Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93099 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Help! My mother infected my computer!


  • This topic is locked This topic is locked
4 replies to this topic

#1 RoyBoy

RoyBoy

    New Member

  • Authentic Member
  • Pip
  • 5 posts

Posted 16 May 2006 - 07:11 PM

My computer was left on for more than 2 months while I was gone in Europe, and when I got back, it was running a lot slower than normal. Please help!

Royboy

Here is my most recent HijackThis Log....



Logfile of HijackThis v1.99.1
Scan saved at 10:18:29 AM, on 5/13/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\WINDOWS\System32\DSentry.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe
C:\Program Files\Winamp\winampa.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
c:\program files\mcafee.com\agent\mcdetect.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\NetDrive\wdService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Opera\opera.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Brian\Desktop\Security\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\ycomp5_3_19_0.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [EPSON Stylus CX3200] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P19 "EPSON Stylus CX3200" /O6 "USB001" /M "Stylus CX3200"
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...90/mcinsctl.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebo...otoUploader.cab
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://housecall65.t...ivex/hcImpl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcaf...,23/mcgdmgr.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: WebDrive Service (WebDriveService) - Unknown owner - C:\Program Files\NetDrive\wdService.exe

    Advertisements

Register to Remove


#2 Susan528

Susan528

    SuperMember

  • Authentic Member
  • PipPipPipPipPip
  • 3,194 posts

Posted 17 May 2006 - 02:06 AM

Hello RoyBoy and Welcome to TomCoyote,

Please do the following:



STEP 1.
======
SpySweeper

Double-click My Computer.
Click the Tools menu, and then click Folder Options.
Click the View tab.
Clear "Hide file extensions for known file types."
Under the "Hidden files" folder, select "Show hidden files and folders."
Clear "Hide protected operating system files."
Click Apply, and then click OK.


Please do not delete anything unless you are instructed to.


Download the trial version of Spy Sweeper from Here
  • Install it using the Standard Install option. (You will be asked for your e-mail address, it is safe to give it. If you receive alerts from your firewall, allow all activities for Spy Sweeper) You will be prompted to check for updated definitions, please do so.
    (This may take several minutes)
  • Click on Options > Sweep Options and check Sweep all Folders on Selected drives. Check Local Disc C. Under What to Sweep, check every box.
  • Click on Sweep and allow it to fully scan your system.If you are prompted to restart the computer, do so immediately. This is a necessary step to kill the infection!
  • When the sweep has finished, click Remove. Click Select All and then Next
  • From 'Results', select the Session Log tab. Click Save to File and save the log somewhere convenient.
  • Exit Spy Sweeper.

STEP 2.
======
Ewido Trojan Scanner
Please download, install, and update the NEW free version of Ewido trojan scanner:
  • When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
  • When you run ewido for the first time, you may get a warning "Database could not be found!". Click OK. We will fix this in a moment.
  • From the main ewido screen, click on update in the left menu, then click the Start update button.
  • After the update finishes (the status bar at the bottom will display "Update successful")
  • Click on the Scanner button in the left menu, then click on Complete System Scan. This scan can take quite a while to run.
  • If ewido finds anything, it will pop up a notification. Select "clean" and check the boxes "Perform action with all infections" and "Create encrypted backup" before clicking on OK.
  • When the scan finishes, click on "Save Report". This will create a text file. Make sure you know where to find this file again.
Empty Recycle Bin
Reboot

Please post the results from SpySweeper, ewido and a new hijackthis log.
Posted Image

Proud member of ASAP since 2005

The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online.

Want to help others? Come join us in the Class Room and learn how.

#3 RoyBoy

RoyBoy

    New Member

  • Authentic Member
  • Pip
  • 5 posts

Posted 17 May 2006 - 09:40 PM

Thanks so much for helping me out!


First, here is my Spy Sweeper report log...

********
7:15 PM: | Start of Session, Wednesday, May 17, 2006 |
7:15 PM: Spy Sweeper started
7:15 PM: Sweep initiated using definitions version 680
7:15 PM: Starting Memory Sweep
7:20 PM: Memory Sweep Complete, Elapsed Time: 00:04:09
7:20 PM: Starting Registry Sweep
7:20 PM: Found Adware: comet cursor
7:20 PM: HKCR\appid\dmserver.exe\ (1 subtraces) (ID = 106303)
7:20 PM: HKCR\appid\{bac984c9-78c8-4105-9e97-1675a4052686}\ (1 subtraces) (ID = 106304)
7:20 PM: HKCR\clsid\{16bc6464-196a-4bab-a14b-f69f8a0a60f7}\ (11 subtraces) (ID = 106322)
7:20 PM: HKCR\clsid\{197ab1d7-a7dd-4c86-a938-1fcc0db21b85}\ (14 subtraces) (ID = 106331)
7:20 PM: HKCR\clsid\{f59c663d-e891-492c-86e3-0758c71885c2}\ (11 subtraces) (ID = 106359)
7:20 PM: HKCR\cssecurity.htmlsecurity.1\ (3 subtraces) (ID = 106426)
7:20 PM: HKCR\cssecurity.htmlsecurity\ (5 subtraces) (ID = 106427)
7:20 PM: HKCR\dmproxy.dmproxyctl.1\ (3 subtraces) (ID = 106428)
7:20 PM: HKCR\dmproxy.dmproxyctl\ (5 subtraces) (ID = 106429)
7:20 PM: HKCR\dmserver.dmnotify.1\ (3 subtraces) (ID = 106430)
7:20 PM: HKCR\dmserver.dmnotify\ (5 subtraces) (ID = 106431)
7:20 PM: HKCR\interface\{4a0f42b7-a61b-4131-bf41-bf05a2635bfd}\ (8 subtraces) (ID = 106455)
7:20 PM: HKCR\interface\{9dbdd71c-0a7f-48ac-9ffa-e102b3750b9d}\ (8 subtraces) (ID = 106461)
7:20 PM: HKCR\interface\{c2e56e18-2f04-4ab9-9333-b2db3c350956}\ (8 subtraces) (ID = 106489)
7:20 PM: HKCR\interface\{e9cbbeed-20b6-456c-8589-cf364d9d2370}\ (8 subtraces) (ID = 106503)
7:20 PM: HKCR\interface\{f8c5ea77-7d72-405c-b90a-093655b0f544}\ (8 subtraces) (ID = 106509)
7:20 PM: HKLM\software\classes\appid\dmserver.exe\ (1 subtraces) (ID = 106525)
7:20 PM: HKLM\software\classes\appid\{bac984c9-78c8-4105-9e97-1675a4052686}\ (1 subtraces) (ID = 106526)
7:20 PM: HKLM\software\classes\clsid\{16bc6464-196a-4bab-a14b-f69f8a0a60f7}\ (11 subtraces) (ID = 106541)
7:20 PM: HKLM\software\classes\clsid\{197ab1d7-a7dd-4c86-a938-1fcc0db21b85}\ (14 subtraces) (ID = 106549)
7:20 PM: HKLM\software\classes\clsid\{f59c663d-e891-492c-86e3-0758c71885c2}\ (11 subtraces) (ID = 106577)
7:20 PM: HKLM\software\classes\cssecurity.htmlsecurity\ (5 subtraces) (ID = 106610)
7:20 PM: HKLM\software\classes\dmproxy.dmproxyctl.1\ (3 subtraces) (ID = 106611)
7:20 PM: HKLM\software\classes\dmproxy.dmproxyctl\ (5 subtraces) (ID = 106612)
7:20 PM: HKLM\software\classes\dmserver.dmnotify.1\ (3 subtraces) (ID = 106613)
7:20 PM: HKLM\software\classes\dmserver.dmnotify\ (5 subtraces) (ID = 106614)
7:20 PM: HKLM\software\classes\interface\{4a0f42b7-a61b-4131-bf41-bf05a2635bfd}\ (8 subtraces) (ID = 106636)
7:20 PM: HKLM\software\classes\interface\{9dbdd71c-0a7f-48ac-9ffa-e102b3750b9d}\ (8 subtraces) (ID = 106642)
7:20 PM: HKLM\software\classes\interface\{c2e56e18-2f04-4ab9-9333-b2db3c350956}\ (8 subtraces) (ID = 106667)
7:20 PM: HKLM\software\classes\interface\{e9cbbeed-20b6-456c-8589-cf364d9d2370}\ (8 subtraces) (ID = 106680)
7:20 PM: HKLM\software\classes\interface\{f8c5ea77-7d72-405c-b90a-093655b0f544}\ (8 subtraces) (ID = 106687)
7:20 PM: HKLM\software\classes\typelib\{8fcd3b3f-6f3e-4bb2-9c37-b03b27f71857}\ (9 subtraces) (ID = 106704)
7:20 PM: HKLM\software\classes\typelib\{32ba13af-001c-456e-8825-8d53077460ac}\ (9 subtraces) (ID = 106705)
7:20 PM: HKLM\software\classes\typelib\{844c39ec-7ea4-4f11-bce6-28404fd768e3}\ (9 subtraces) (ID = 106706)
7:20 PM: HKCR\typelib\{8fcd3b3f-6f3e-4bb2-9c37-b03b27f71857}\ (9 subtraces) (ID = 106755)
7:20 PM: HKCR\typelib\{32ba13af-001c-456e-8825-8d53077460ac}\ (9 subtraces) (ID = 106756)
7:20 PM: HKCR\typelib\{844c39ec-7ea4-4f11-bce6-28404fd768e3}\ (9 subtraces) (ID = 106757)
7:20 PM: Found Adware: cws_ns3
7:20 PM: HKCR\clsid\{c432f8c9-5e41-f564-674e-c21b8257061b}\ (6 subtraces) (ID = 119009)
7:20 PM: HKLM\software\classes\clsid\{c432f8c9-5e41-f564-674e-c21b8257061b}\ (6 subtraces) (ID = 120846)
7:20 PM: Found Adware: keenvalue/perfectnav
7:20 PM: HKLM\software\perfectnav\ (1 subtraces) (ID = 129516)
7:20 PM: Found Adware: directrevenue-abetterinternet
7:20 PM: HKLM\software\dbi\ (29 subtraces) (ID = 145915)
7:20 PM: Found Adware: winad
7:20 PM: HKLM\software\classes\winadx.installer\ (3 subtraces) (ID = 147180)
7:20 PM: HKCR\winadx.installer\ (3 subtraces) (ID = 147248)
7:20 PM: Found Adware: cws-aboutblank
7:20 PM: HKU\S-1-5-21-1282968177-3619185988-1870696932-1007\software\microsoft\internet explorer\main\ || search page_bak (ID = 115925)
7:20 PM: Found Adware: gsim
7:20 PM: HKU\S-1-5-21-1282968177-3619185988-1870696932-1007\software\dynamic toolbar\gsim\ (8 subtraces) (ID = 127017)
7:20 PM: HKU\S-1-5-21-1282968177-3619185988-1870696932-1007\software\microsoft\internet explorer\main\ || search page_bak (ID = 774883)
7:20 PM: Found Adware: mindset interactive - favoriteman
7:20 PM: HKU\S-1-5-21-1282968177-3619185988-1870696932-1007\software\microsoft\windows\ || server (ID = 1025299)
7:20 PM: Registry Sweep Complete, Elapsed Time:00:00:13
7:20 PM: Starting Cookie Sweep
7:20 PM: Found Spy Cookie: sandboxer cookie
7:20 PM: brian@0[1].txt (ID = 3282)
7:20 PM: Found Spy Cookie: 2o7.net cookie
7:20 PM: brian@2o7[1].txt (ID = 1957)
7:20 PM: Found Spy Cookie: 64.62.232 cookie
7:20 PM: brian@64.62.232[2].txt (ID = 1987)
7:20 PM: Found Spy Cookie: websponsors cookie
7:20 PM: brian@a.websponsors[1].txt (ID = 3665)
7:20 PM: Found Spy Cookie: about cookie
7:20 PM: brian@about[2].txt (ID = 2037)
7:20 PM: Found Spy Cookie: ad-logics cookie
7:20 PM: brian@ad-logics[1].txt (ID = 2049)
7:20 PM: Found Spy Cookie: yieldmanager cookie
7:20 PM: brian@ad.yieldmanager[2].txt (ID = 3751)
7:20 PM: Found Spy Cookie: adknowledge cookie
7:20 PM: brian@adknowledge[2].txt (ID = 2072)
7:20 PM: Found Spy Cookie: adlegend cookie
7:20 PM: brian@adlegend[1].txt (ID = 2074)
7:20 PM: Found Spy Cookie: precisead cookie
7:20 PM: brian@adopt.precisead[2].txt (ID = 3182)
7:20 PM: Found Spy Cookie: specificclick.com cookie
7:20 PM: brian@adopt.specificclick[2].txt (ID = 3400)
7:20 PM: Found Spy Cookie: adorigin cookie
7:20 PM: brian@adorigin[2].txt (ID = 2082)
7:20 PM: Found Spy Cookie: adrevolver cookie
7:20 PM: brian@adrevolver[1].txt (ID = 2088)
7:20 PM: brian@adrevolver[3].txt (ID = 2088)
7:20 PM: Found Spy Cookie: addynamix cookie
7:20 PM: brian@ads.addynamix[2].txt (ID = 2062)
7:20 PM: Found Spy Cookie: pointroll cookie
7:20 PM: brian@ads.pointroll[2].txt (ID = 3148)
7:20 PM: Found Spy Cookie: adtech cookie
7:20 PM: brian@adtech[2].txt (ID = 2155)
7:20 PM: Found Spy Cookie: alt cookie
7:20 PM: brian@alt[2].txt (ID = 2217)
7:20 PM: Found Spy Cookie: apmebf cookie
7:20 PM: brian@apmebf[2].txt (ID = 2229)
7:20 PM: Found Spy Cookie: falkag cookie
7:20 PM: brian@as-us.falkag[2].txt (ID = 2650)
7:20 PM: Found Spy Cookie: askmen cookie
7:20 PM: brian@askmen[2].txt (ID = 2247)
7:20 PM: Found Spy Cookie: ask cookie
7:20 PM: brian@ask[1].txt (ID = 2245)
7:20 PM: Found Spy Cookie: belnk cookie
7:20 PM: brian@ath.belnk[2].txt (ID = 2293)
7:20 PM: Found Spy Cookie: atwola cookie
7:20 PM: brian@atwola[2].txt (ID = 2255)
7:20 PM: Found Spy Cookie: bannerspace cookie
7:20 PM: brian@bannerspace[1].txt (ID = 2284)
7:20 PM: Found Spy Cookie: banner cookie
7:20 PM: brian@banner[2].txt (ID = 2276)
7:20 PM: brian@belnk[2].txt (ID = 2292)
7:20 PM: Found Spy Cookie: bizrate cookie
7:20 PM: brian@bizrate[1].txt (ID = 2308)
7:20 PM: Found Spy Cookie: bluestreak cookie
7:20 PM: brian@bluestreak[1].txt (ID = 2314)
7:20 PM: Found Spy Cookie: bs.serving-sys cookie
7:20 PM: brian@bs.serving-sys[1].txt (ID = 2330)
7:20 PM: Found Spy Cookie: burstnet cookie
7:20 PM: brian@burstnet[1].txt (ID = 2336)
7:20 PM: Found Spy Cookie: enhance cookie
7:20 PM: brian@c.enhance[1].txt (ID = 2614)
7:20 PM: Found Spy Cookie: zedo cookie
7:20 PM: brian@c5.zedo[1].txt (ID = 3763)
7:20 PM: Found Spy Cookie: casalemedia cookie
7:20 PM: brian@casalemedia[2].txt (ID = 2354)
7:20 PM: Found Spy Cookie: cd freaks cookie
7:20 PM: brian@cdfreaks[2].txt (ID = 2370)
7:20 PM: Found Spy Cookie: centrport net cookie
7:20 PM: brian@centrport[2].txt (ID = 2374)
7:20 PM: brian@childparenting.about[1].txt (ID = 2038)
7:20 PM: Found Spy Cookie: classmates cookie
7:20 PM: brian@classmates[1].txt (ID = 2384)
7:20 PM: Found Spy Cookie: clickbank cookie
7:20 PM: brian@clickbank[2].txt (ID = 2398)
7:20 PM: brian@club.cdfreaks[1].txt (ID = 2371)
7:20 PM: Found Spy Cookie: did-it cookie
7:20 PM: brian@did-it[1].txt (ID = 2523)
7:20 PM: brian@dist.belnk[2].txt (ID = 2293)
7:20 PM: Found Spy Cookie: ru4 cookie
7:20 PM: brian@edge.ru4[1].txt (ID = 3269)
7:20 PM: brian@entrepreneur.122.2o7[1].txt (ID = 1958)
7:20 PM: Found Spy Cookie: go.com cookie
7:20 PM: brian@espn.go[1].txt (ID = 2729)
7:20 PM: Found Spy Cookie: exitexchange cookie
7:20 PM: brian@exitexchange[1].txt (ID = 2633)
7:20 PM: Found Spy Cookie: findwhat cookie
7:20 PM: brian@findwhat[1].txt (ID = 2674)
7:20 PM: brian@games.espn.go[1].txt (ID = 2729)
7:20 PM: Found Spy Cookie: gamespy cookie
7:20 PM: brian@gamespy[1].txt (ID = 2719)
7:20 PM: brian@genealogy.about[1].txt (ID = 2038)
7:20 PM: brian@go[1].txt (ID = 2728)
7:20 PM: Found Spy Cookie: clickandtrack cookie
7:20 PM: brian@hits.clickandtrack[2].txt (ID = 2397)
7:20 PM: Found Spy Cookie: hitstats.net cookie
7:20 PM: brian@hitstats[1].txt (ID = 2791)
7:20 PM: Found Spy Cookie: hotlog cookie
7:20 PM: brian@hotlog[2].txt (ID = 2801)
7:20 PM: Found Spy Cookie: hypertracker.com cookie
7:20 PM: brian@hypertracker[2].txt (ID = 2817)
7:20 PM: Found Spy Cookie: ic-live cookie
7:20 PM: brian@ic-live[1].txt (ID = 2821)
7:20 PM: brian@insider.espn.go[2].txt (ID = 2729)
7:20 PM: brian@internetgames.about[1].txt (ID = 2038)
7:20 PM: Found Spy Cookie: sb01 cookie
7:20 PM: brian@jp1.sb01[2].txt (ID = 3288)
7:20 PM: Found Spy Cookie: l2m.net cookie
7:20 PM: brian@l2m[1].txt (ID = 2913)
7:20 PM: Found Spy Cookie: domainsponsor cookie
7:20 PM: brian@landing.domainsponsor[1].txt (ID = 2535)
7:20 PM: Found Spy Cookie: maxserving cookie
7:20 PM: brian@maxserving[1].txt (ID = 2966)
7:20 PM: Found Spy Cookie: metareward.com cookie
7:20 PM: brian@metareward[1].txt (ID = 2990)
7:20 PM: brian@msnportal.112.2o7[1].txt (ID = 1958)
7:20 PM: brian@my.espn.go[1].txt (ID = 2729)
7:20 PM: Found Spy Cookie: mygeek cookie
7:20 PM: brian@mygeek[1].txt (ID = 3041)
7:20 PM: Found Spy Cookie: nextag cookie
7:20 PM: brian@nextag[2].txt (ID = 5014)
7:20 PM: brian@northwestairlines.112.2o7[1].txt (ID = 1958)
7:20 PM: Found Spy Cookie: one-time-offer cookie
7:20 PM: brian@one-time-offer[2].txt (ID = 3095)
7:20 PM: Found Spy Cookie: overture cookie
7:20 PM: brian@overture[2].txt (ID = 3105)
7:20 PM: Found Spy Cookie: touchclarity cookie
7:20 PM: brian@partypoker.touchclarity[1].txt (ID = 3567)
7:20 PM: Found Spy Cookie: partypoker cookie
7:20 PM: brian@partypoker[2].txt (ID = 3111)
7:20 PM: Found Spy Cookie: passion cookie
7:20 PM: brian@passion[2].txt (ID = 3113)
7:20 PM: Found Spy Cookie: paypopup cookie
7:20 PM: brian@paypopup[1].txt (ID = 3119)
7:20 PM: brian@perf.overture[1].txt (ID = 3106)
7:20 PM: brian@popunder.paypopup[1].txt (ID = 3120)
7:20 PM: Found Spy Cookie: valuead cookie
7:20 PM: brian@premiumnetworkrocks.valuead[1].txt (ID = 3627)
7:20 PM: Found Spy Cookie: pricegrabber cookie
7:20 PM: brian@pricegrabber[2].txt (ID = 3185)
7:20 PM: Found Spy Cookie: pro-market cookie
7:20 PM: brian@pro-market[1].txt (ID = 3197)
7:20 PM: Found Spy Cookie: pub cookie
7:20 PM: brian@pub[2].txt (ID = 3205)
7:20 PM: Found Spy Cookie: qsrch cookie
7:20 PM: brian@qsrch[1].txt (ID = 3215)
7:20 PM: Found Spy Cookie: questionmarket cookie
7:20 PM: brian@questionmarket[1].txt (ID = 3217)
7:20 PM: brian@r.espn.go[1].txt (ID = 2729)
7:20 PM: Found Spy Cookie: realmedia cookie
7:20 PM: brian@realmedia[2].txt (ID = 3235)
7:20 PM: Found Spy Cookie: rednova cookie
7:20 PM: brian@rednova[1].txt (ID = 3245)
7:20 PM: Found Spy Cookie: reunion cookie
7:20 PM: brian@reunion[1].txt (ID = 3255)
7:20 PM: Found Spy Cookie: revenue.net cookie
7:20 PM: brian@revenue[1].txt (ID = 3257)
7:20 PM: Found Spy Cookie: rn11 cookie
7:20 PM: brian@rn11[2].txt (ID = 3261)
7:20 PM: Found Spy Cookie: adjuggler cookie
7:20 PM: brian@rotator.adjuggler[2].txt (ID = 2071)
7:20 PM: brian@rotator.dex.adjuggler[1].txt (ID = 2070)
7:20 PM: brian@rsi.espn.go[1].txt (ID = 2729)
7:20 PM: Found Spy Cookie: seeq cookie
7:20 PM: brian@seeq[1].txt (ID = 3331)
7:20 PM: Found Spy Cookie: server.iad.liveperson cookie
7:20 PM: brian@server.iad.liveperson[2].txt (ID = 3341)
7:20 PM: Found Spy Cookie: serving-sys cookie
7:20 PM: brian@serving-sys[2].txt (ID = 3343)
7:20 PM: Found Spy Cookie: servlet cookie
7:20 PM: brian@servlet[1].txt (ID = 3345)
7:20 PM: brian@sports-att.espn.go[2].txt (ID = 2729)
7:20 PM: brian@sports.espn.go[1].txt (ID = 2729)
7:20 PM: Found Spy Cookie: statcounter cookie
7:20 PM: brian@statcounter[1].txt (ID = 3447)
7:20 PM: Found Spy Cookie: statstracking cookie
7:20 PM: brian@stats-tracking[1].txt (ID = 3453)
7:20 PM: Found Spy Cookie: tacoda cookie
7:20 PM: brian@tacoda[1].txt (ID = 6444)
7:20 PM: brian@thunderbolt.adjuggler[1].txt (ID = 2070)
7:20 PM: Found Spy Cookie: toplist cookie
7:20 PM: brian@toplist[1].txt (ID = 3557)
7:20 PM: Found Spy Cookie: toprebates.com cookie
7:20 PM: brian@toprebates[2].txt (ID = 3561)
7:20 PM: Found Spy Cookie: trafficmp cookie
7:20 PM: brian@trafficmp[2].txt (ID = 3581)
7:20 PM: Found Spy Cookie: trb.com cookie
7:20 PM: brian@trb[1].txt (ID = 3587)
7:20 PM: Found Spy Cookie: tribalfusion cookie
7:20 PM: brian@tribalfusion[1].txt (ID = 3589)
7:20 PM: Found Spy Cookie: tripod cookie
7:20 PM: brian@tripod[1].txt (ID = 3591)
7:20 PM: Found Spy Cookie: tvguide cookie
7:20 PM: brian@tvguide[1].txt (ID = 3599)
7:20 PM: brian@valuead[1].txt (ID = 3626)
7:20 PM: Found Spy Cookie: videodome cookie
7:20 PM: brian@videodome[1].txt (ID = 3638)
7:20 PM: brian@www.abcnews.go[1].txt (ID = 2729)
7:20 PM: Found Spy Cookie: adminder cookie
7:20 PM: brian@www.adminder[1].txt (ID = 2079)
7:20 PM: Found Spy Cookie: burstbeacon cookie
7:20 PM: brian@www.burstbeacon[2].txt (ID = 2335)
7:20 PM: Found Spy Cookie: eadexchange cookie
7:20 PM: brian@www.eadexchange[2].txt (ID = 2556)
7:20 PM: Found Spy Cookie: myaffiliateprogram.com cookie
7:20 PM: brian@www.myaffiliateprogram[2].txt (ID = 3032)
7:20 PM: brian@www.rednova[2].txt (ID = 3246)
7:20 PM: Found Spy Cookie: screensavers.com cookie
7:20 PM: brian@www.screensavers[2].txt (ID = 3298)
7:20 PM: brian@www.toprebates[2].txt (ID = 3562)
7:20 PM: Found Spy Cookie: xiti cookie
7:20 PM: brian@xiti[1].txt (ID = 3717)
7:20 PM: Found Spy Cookie: adserver cookie
7:20 PM: brian@z1.adserver[1].txt (ID = 2142)
7:20 PM: brian@zedo[2].txt (ID = 3762)
7:20 PM: Cookie Sweep Complete, Elapsed Time: 00:00:09
7:20 PM: Starting File Sweep
7:20 PM: Found Adware: clearsearch
7:20 PM: c:\windows\temp\clrsch (ID = -2147481248)
7:20 PM: Found Adware: bullguard popup ad
7:20 PM: c:\windows\temp\bullguard (1 subtraces) (ID = -2147476409)
7:21 PM: Found Adware: coolwebsearch (cws)
7:21 PM: dpuuf.log (ID = 53966)
7:22 PM: texhb.log (ID = 53966)
7:22 PM: kfecu.txt (ID = 53966)
7:22 PM: mspid.log (ID = 53966)
7:22 PM: ygshh.log (ID = 56447)
7:24 PM: mkfky.dat (ID = 56680)
7:24 PM: cywvf.dat (ID = 56680)
7:24 PM: crlnu.dat (ID = 56680)
7:24 PM: bl.dat (ID = 56394)
7:24 PM: hhobq.txt (ID = 56447)
7:24 PM: qhlmb.txt (ID = 56711)
7:24 PM: aemxs.log (ID = 56447)
7:25 PM: djjfs.txt (ID = 56447)
7:25 PM: cqqvs.log (ID = 56447)
7:25 PM: ioimi.txt (ID = 56711)
7:25 PM: pophg.log (ID = 56447)
7:25 PM: hmdjb.txt (ID = 56447)
7:25 PM: vrjau.txt (ID = 56711)
7:26 PM: mwvzk.txt (ID = 53966)
7:26 PM: gsim.inf (ID = 61964)
7:28 PM: keywords.dat (ID = 54234)
7:28 PM: dict.dat (ID = 54051)
7:29 PM: keywords.dat (ID = 54234)
7:29 PM: dict.dat (ID = 54051)
7:33 PM: jguax.log (ID = 56711)
7:39 PM: tpkpl.log (ID = 56447)
7:42 PM: buron.log (ID = 56447)
7:42 PM: tvkuq.log (ID = 56711)
7:45 PM: cwjaw.txt (ID = 56447)
7:58 PM: uxtgy.txt (ID = 53966)
8:01 PM: Found Adware: cydoor peer-to-peer dependency
8:01 PM: cd_clint.dll (ID = 57300)
8:03 PM: bulldownload.exe (ID = 52017)
8:36 PM: dict.dat (ID = 54051)
8:36 PM: keywords.dat (ID = 54234)
8:41 PM: im64.dll (ID = 69841)
8:41 PM: biini.inf (ID = 83199)
8:41 PM: belt.inf (ID = 83154)
8:41 PM: Found System Monitor: potentially rootkit-masked files
8:41 PM: 3m app.doc (ID = 0)
8:41 PM: music.asx (ID = 0)
8:41 PM: thumbs.db (ID = 0)
8:41 PM: blue hills.jpg (ID = 0)
8:41 PM: music.bmp (ID = 0)
8:41 PM: andrew lindsay.doc (ID = 0)
8:41 PM: ringtone-composer.exe (ID = 0)
8:41 PM: winter.jpg (ID = 0)
8:41 PM: water lilies.jpg (ID = 0)
8:41 PM: sunset.jpg (ID = 0)
8:41 PM: beethoven's symphony no. 9 (scherzo).wma (ID = 0)
8:41 PM: new stories (highway blues).wma (ID = 0)
8:41 PM: music.wma (ID = 0)
8:41 PM: desktop.ini (ID = 0)
8:41 PM: desktop.ini (ID = 0)
8:41 PM: desktop.ini (ID = 0)
8:41 PM: desktop.ini (ID = 0)
8:41 PM: desktop.ini (ID = 0)
8:47 PM: Warning: Unhandled Archive Type
8:58 PM: Warning: Unhandled Archive Type
8:59 PM: Warning: Unhandled Archive Type
9:00 PM: Warning: Invalid Stream
9:01 PM: File Sweep Complete, Elapsed Time: 01:40:41
9:01 PM: Full Sweep has completed. Elapsed time 01:45:19
9:01 PM: Traces Found: 537
9:07 PM: Removal process initiated
9:07 PM: Quarantining All Traces: clearsearch
9:07 PM: Quarantining All Traces: cws_ns3
9:07 PM: Quarantining All Traces: cws-aboutblank
9:07 PM: Quarantining All Traces: directrevenue-abetterinternet
9:07 PM: Quarantining All Traces: potentially rootkit-masked files
9:07 PM: potentially rootkit-masked files is in use. It will be removed on reboot.
9:07 PM: music.asx is in use. It will be removed on reboot.
9:07 PM: thumbs.db is in use. It will be removed on reboot.
9:07 PM: blue hills.jpg is in use. It will be removed on reboot.
9:07 PM: music.bmp is in use. It will be removed on reboot.
9:07 PM: winter.jpg is in use. It will be removed on reboot.
9:07 PM: water lilies.jpg is in use. It will be removed on reboot.
9:07 PM: sunset.jpg is in use. It will be removed on reboot.
9:07 PM: beethoven's symphony no. 9 (scherzo).wma is in use. It will be removed on reboot.
9:07 PM: new stories (highway blues).wma is in use. It will be removed on reboot.
9:07 PM: music.wma is in use. It will be removed on reboot.
9:07 PM: desktop.ini is in use. It will be removed on reboot.
9:07 PM: desktop.ini is in use. It will be removed on reboot.
9:07 PM: desktop.ini is in use. It will be removed on reboot.
9:07 PM: desktop.ini is in use. It will be removed on reboot.
9:07 PM: desktop.ini is in use. It will be removed on reboot.
9:07 PM: Quarantining All Traces: comet cursor
9:07 PM: Quarantining All Traces: coolwebsearch (cws)
9:07 PM: Quarantining All Traces: mindset interactive - favoriteman
9:07 PM: Quarantining All Traces: winad
9:07 PM: Quarantining All Traces: bullguard popup ad
9:08 PM: Quarantining All Traces: cydoor peer-to-peer dependency
9:08 PM: Quarantining All Traces: gsim
9:08 PM: Quarantining All Traces: keenvalue/perfectnav
9:08 PM: Quarantining All Traces: 2o7.net cookie
9:08 PM: Quarantining All Traces: 64.62.232 cookie
9:08 PM: Quarantining All Traces: about cookie
9:08 PM: Quarantining All Traces: addynamix cookie
9:08 PM: Quarantining All Traces: adjuggler cookie
9:08 PM: Quarantining All Traces: adknowledge cookie
9:08 PM: Quarantining All Traces: adlegend cookie
9:08 PM: Quarantining All Traces: ad-logics cookie
9:08 PM: Quarantining All Traces: adminder cookie
9:08 PM: Quarantining All Traces: adorigin cookie
9:08 PM: Quarantining All Traces: adrevolver cookie
9:08 PM: Quarantining All Traces: adserver cookie
9:08 PM: Quarantining All Traces: adtech cookie
9:08 PM: Quarantining All Traces: alt cookie
9:08 PM: Quarantining All Traces: apmebf cookie
9:08 PM: Quarantining All Traces: ask cookie
9:08 PM: Quarantining All Traces: askmen cookie
9:08 PM: Quarantining All Traces: atwola cookie
9:08 PM: Quarantining All Traces: banner cookie
9:08 PM: Quarantining All Traces: bannerspace cookie
9:08 PM: Quarantining All Traces: belnk cookie
9:08 PM: Quarantining All Traces: bizrate cookie
9:08 PM: Quarantining All Traces: bluestreak cookie
9:08 PM: Quarantining All Traces: bs.serving-sys cookie
9:08 PM: Quarantining All Traces: burstbeacon cookie
9:08 PM: Quarantining All Traces: burstnet cookie
9:08 PM: Quarantining All Traces: casalemedia cookie
9:08 PM: Quarantining All Traces: cd freaks cookie
9:08 PM: Quarantining All Traces: centrport net cookie
9:08 PM: Quarantining All Traces: classmates cookie
9:08 PM: Quarantining All Traces: clickandtrack cookie
9:08 PM: Quarantining All Traces: clickbank cookie
9:08 PM: Quarantining All Traces: did-it cookie
9:08 PM: Quarantining All Traces: domainsponsor cookie
9:08 PM: Quarantining All Traces: eadexchange cookie
9:08 PM: Quarantining All Traces: enhance cookie
9:08 PM: Quarantining All Traces: exitexchange cookie
9:08 PM: Quarantining All Traces: falkag cookie
9:08 PM: Quarantining All Traces: findwhat cookie
9:08 PM: Quarantining All Traces: gamespy cookie
9:08 PM: Quarantining All Traces: go.com cookie
9:08 PM: Quarantining All Traces: hitstats.net cookie
9:08 PM: Quarantining All Traces: hotlog cookie
9:08 PM: Quarantining All Traces: hypertracker.com cookie
9:08 PM: Quarantining All Traces: ic-live cookie
9:08 PM: Quarantining All Traces: l2m.net cookie
9:08 PM: Quarantining All Traces: maxserving cookie
9:08 PM: Quarantining All Traces: metareward.com cookie
9:08 PM: Quarantining All Traces: myaffiliateprogram.com cookie
9:08 PM: Quarantining All Traces: mygeek cookie
9:08 PM: Quarantining All Traces: nextag cookie
9:08 PM: Quarantining All Traces: one-time-offer cookie
9:08 PM: Quarantining All Traces: overture cookie
9:08 PM: Quarantining All Traces: partypoker cookie
9:08 PM: Quarantining All Traces: passion cookie
9:08 PM: Quarantining All Traces: paypopup cookie
9:08 PM: Quarantining All Traces: pointroll cookie
9:08 PM: Quarantining All Traces: precisead cookie
9:08 PM: Quarantining All Traces: pricegrabber cookie
9:08 PM: Quarantining All Traces: pro-market cookie
9:08 PM: Quarantining All Traces: pub cookie
9:08 PM: Quarantining All Traces: qsrch cookie
9:08 PM: Quarantining All Traces: questionmarket cookie
9:08 PM: Quarantining All Traces: realmedia cookie
9:08 PM: Quarantining All Traces: rednova cookie
9:08 PM: Quarantining All Traces: reunion cookie
9:08 PM: Quarantining All Traces: revenue.net cookie
9:08 PM: Quarantining All Traces: rn11 cookie
9:08 PM: Quarantining All Traces: ru4 cookie
9:08 PM: Quarantining All Traces: sandboxer cookie
9:08 PM: Quarantining All Traces: sb01 cookie
9:08 PM: Quarantining All Traces: screensavers.com cookie
9:08 PM: Quarantining All Traces: seeq cookie
9:08 PM: Quarantining All Traces: server.iad.liveperson cookie
9:08 PM: Quarantining All Traces: serving-sys cookie
9:08 PM: Quarantining All Traces: servlet cookie
9:08 PM: Quarantining All Traces: specificclick.com cookie
9:08 PM: Quarantining All Traces: statcounter cookie
9:08 PM: Quarantining All Traces: statstracking cookie
9:08 PM: Quarantining All Traces: tacoda cookie
9:08 PM: Quarantining All Traces: toplist cookie
9:08 PM: Quarantining All Traces: toprebates.com cookie
9:08 PM: Quarantining All Traces: touchclarity cookie
9:08 PM: Quarantining All Traces: trafficmp cookie
9:08 PM: Quarantining All Traces: trb.com cookie
9:08 PM: Quarantining All Traces: tribalfusion cookie
9:08 PM: Quarantining All Traces: tripod cookie
9:08 PM: Quarantining All Traces: tvguide cookie
9:08 PM: Quarantining All Traces: valuead cookie
9:08 PM: Quarantining All Traces: videodome cookie
9:08 PM: Quarantining All Traces: websponsors cookie
9:08 PM: Quarantining All Traces: xiti cookie
9:08 PM: Quarantining All Traces: yieldmanager cookie
9:08 PM: Quarantining All Traces: zedo cookie
9:08 PM: Preparing to restart your computer. Please wait...
9:08 PM: Removal process completed. Elapsed time 00:01:32
********
7:13 PM: | Start of Session, Wednesday, May 17, 2006 |
7:13 PM: Spy Sweeper started
7:13 PM: Your spyware definitions have been updated.
7:15 PM: | End of Session, Wednesday, May 17, 2006 |


Next, here is my Ediwdo report log.

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 10:28:22 PM, 5/17/2006
+ Report-Checksum: 7D20D3D0

+ Scan result:

HKLM\SOFTWARE\Classes\CLSID\{0B043178-7412-F22A-4F6E-DA5B78A513E5} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{19899FD2-72DC-ADED-A735-6279FA695369} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{25713B9E-3A18-4906-71FE-9FE3C5B4B02A} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{2B33C71B-605A-1734-B317-E595374F9DA9} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{3C6CC514-0686-8D4A-3795-115CE35C21E9} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{3E8464A5-089B-AA14-00B6-7BC0B335C697} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{50851802-1398-D825-BABC-F1EC05737E05} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{515E6800-C37D-9309-FEE4-5E5649A955B4} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{5594286E-2D6D-EE06-1F69-72D3E29EFE21} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{58A18AE6-6FAA-D8C2-14DB-4B8800933F55} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{5DB4FA6D-8DF7-FEDD-6004-A7710DCAC5DE} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{64B26103-2B1C-551B-4BBE-4C0B592B4757} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{67878067-8C35-4F5D-4D85-1A13C5E41DE1} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{6BA5F227-1540-0895-1ED0-89D9E68F534F} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{6BF9C3C4-0A9A-7E95-B93A-7BDCB4DCE7F1} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{80CDCDFA-69CC-380D-123F-DF6C7FC64845} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{81DE9EF1-9091-D3E5-B58C-E083B9CEB6D3} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{846C9BB6-DD44-7AC5-7649-16F81934AA00} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{881A5C23-96F5-9D86-B285-C0FC40116992} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{983D1105-2366-D1D5-E5DA-05F4CC5CDA8E} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{9A81ADE0-5E7F-0E4E-78B9-FD1D291D1B99} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{A8D30C47-4510-9BB5-0432-574064529B27} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{A97AC2A2-0659-AC43-72DB-D9D913C43C45} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{CB83A090-647D-46EC-C087-3515DC944D17} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{D476F3A0-4D6E-CAD1-1014-B290A1A15520} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{DB26F49F-94D2-381B-21DE-2CF4D74E0AC6} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{DE3AE878-C016-F46D-089A-80B24A7316D7} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{E738C459-A711-F262-AA4A-278418C66737} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{EAA00845-B10D-A53B-8771-FBD4916BCE85} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{F7C42564-EA95-5F04-2382-4C97CB847F28} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{F9538E86-36EE-4A7E-6596-B6F8EAA229D9} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\ins -> Adware.WebRebates : Cleaned with backup
C:\Documents and Settings\Brian\Cookies\brian@citi.bridgetrack[2].txt -> TrackingCookie.Bridgetrack : Cleaned with backup
C:\Documents and Settings\Brian\Cookies\brian@com[2].txt -> TrackingCookie.Com : Cleaned with backup
C:\Documents and Settings\Brian\Cookies\brian@e-2dj6wfkicjd5odo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Brian\Cookies\brian@e-2dj6wfkiggcpoeo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Brian\Cookies\brian@e-2dj6wfkyukajglo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Brian\Cookies\brian@e-2dj6wfkyumdpmap.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Brian\Cookies\brian@e-2dj6wfligldjaap.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Brian\Cookies\brian@e-2dj6wfloeld5mfp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Brian\Cookies\brian@e-2dj6wfmienc5idp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Brian\Cookies\brian@e-2dj6wfmigmczadp.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Brian\Cookies\brian@e-2dj6wfmikpd5aeq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Brian\Cookies\brian@e-2dj6wfmycpdzsho.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Brian\Cookies\brian@e-2dj6wjkoomczmgq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Brian\Cookies\brian@e-2dj6wjkosnczcep.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Brian\Cookies\brian@e-2dj6wjkosoajclq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Brian\Cookies\brian@e-2dj6wjkyulajmdp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Brian\Cookies\brian@e-2dj6wjl4khczogo.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Brian\Cookies\brian@e-2dj6wjliahdjkap.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Brian\Cookies\brian@e-2dj6wjlokhajaaq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Brian\Cookies\brian@e-2dj6wjloohcjako.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Brian\Cookies\brian@e-2dj6wjlowpdzoep.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Brian\Cookies\brian@e-2dj6wjmiwhdzobq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Brian\Cookies\brian@e-2dj6wjnyoiajieo.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Brian\Cookies\brian@e-2dj6wjnyqocjkep.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Brian\Cookies\brian@login.tracking101[2].txt -> TrackingCookie.Tracking101 : Cleaned with backup
C:\Program Files\AWS\WeatherBug\MiniBugTransporter.dll -> Adware.Aws : Cleaned with backup


::Report End


Finally, here is my HijackThis new log.

Logfile of HijackThis v1.99.1
Scan saved at 10:37:12 PM, on 5/17/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\WINDOWS\System32\DSentry.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
c:\program files\mcafee.com\agent\mcdetect.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\NetDrive\wdService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Opera\opera.exe
C:\Documents and Settings\Brian\Desktop\Security\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\ycomp5_3_19_0.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [EPSON Stylus CX3200] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P19 "EPSON Stylus CX3200" /O6 "USB001" /M "Stylus CX3200"
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...90/mcinsctl.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebo...otoUploader.cab
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://housecall65.t...ivex/hcImpl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcaf...,23/mcgdmgr.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: WebDrive Service (WebDriveService) - Unknown owner - C:\Program Files\NetDrive\wdService.exe

#4 Susan528

Susan528

    SuperMember

  • Authentic Member
  • PipPipPipPipPip
  • 3,194 posts

Posted 18 May 2006 - 08:06 AM

Hello Royboy,

The logs appear to be clean. Please do the following. Be sure to update your Java so that you have the latest security patches installed.

======
Cleanmgr
To clean temporary files:
  • Go > start > run and type cleanmgr and click OK
  • Scan your system for files to remove.
  • Make sure Temporary Files, Temporary Internet Files and Recycle Bin are the only things checked.
  • Click OK to remove those files.
  • Click Yes to confirm deletion.
STEP 1.( Windows XP only)
======
Prefetch Folder
Open C:\Windows\Prefetch\
Delete All files in this folder but not the Prefetch folder

STEP 2.
======
System Restore for Windows XP
Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs changing those files. This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected)
  • Turn off System Restore.
  • On the Desktop, right-click My Computer.
  • Click Properties.
  • Click the System Restore tab.
  • Check Turn off System Restore.
  • Click Apply, and then click OK.
Reboot.

Turn ON System Restore.
  • On the Desktop, right-click My Computer.
  • Click Properties.
  • Click the System Restore tab.
  • UN-Check *Turn off System Restore*.
  • Click Apply, and then click OK.

STEP 3.
======
DON’T BECOME OVERCONFIDENT WITH ANTIVIRUS APPLICATIONS INSTALLED!!!

http://forum.malware...39eba6ea0b5e8ee

Stay up to date on security patches and be extremely wary of clicking on links and attachments that arrive unbidden in instant messages and e-mail.

"The number one thing the majority of the malicious code we're seeing now does is disable or delete anti-virus and other security software," Dunham said. "In a lot of cases, once the user clicks on that attachment, it's already too late."


Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:
  • Update your AntiVirus Software - It is imperative that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.

  • Test your Firewall - Please test your firewall and make sure it is working properly.
    Test Firewall

  • Visit Microsoft's Update Site Frequently - It is important that you visit Windows Updates regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

  • Install Spybot - Search and Destroy - Install and download Spybot - Search and Destroy with its TeaTimer option. This will provide realtime spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with program on a regular basis just as you would an antivirus software.
    A tutorial on installing & using this product can be found here:
    Using Spybot - Search & Destroy to remove Spyware , Malware, and Hijackers

  • Install Ad-Aware - Install and download Ad-Aware. ou should also scan your computer with program on a regular basis just as you would an antivirus software in conjunction with Spybot.
    A tutorial on installing & using this product can be found here:
    Using Ad-aware to remove Spyware, Malware, & Hijackers from Your Computer

  • Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.
    A tutorial on installing & using this product can be found here:
    Using SpywareBlaster to protect your computer from Spyware and Malware

  • Update your Java to the latest version. Uninstall any and all versions you have listed in add/remove programs and install the latest version from here: http://www.java.com/en/

  • Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
  • More info on how to prevent malware you can also find here (By Tony Klein)
    and here: http://wiki.castleco...nt_Re-infection
Follow this list and your potential for being infected again will reduce dramatically.

Thank you for allowing me to assist you.

Susan
Posted Image

Proud member of ASAP since 2005

The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online.

Want to help others? Come join us in the Class Room and learn how.

#5 Susan528

Susan528

    SuperMember

  • Authentic Member
  • PipPipPipPipPip
  • 3,194 posts

Posted 22 May 2006 - 07:14 PM

Glad we could be of assistance. This topic is now closed. If you wish it reopened, please send us an email (Click for address) with a link to your thread.

Do not bother contacting us if you are not the topic starter. A valid, working link to the closed topic is required along with the user name used. If the user name does not match the one in the thread linked, the email will be deleted.
Make sure you use proper prevention to keep from having problems occur to your computer in the future.

Coyote's Installed programs for prevention:

http://forums.tomcoy...showtopic=31418

The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online.

Visit the CoyoteStore http://TomCoyote.org/coyotestore.php
Posted Image

Proud member of ASAP since 2005

The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online.

Want to help others? Come join us in the Class Room and learn how.

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users