting.
* Make sure ALL Files is selected
* Click on the Red circle with the white X
* It will ask you to confirm the deletion...Say yes
* It will ask you to reboot, say yes




Reboot again into Safemode and open HJT Scan Only and remove these two entries.

F2 - REG:system.ini: Shell=Explorer.exe, C:\WINMC\system32\mudak.exe
F2 - REG:system.ini: UserInit=C:\WINMC\SYSTEM32\Userinit.exe,xqkdvnr.exe


Post a new HJT log please,

 
 
The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
donate.gif
 
Find us on Facebook
Please LIKE and SHARE
 
 
Just a reminder that threads will be closed if no reply in 3 days.

#7 ken545

ken545

    Forum God

  • Retired Classroom Teacher
  • 23,225 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 16 April 2006 - 08:28 AM

Good Morning,


When you done with the above, run HJT and see if those two F2 lines are still present.
F2 - REG:system.ini: Shell=Explorer.exe, C:\WINMC\system32\mudak.exe
F2 - REG:system.ini: UserInit=C:\WINMC\SYSTEM32\Userinit.exe,xqkdvnr.exe

If there still there or even if there gone, you still may have part of that infection still installed so run the fix below.

  • Download Brute Force Uninstaller to your C:\
  • Unzip it to a folder of its own (C:\BFU). So BFU should be on your root. In most cases this is C:\
  • Download qoofix.bat (right click on this link and choose save as)
  • Place qoofix.bat in your C:\BFU - folder. (Important!)
  • Doubleclick qooFix.bat, Close all browsers and explorer folders.
  • Choose option 1 (Qoolfix autofix) and follow the prompts.
  • The tool will ask to restart your Pc.
  • After the PC has restarted please post another hijackthis log.
Happy Easter,

Ken :D

 
 
The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
donate.gif
 
Find us on Facebook
Please LIKE and SHARE
 
 
Just a reminder that threads will be closed if no reply in 3 days.

#8 TheAccuser

TheAccuser

    New Member

  • New Member
  • Pip
  • 5 posts

Posted 16 April 2006 - 06:08 PM

That BFU fix worked for clearing those 2 problem entries that I couldn't get rid of! Does it look like I am free of issues now?

--------------------------
Logfile of HijackThis v1.99.1
Scan saved at 6:58:49 PM, on 4/16/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINMC\System32\smss.exe
C:\WINMC\system32\winlogon.exe
C:\WINMC\system32\services.exe
C:\WINMC\system32\lsass.exe
C:\WINMC\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINMC\System32\svchost.exe
C:\WINMC\system32\spoolsv.exe
C:\WINMC\system32\netdde.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINMC\system32\cisvc.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\WINMC\eHome\ehRecvr.exe
C:\WINMC\eHome\ehSched.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINMC\System32\svchost.exe
C:\WINMC\system32\msiexec.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINMC\ehome\RMSvc.exe
C:\WINMC\system32\r_server.exe
C:\WINMC\system32\svchost.exe
C:\WINMC\system32\wbem\wmiapsrv.exe
C:\WINMC\System32\dmadmin.exe
C:\WINMC\system32\svchost.exe
C:\WINMC\system32\dllhost.exe
C:\WINMC\Explorer.EXE
C:\WINMC\system32\wscntfy.exe
C:\WINMC\system32\wuauclt.exe
C:\WINMC\system32\RUNDLL32.EXE
C:\WINMC\system32\hphmon04.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\WINMC\ehome\RMSysTry.exe
C:\Program Files\MCE\MCEVideoEncoder\MCEVideoEncoder.exe
C:\Program Files\ORB Networks\ORB\bin\OrbTVBuffer.exe
C:\Documents and Settings\Tim Lastoria.OFFICEPC\Desktop\hijackthis\HijackThis.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINMC\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINMC\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HPHmon04] C:\WINMC\system32\hphmon04.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [Orb] C:\Program Files\ORB Networks\ORB\bin\OrbTray.exe
O4 - Startup: MCEVideoEncoder.lnk = ?
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
O4 - Global Startup: Extender Resource Monitor.lnk = C:\WINMC\ehome\RMSysTry.exe
O8 - Extra context menu item: &Download by NetAnts - C:\PROGRA~1\NetAnts\NAGet.htm
O8 - Extra context menu item: Download &All by NetAnts - C:\PROGRA~1\NetAnts\NAGetAll.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Subscribe in default RSS reader - C:\Documents and Settings\Tim Lastoria.OFFICEPC\Application Data\RssBandit\iecontext_subscribefeed.htm
O8 - Extra context menu item: Transfer with Image Converter 2 - C:\Program Files\Sony\Image Converter 2\menu.htm
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: NetAnts - {57E91B47-F40A-11D1-B792-444553540000} - C:\PROGRA~1\NetAnts\NetAnts.exe
O9 - Extra 'Tools' menuitem: &NetAnts - {57E91B47-F40A-11D1-B792-444553540000} - C:\PROGRA~1\NetAnts\NetAnts.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {656FAD09-4DE3-4C34-9600-0928C855FD7A} (AxTaskList Class) - http://moneycentral....bs/pmupd806.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1142219215765
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zon...ro.cab32846.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zon...ss.cab31267.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.c...driveragent.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINMC\system32\BTXPPanel.dll
O20 - Winlogon Notify: MacDrive-iTunes compatibility - C:\Program Files\Common Files\Mediafour\MacDriveiTunesPatch.dll
O20 - Winlogon Notify: NavLogon - C:\WINMC\system32\NavLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINMC\SYSTEM32\WRLogonNTF.dll
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: Remote Administrator Service (r_server) - Unknown owner - C:\WINMC\system32\r_server.exe" /service (file missing)

#9 ken545

ken545

    Forum God

  • Retired Classroom Teacher
  • 23,225 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 16 April 2006 - 06:32 PM

TheAccuser, You log looks good, :thumbup: it has taken me some time to analiyze it because of the Windows Media Center operating system , things are flagged as bad when in fact there good on account of the different file structure. How are things running, any issues?? Ken :D

 
 
The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
donate.gif
 
Find us on Facebook
Please LIKE and SHARE
 
 
Just a reminder that threads will be closed if no reply in 3 days.

#10 ken545

ken545

    Forum God

  • Retired Classroom Teacher
  • 23,225 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 04 May 2006 - 08:30 PM

Here are some free programs and tips for keeping your system up to date, and to help keep all the riff raff out of your system.

Be sure to follow the instructions for System Restore because everything we removed is backed up in that program and if you ever use it to revert your system to an earlier date, you can reinfect your self all over again.


Download and Install CCleaner
* Click on Run Cleaner
* Run the Issues Scan < When it asks you to backup the Registry..Say Yes
Tutorial for CCleaner


Now that your clean, we need to erase all possible older infected files that may still be lurking on your system.
* Clean out your TEMP FILES
* This procedure should be run from SAFEMODE for better results.

To Enter SAFEMODE

* Go to START/ SHUT OF YOUR COMPUTER/ RESTART
* As the computer starts to boot-up, Tap the F8 KEY somewhat rapidly, this will bring up a menu.
* Use the UP AND DOWN ARROW KEYS to scroll up to SAFEMODE
* Then press the ENTER KEY ON YOUR KEYBOARD

* Go to My Computer/ C: Drive/ Documents and Settings/ Every User on this Computer Local Settings
and delete all the contents of the Temp Folder and the Temporary Internet Files Folder <--Just the contents, not the folder itself.

* Go to My Computer/ C:/ Windows/ Temp and delete all the contents of the Temp Folder <-- But not the temp folder itself.

* Go to My Computer/ C:/ Windows/ Prefetch and remove all the contents of the Prefetch Folder. <--But not the Prefetch folder itself.


NOW RE-BOOT NORMALLY


* Open INTERNET EXPLORER
* Click on the TOOLS MENU
* Then INTERNET OPTIONS
* At the GENERAL TAB (which should be the first tab you are currently on),
* click on the DELETE FILES BUTTON and put a checkmark in DELETE ALL OFFLINE CONTENT.
* Then press the OK BUTTON . This may take quite a while, so do not be alarmed with how long it takes.
* When it is done, your Temporary Internet Files will now be deleted.

Now Empty your Recycle Bin

System Restore makes regular backups of all your settings, if you ever had to use this program to restore your
system to a previous date, you will be infected all over again so we need to clean out the previous Restore Points

Turn off System Restore.

* Right-click My Computer.
* Click Properties.
* Click the System Restore tab.
* Check Turn off System Restore on all Drives.
* Click Apply, and then click OK.

Reboot your System

Turn ON System Restore.

* Right-click My Computer.
* ClickProperties.
* Click the System Restore tab.
* UN-Check Turn off System Restore on all Drives.
* Click Apply, and then click OK.

* Go to Start/ Control Panel/ Performance and Maintenance/ System Restore/ Create a New Restore Point
You can name the restore point anything you like, something that you can remember, You will have to be in Catagory View to see this

* Make sure that your ANTI-VIRUS SOFTWARE is up to date and run a full scan at least once aweek.

* Here are Free Anti-Virus Programs if you need one. Just install one because with AV software...MORE IS NOT BETTER.

AVG Free Edition
AntVir Personal Edition


* Spybot Search and Destroy 1.4
Check for Updates/ Immunize and run a Full System Scan on a regular basis.

* Ad-Aware SE Personal 1.06
Check for Updates and run a Full System Scan on a regular basis.

* Spyware Blaster It will prevent most spyware from ever being installed.

* Spyware Guard It offers realtime protection from spyware installation attempts.

* Win Patrol This program will warn you when any changes are being made to your system and
give you the option to deny the change.

* IE- Spyad IE-Spyad places over 4000 web sites and domains
in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (cookies etc) from the sites listed,
although you will still be able to connect to the sites.

* Firefox Browser
It has more features and is a lot more secure than IE. It is a very easy and painless download and install, it will no way interfere with IE, you can use
them both. When it asks you if you want it to be your default browser, say NO and take the checkmark out of the box to ask you again. After you use this
for awhile, you will want to make it your default.

* Thunderbird Mail There companion mail program was highly favored in PCWorld Magazine,
this has a good spam filter and is more secure than Outlook Express.

* Zone Alarm Here is a free Firewall from Zone Labs, I wouldn't
access the internet without it.

* WINDOWS UPDATES - Enable Automatic Updates
Right click on MY COMPUTER/Click on PROPERTIES/ AUTOMATIC UPDATES and put a mark in the radio button
DOWNLOAD UPDATES FOR ME BUT LET ME CHOOSE WHEN TO INSTALL THEM.

* Go to START/ CONTROL PANEL> PERFORMANCE AND MAINTENANCE> REARRANGE ITEMS ON YOUR HARD DISK TO MAKE PROGRAMS RUN FASTER
This is the Windows Disk Defragger, run this maybe once or twice a month to keep your system running good. The first time you run it, it may take awhile.



Thanks for using Tom Coyote,

 
 
The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
donate.gif
 
Find us on Facebook
Please LIKE and SHARE
 
 
Just a reminder that threads will be closed if no reply in 3 days.

#11 ken545

ken545

    Forum God

  • Retired Classroom Teacher
  • 23,225 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 17 May 2006 - 08:11 PM

Glad we could be of assistance. This topic is now closed. If you wish it reopened, please send us an email (Click for address) with a link to your thread.

Do not bother contacting us if you are not the topic starter. A valid, working link to the closed topic is required along with the user name used. If the user name does not match the one in the thread linked, the email will be deleted.
Make sure you use proper prevention to keep from having problems occur to your computer in the future.

Coyote's Installed programs for prevention:

http://forums.tomcoy...showtopic=31418

The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online.

Visit the CoyoteStore http://TomCoyote.org/coyotestore.php

 
 
The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
donate.gif
 
Find us on Facebook
Please LIKE and SHARE
 
 
Just a reminder that threads will be closed if no reply in 3 days.

Related Topics

Back to Virus, Spyware & Malware Removal · Next Unread Topic →

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. What the Tech
  2. Spyware / Malware / Virus Removal
  3. Virus, Spyware & Malware Removal
  4. Privacy Policy
  5. Terms of Use ·