 |  |  |  |  |  |  |  |
help removing CiD. HijackThis log included.
Thread Solved |
•
•
Join Date: Oct 2005
Posts: 93
Reputation: 
Solved Threads: 13
Junior Poster in Training
Hi,
I've attached the two new logs.
==
ComboFix 08-02-22.2 - Sam 2008-02-23 9:00:43.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.196 [GMT 9:00]
Running from: C:\Documents and Settings\Sam\Desktop\un used icons\ComboFix.exe
Command switches used :: C:\Documents and Settings\Sam\Desktop\un used icons\CFScript.txt
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
FILE ::
C:\WINDOWS\Tasks\A8584055931BFA3D.job
C:\WINDOWS\Tasks\A8C5D8A4918E52EC.job
C:\WINDOWS\Tasks\ABBB7ECE906CF7AA.job
.
((((((((((((((((((((((((( Files Created from 2008-01-23 to 2008-02-23 )))))))))))))))))))))))))))))))
.
2008-02-16 14:17 . 2008-02-16 14:17 <DIR> d-------- C:\Free Chess
2008-02-02 14:51 . 2008-02-02 14:51 <DIR> d-------- C:\Program Files\Activision
2008-02-01 20:56 . 2008-02-01 20:56 110,592 --a------ C:\WINDOWS\system32\avgfwafu.dll
2008-02-01 20:56 . 2008-02-01 20:56 9,216 --a------ C:\WINDOWS\system32\avgwlntf.dll
2008-02-01 17:41 . 2008-02-01 17:41 <DIR> d-------- C:\Program Files\uTorrent
2008-02-01 17:40 . 2008-02-04 20:38 <DIR> d-------- C:\Documents and Settings\Sam\Application Data\uTorrent
2008-01-25 09:58 . 2008-01-25 09:58 46,300 --a------ C:\WINDOWS\system32\DcadsSocial-uninstall.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-23 00:12 --------- d-----w C:\Documents and Settings\Sam\Application Data\OpenOffice.org2
2008-02-22 23:39 --------- d-----w C:\Documents and Settings\Sam\Application Data\AVG7
2008-02-22 08:59 --------- d-----w C:\Program Files\REGSHAVE
2008-02-22 08:59 --------- d-----w C:\Program Files\MSN Messenger
2008-02-21 07:59 --------- d-----w C:\Documents and Settings\Sam\Application Data\LimeWire
2008-02-20 05:39 --------- d-----w C:\Program Files\LimeWire
2008-02-20 01:23 --------- d-----w C:\Documents and Settings\silver moon rose\Application Data\AVG7
2008-02-08 23:16 84,729 ----a-w C:\WINDOWS\system32\mysidesearch_sidebar_uninstall.exe
2008-02-08 11:31 --------- d-----w C:\Documents and Settings\silver moon rose\Application Data\OpenOffice.org2
2008-02-07 04:59 --------- d-----w C:\Documents and Settings\Nadene\Application Data\OpenOffice.org2
2008-02-07 04:23 --------- d-----w C:\Documents and Settings\Nadene\Application Data\AVG7
2008-02-05 01:57 --------- d-----w C:\Program Files\Circle Developement
2008-02-05 01:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg7
2008-02-03 01:01 --------- d-----w C:\Program Files\Google
2008-02-03 00:58 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-03 00:55 --------- d-----w C:\Program Files\Common Files\Ahead
2008-02-03 00:52 --------- d-----w C:\Documents and Settings\Sam\Application Data\Ahead
2008-02-01 11:56 --------- d-----w C:\Documents and Settings\Marley\Application Data\AVG7
2008-02-01 06:00 --------- d-----w C:\Program Files\Norton Security Scan
2008-01-25 23:28 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-01-20 06:41 --------- d-----w C:\Documents and Settings\silver moon rose\Application Data\Apple Computer
2008-01-07 01:25 80,097 ----a-w C:\WINDOWS\system32\dcads-remove.exe
2008-01-07 01:24 77,379 ----a-w C:\WINDOWS\system32\dcads_sidebar_uninstall.exe
2008-01-07 01:24 40,731 ----a-w C:\WINDOWS\system32\superiorads-uninst.exe
2008-01-07 01:24 --------- d-----w C:\Program Files\Dcads Games Collection
2008-01-05 09:10 --------- d-----w C:\Documents and Settings\silver moon rose\Application Data\DataCast
2008-01-05 09:09 --------- d-----w C:\Program Files\Samsung
2008-01-05 09:09 --------- d-----w C:\Program Files\MarkAny
2008-01-05 09:08 --------- d-----w C:\Documents and Settings\silver moon rose\Application Data\InstallShield
2008-01-02 02:24 --------- d-----w C:\Program Files\FinePixViewer
2008-01-02 01:19 --------- d-----w C:\Program Files\Common Files\COWON
2008-01-02 01:19 --------- d-----w C:\Documents and Settings\Sam\Application Data\COWON
2007-12-29 12:13 --------- d-----w C:\Documents and Settings\silver moon rose\Application Data\COWON
2007-12-26 03:02 --------- d-----w C:\Program Files\Windows Live
2007-12-26 03:02 --------- d-----w C:\Program Files\Messenger Plus! Live
2007-12-24 13:07 319,488 ----a-w C:\WINDOWS\system32\dcads_sidebar.dll
2007-12-14 08:19 40,960 ------w C:\WINDOWS\system32\MAMACExtract.dll
2007-12-07 02:21 824,832 ----a-w C:\WINDOWS\system32\wininet.dll
2007-12-04 18:38 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-12-25 15:08 5674352]
"igndlm.exe"="G:\Program Files\Download Manager\DLM.exe" [2007-03-06 06:57 1103480]
"OM2_Monitor"="C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor .exe" [ ]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:56 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="NvQTwk" []
"Picasa Media Detector"="G:\Program Files\Picasa2\PicasaMediaDetector.exe" [2006-04-20 08:17 421888]
"SMSTray"="C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe" [2007-09-20 08:23 132624]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-02-01 20:55 579072]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-02-01 20:55 219136]
C:\Documents and Settings\silver moon rose\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - C:\Program Files\LimeWire\LimeWire.exe [2006-06-21 23:58:33 159744]
C:\Documents and Settings\Nadene\Start Menu\Programs\Startup\
OpenOffice.org 2.2.lnk - C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe [2007-02-02 17:54:56 393216]
C:\Documents and Settings\Sam\Start Menu\Programs\Startup\
OpenOffice.org 2.2.lnk - C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe [2007-02-02 17:54:56 393216]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{88485281-8b4b-4f8d-9ede-82e29a064277}"= C:\PROGRA~1\MarkAny\CONTEN~1\MACSMA~1.DLL [2004-11-23 16:51 192512]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgwlntf]
avgwlntf.dll 2008-02-01 20:56 9216 C:\WINDOWS\system32\avgwlntf.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CPQEASYACC]
--a------ 2001-10-11 09:14 28672 C:\Program Files\Compaq\Easy Access Button Support\StartEAK.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Microsoft Update"=msnmsgr.exe
"SVX Control Service"=svxhost.exe
"srmclean"=C:\Cpqs\Scom\srmclean.exe
"Microsoft Works Portfolio"=C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
"Microsoft Works Update Detection"=C:\Program Files\Microsoft Works\WkDetect.exe
"WorksFUD"=
"CloneCDElbyCDFL"="C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
"WCOLOREAL"="C:\Program Files\COMPAQ\Coloreal\coloreal.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices-]
"Microsoft Update"=msnmsgr.exe
"SVX Control Service"=svxhost.exe
S1 EACMOS;EACMOS;C:\WINDOWS\system32\drivers\EACMOS.SYS []
S2 SurferService;AutomatedSurfer;C:\WINDOWS\system32\srvany.exe [1997-05-15 00:49]
S3 ALN325;AcerLAN ALN-325 10/100M Ethernet Adapter NT Driver;C:\WINDOWS\system32\DRIVERS\ALN325.SYS [1999-12-15 10:33]
S3 PVUSB;CESG502 USB Driver;C:\WINDOWS\system32\DRIVERS\CESG502.sys [2002-06-12 22:50]
.
Contents of the 'Scheduled Tasks' folder
"2008-02-20 01:26:39 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-02-01 06:01:33 C:\WINDOWS\Tasks\Norton Security Scan.job"
- C:\Program Files\Norton Security Scan\Nss.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-23 09:10:52
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Sandisk\Common\Bin\WinCinemaMgr.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.BIN
.
**************************************************************************
.
Completion time: 2008-02-23 9:17:00 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-23 00:16:53
ComboFix2.txt 2008-02-22 09:13:25
ComboFix3.txt 2008-02-09 00:59:13
.
2008-02-16 03:08:55 --- E O F ---
=======
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:20:14 AM, on 23/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
G:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Sandisk\Common\Bin\WinCinemaMgr.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.BIN
C:\WINDOWS\explorer.exe
G:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [Picasa Media Detector] G:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [SMSTray] C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [igndlm.exe] G:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor .exe" -NoStart
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe
O4 - Global Startup: WinCinema Manager.lnk = C:\Program Files\Sandisk\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://G:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - G:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.bigpond.com
O16 - DPF: {072D3F2E-5FB6-11D3-B461-00C04FA35A21} (CFForm Runtime) - http://www.bulletinboards.com/CFIDE/classes/CFJava.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com...45/yacscom.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/ca..._2.3.6.108.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-AU/.../GAME_UNO1.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - http://us.dl1.yimg.com/download.comp...bio5_1_6_0.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{93380751-1D9B-49E2-82A1-C631AAE53035}: NameServer = 61.88.88.88,192.65.91.129
O20 - Winlogon Notify: avgwlntf - C:\WINDOWS\SYSTEM32\avgwlntf.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: AVG Firewall (AVGFwSrv) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: AutomatedSurfer (SurferService) - Unknown owner - C:\WINDOWS\system32\srvany.exe
--
End of file - 7031 bytes
I've attached the two new logs.
==
ComboFix 08-02-22.2 - Sam 2008-02-23 9:00:43.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.196 [GMT 9:00]
Running from: C:\Documents and Settings\Sam\Desktop\un used icons\ComboFix.exe
Command switches used :: C:\Documents and Settings\Sam\Desktop\un used icons\CFScript.txt
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
FILE ::
C:\WINDOWS\Tasks\A8584055931BFA3D.job
C:\WINDOWS\Tasks\A8C5D8A4918E52EC.job
C:\WINDOWS\Tasks\ABBB7ECE906CF7AA.job
.
((((((((((((((((((((((((( Files Created from 2008-01-23 to 2008-02-23 )))))))))))))))))))))))))))))))
.
2008-02-16 14:17 . 2008-02-16 14:17 <DIR> d-------- C:\Free Chess
2008-02-02 14:51 . 2008-02-02 14:51 <DIR> d-------- C:\Program Files\Activision
2008-02-01 20:56 . 2008-02-01 20:56 110,592 --a------ C:\WINDOWS\system32\avgfwafu.dll
2008-02-01 20:56 . 2008-02-01 20:56 9,216 --a------ C:\WINDOWS\system32\avgwlntf.dll
2008-02-01 17:41 . 2008-02-01 17:41 <DIR> d-------- C:\Program Files\uTorrent
2008-02-01 17:40 . 2008-02-04 20:38 <DIR> d-------- C:\Documents and Settings\Sam\Application Data\uTorrent
2008-01-25 09:58 . 2008-01-25 09:58 46,300 --a------ C:\WINDOWS\system32\DcadsSocial-uninstall.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-23 00:12 --------- d-----w C:\Documents and Settings\Sam\Application Data\OpenOffice.org2
2008-02-22 23:39 --------- d-----w C:\Documents and Settings\Sam\Application Data\AVG7
2008-02-22 08:59 --------- d-----w C:\Program Files\REGSHAVE
2008-02-22 08:59 --------- d-----w C:\Program Files\MSN Messenger
2008-02-21 07:59 --------- d-----w C:\Documents and Settings\Sam\Application Data\LimeWire
2008-02-20 05:39 --------- d-----w C:\Program Files\LimeWire
2008-02-20 01:23 --------- d-----w C:\Documents and Settings\silver moon rose\Application Data\AVG7
2008-02-08 23:16 84,729 ----a-w C:\WINDOWS\system32\mysidesearch_sidebar_uninstall.exe
2008-02-08 11:31 --------- d-----w C:\Documents and Settings\silver moon rose\Application Data\OpenOffice.org2
2008-02-07 04:59 --------- d-----w C:\Documents and Settings\Nadene\Application Data\OpenOffice.org2
2008-02-07 04:23 --------- d-----w C:\Documents and Settings\Nadene\Application Data\AVG7
2008-02-05 01:57 --------- d-----w C:\Program Files\Circle Developement
2008-02-05 01:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg7
2008-02-03 01:01 --------- d-----w C:\Program Files\Google
2008-02-03 00:58 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-03 00:55 --------- d-----w C:\Program Files\Common Files\Ahead
2008-02-03 00:52 --------- d-----w C:\Documents and Settings\Sam\Application Data\Ahead
2008-02-01 11:56 --------- d-----w C:\Documents and Settings\Marley\Application Data\AVG7
2008-02-01 06:00 --------- d-----w C:\Program Files\Norton Security Scan
2008-01-25 23:28 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-01-20 06:41 --------- d-----w C:\Documents and Settings\silver moon rose\Application Data\Apple Computer
2008-01-07 01:25 80,097 ----a-w C:\WINDOWS\system32\dcads-remove.exe
2008-01-07 01:24 77,379 ----a-w C:\WINDOWS\system32\dcads_sidebar_uninstall.exe
2008-01-07 01:24 40,731 ----a-w C:\WINDOWS\system32\superiorads-uninst.exe
2008-01-07 01:24 --------- d-----w C:\Program Files\Dcads Games Collection
2008-01-05 09:10 --------- d-----w C:\Documents and Settings\silver moon rose\Application Data\DataCast
2008-01-05 09:09 --------- d-----w C:\Program Files\Samsung
2008-01-05 09:09 --------- d-----w C:\Program Files\MarkAny
2008-01-05 09:08 --------- d-----w C:\Documents and Settings\silver moon rose\Application Data\InstallShield
2008-01-02 02:24 --------- d-----w C:\Program Files\FinePixViewer
2008-01-02 01:19 --------- d-----w C:\Program Files\Common Files\COWON
2008-01-02 01:19 --------- d-----w C:\Documents and Settings\Sam\Application Data\COWON
2007-12-29 12:13 --------- d-----w C:\Documents and Settings\silver moon rose\Application Data\COWON
2007-12-26 03:02 --------- d-----w C:\Program Files\Windows Live
2007-12-26 03:02 --------- d-----w C:\Program Files\Messenger Plus! Live
2007-12-24 13:07 319,488 ----a-w C:\WINDOWS\system32\dcads_sidebar.dll
2007-12-14 08:19 40,960 ------w C:\WINDOWS\system32\MAMACExtract.dll
2007-12-07 02:21 824,832 ----a-w C:\WINDOWS\system32\wininet.dll
2007-12-04 18:38 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-12-25 15:08 5674352]
"igndlm.exe"="G:\Program Files\Download Manager\DLM.exe" [2007-03-06 06:57 1103480]
"OM2_Monitor"="C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor .exe" [ ]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:56 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="NvQTwk" []
"Picasa Media Detector"="G:\Program Files\Picasa2\PicasaMediaDetector.exe" [2006-04-20 08:17 421888]
"SMSTray"="C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe" [2007-09-20 08:23 132624]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-02-01 20:55 579072]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-02-01 20:55 219136]
C:\Documents and Settings\silver moon rose\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - C:\Program Files\LimeWire\LimeWire.exe [2006-06-21 23:58:33 159744]
C:\Documents and Settings\Nadene\Start Menu\Programs\Startup\
OpenOffice.org 2.2.lnk - C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe [2007-02-02 17:54:56 393216]
C:\Documents and Settings\Sam\Start Menu\Programs\Startup\
OpenOffice.org 2.2.lnk - C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe [2007-02-02 17:54:56 393216]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{88485281-8b4b-4f8d-9ede-82e29a064277}"= C:\PROGRA~1\MarkAny\CONTEN~1\MACSMA~1.DLL [2004-11-23 16:51 192512]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgwlntf]
avgwlntf.dll 2008-02-01 20:56 9216 C:\WINDOWS\system32\avgwlntf.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CPQEASYACC]
--a------ 2001-10-11 09:14 28672 C:\Program Files\Compaq\Easy Access Button Support\StartEAK.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Microsoft Update"=msnmsgr.exe
"SVX Control Service"=svxhost.exe
"srmclean"=C:\Cpqs\Scom\srmclean.exe
"Microsoft Works Portfolio"=C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
"Microsoft Works Update Detection"=C:\Program Files\Microsoft Works\WkDetect.exe
"WorksFUD"=
"CloneCDElbyCDFL"="C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
"WCOLOREAL"="C:\Program Files\COMPAQ\Coloreal\coloreal.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices-]
"Microsoft Update"=msnmsgr.exe
"SVX Control Service"=svxhost.exe
S1 EACMOS;EACMOS;C:\WINDOWS\system32\drivers\EACMOS.SYS []
S2 SurferService;AutomatedSurfer;C:\WINDOWS\system32\srvany.exe [1997-05-15 00:49]
S3 ALN325;AcerLAN ALN-325 10/100M Ethernet Adapter NT Driver;C:\WINDOWS\system32\DRIVERS\ALN325.SYS [1999-12-15 10:33]
S3 PVUSB;CESG502 USB Driver;C:\WINDOWS\system32\DRIVERS\CESG502.sys [2002-06-12 22:50]
.
Contents of the 'Scheduled Tasks' folder
"2008-02-20 01:26:39 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-02-01 06:01:33 C:\WINDOWS\Tasks\Norton Security Scan.job"
- C:\Program Files\Norton Security Scan\Nss.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-23 09:10:52
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Sandisk\Common\Bin\WinCinemaMgr.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.BIN
.
**************************************************************************
.
Completion time: 2008-02-23 9:17:00 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-23 00:16:53
ComboFix2.txt 2008-02-22 09:13:25
ComboFix3.txt 2008-02-09 00:59:13
.
2008-02-16 03:08:55 --- E O F ---
=======
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:20:14 AM, on 23/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
G:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Sandisk\Common\Bin\WinCinemaMgr.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.BIN
C:\WINDOWS\explorer.exe
G:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [Picasa Media Detector] G:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [SMSTray] C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [igndlm.exe] G:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor .exe" -NoStart
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe
O4 - Global Startup: WinCinema Manager.lnk = C:\Program Files\Sandisk\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://G:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - G:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.bigpond.com
O16 - DPF: {072D3F2E-5FB6-11D3-B461-00C04FA35A21} (CFForm Runtime) - http://www.bulletinboards.com/CFIDE/classes/CFJava.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com...45/yacscom.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/ca..._2.3.6.108.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-AU/.../GAME_UNO1.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - http://us.dl1.yimg.com/download.comp...bio5_1_6_0.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{93380751-1D9B-49E2-82A1-C631AAE53035}: NameServer = 61.88.88.88,192.65.91.129
O20 - Winlogon Notify: avgwlntf - C:\WINDOWS\SYSTEM32\avgwlntf.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: AVG Firewall (AVGFwSrv) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: AutomatedSurfer (SurferService) - Unknown owner - C:\WINDOWS\system32\srvany.exe
--
End of file - 7031 bytes
Last edited by crunchie; Mar 3rd, 2008 at 12:39 am. Reason: Paste logs into reply.
•
•
Join Date: Feb 2004
Posts: 10,106
Reputation: 
Solved Threads: 767
How is the pc now? Log looks ok to me.
Proud member of ASAP (Alliance of Security analysis Professionals).
Opera AVAST anti-virus Comodo Firewall Spywareblaster
Opera AVAST anti-virus Comodo Firewall Spywareblaster
•
•
Join Date: Oct 2005
Posts: 93
Reputation:
Solved Threads: 13
Junior Poster in Training
Thanks for all that, he's been using the computer for a while now with no pop ups or anything like that so the problem seems to be fixed.
Thanks for your expertise on the subject,
Ben
Thanks for your expertise on the subject,
Ben
•
•
Join Date: Feb 2004
Posts: 10,106
Reputation:
Solved Threads: 767
You are welcome 
.
Let's get rid of Combofix now that we are finished with it.
The above procedure will:
==
Now that your PC is clean you need to follow these easy steps to keeping it this way:
Download CCleaner and install, then run it. It will clear out your temp folders.
Secure your Internet Explorer by going here and following the instructions there.
Better yet, use an alternative browser! Download FireFox and give it a run. It is far more secure than Internet Explorer. Or, you can get Opera which in my opinion, is better still.
Use a firewall to help prevent your PC's control being usurped by undesireables. There is a link to a good, free firewall in my signature.
Install and keep updated, AVG anti-spyware, Ad-Aware SE and Spybot S&D.
Run them all on a regular basis, following the maker's recommendations.
Install an anti-virus. There are some good, free AV's available today. Make sure that it is updated regularly and have it scan your system often.
Check for Windows Updates. Microsoft regularly post updates for your systems safe running. Make sure to take advantage of this. Reboot when installed and return to make sure there are no others.
Empty the Recycle Bin.
For XP users.
After something like this it is a good idea to Flush the Restore Points and start fresh.
To flush the XP system Restore Points.
Go to Start | Run and type msconfig and press enter.
When msconfig opens, click the Launch System Restore Button.
On the next page, click the System Restore Settings link on the left.
Check the box labelled 'Turn off System restore'.
Reboot. Go back in and Turn System Restore Back on. A new Restore Point will be created.
Note that all previous restore points will be lost.
.Let's get rid of Combofix now that we are finished with it.
- Click START then RUN
- Now type Combofix /u in the runbox and click OK. Note the space between the X and the U, it needs to be there.
- When shown the disclaimer, Select "2"
The above procedure will:
- Delete the following:
- ComboFix and its associated files and folders.
- VundoFix backups, if present
- The C:\Deckard folder, if present
- The C:_OtMoveIt folder, if present
- Reset the clock settings.
- Hide file extensions, if required.
- Hide System/Hidden files, if required.
- Reset System Restore.
==
Now that your PC is clean you need to follow these easy steps to keeping it this way:
Download CCleaner and install, then run it. It will clear out your temp folders.
- Uncheck "Cookies" under "Internet Explorer".
- Click on Run Cleaner in the lower right-hand corner. This can take quite a while to run.
- Close when finished.
Secure your Internet Explorer by going here and following the instructions there.
Better yet, use an alternative browser! Download FireFox and give it a run. It is far more secure than Internet Explorer. Or, you can get Opera which in my opinion, is better still.
Use a firewall to help prevent your PC's control being usurped by undesireables. There is a link to a good, free firewall in my signature.
Install and keep updated, AVG anti-spyware, Ad-Aware SE and Spybot S&D.
Run them all on a regular basis, following the maker's recommendations.
Install an anti-virus. There are some good, free AV's available today. Make sure that it is updated regularly and have it scan your system often.
Check for Windows Updates. Microsoft regularly post updates for your systems safe running. Make sure to take advantage of this. Reboot when installed and return to make sure there are no others.
Empty the Recycle Bin.
For XP users.
After something like this it is a good idea to Flush the Restore Points and start fresh.
To flush the XP system Restore Points.
Go to Start | Run and type msconfig and press enter.
When msconfig opens, click the Launch System Restore Button.
On the next page, click the System Restore Settings link on the left.
Check the box labelled 'Turn off System restore'.
Reboot. Go back in and Turn System Restore Back on. A new Restore Point will be created.
Note that all previous restore points will be lost.
Proud member of ASAP (Alliance of Security analysis Professionals).
Opera AVAST anti-virus Comodo Firewall Spywareblaster
Opera AVAST anti-virus Comodo Firewall Spywareblaster
 |
Other Threads in the Viruses, Spyware and other Nasties Forum
- Previous Thread: Virus (maybe trojan) is blocking login to Windows (even Safe Mode)
- Next Thread: IE keeps opening own it's own
| Thread Tools | Search this Thread |
Latest Viruses, Spyware and other Nasties Posts
Related Forum Features
Tag cloud for Viruses, Spyware and other Nasties
acrobat adobe adware anti-malware anti-virussitesaccessissue antivirus apple attack avg backtoschoolspeech bar blackhat botnet botnets censorship china combofix commercial conficker connect control cybercrime cyberwarfare ddos education email europe exam exploit facebook fake fancheckvirus gaming gtaiv halloween herss.exe hijack hosting internet iphone logfiles malware mcafee messagelabs microsoft mobile msn nazi news obama onlinethreats paedophile panel parents patch pdf police policeprovirusmba-mblockedinternetaccess president privacy pro redirect redirecting report research rogueantivirus rootkit samhain sans scareware search security seopoisoning sites software spam spyware spywareexternalwindows7adminstratortrojans sqlinjection symantec system teen threat translate trojan unabletoaccessanti-virussites unwanted update usa virus viruses vista vulnerability war warning windows worm yahoo zero-day zeroday
