Search similar:
|
|
uniqs 1418 |
|
|
|
|
LeslieB
Anon
2005-Sep-22 8:45 am
HJT Log - Need to get rid of Aurora pop-upsOur computer is plagued by aurora pop-ups (now "The Best Offer" - same animal just with different stripes). They seem to be getting more frequent and seem to know when I'm looking at security sites!
I did the following to try and fix the problem (in all cases checking for updates before running software. 1. Ran Norton - it reported no viruses. 2. Ran 2 AV scanners: TrendMicro 's HouseCall reported and removed 5 spyware. spyw exctsear.a, awd widesearch.a, spyw aroundweb.a adw minigolf.a awd miway.e. Mcaffee found Adsquash 3. Ran the 4 AS products. CWShredd found no cases of CoolWebSearch. AboutBuster also found nothing. Spybot which I already use regularly found the usual Aurora garbage and couldn't remove all problems. Most of the unremovables are similar to this Hkey-local-machine\system\control...\services\svcproc Adaware (which I also use regularly) finds several critical objects and removes them but when I re-run it (after reboot) it finds more critical problems 4. Ran Ewido several times: here is the last run's log: --------------------------------------------------------- ewido security suite - Scan report ---------------------------------------------------------
+ Created on: 9:42:40 AM, 9/20/2005 + Report-Checksum: AD469B3F
+ Scan result:
[1684] C:\WINDOWS\system32\ekjpfo.exe -> Trojan.Agent.cp : Cleaned with backup C:\Documents and Settings\Dick\Cookies\dick@2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup C:\Documents and Settings\Dick\Cookies\dick@abetterinternet[2].txt -> Spyware.Cookie.Abetterinternet : Cleaned with backup :mozilla.10:C:\Documents and Settings\James\Application Data\Mozilla\Firefox\Profiles\rnc7wepj.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup :mozilla.11:C:\Documents and Settings\James\Application Data\Mozilla\Firefox\Profiles\rnc7wepj.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup :mozilla.12:C:\Documents and Settings\James\Application Data\Mozilla\Firefox\Profiles\rnc7wepj.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup :mozilla.15:C:\Documents and Settings\James\Application Data\Mozilla\Firefox\Profiles\rnc7wepj.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup :mozilla.16:C:\Documents and Settings\James\Application Data\Mozilla\Firefox\Profiles\rnc7wepj.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup :mozilla.24:C:\Documents and Settings\James\Application Data\Mozilla\Firefox\Profiles\rnc7wepj.default\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup C:\Documents and Settings\James\Cookies\james@abetterinternet[2].txt -> Spyware.Cookie.Abetterinternet : Cleaned with backup :mozilla.14:C:\Documents and Settings\Leslie\Application Data\Mozilla\Firefox\Profiles\0acgw7nc.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup C:\Documents and Settings\Leslie\Cookies\leslie@abetterinternet[2].txt -> Spyware.Cookie.Abetterinternet : Cleaned with backup C:\Documents and Settings\Leslie\Cookies\leslie@trafficmp[1].txt -> Spyware.Cookie.Trafficmp : Cleaned with backup C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1073\A0244516.exe -> TrojanDropper.Paradrop.a : Cleaned with backup C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1073\A0244520.exe -> TrojanDropper.Paradrop.a : Cleaned with backup C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1073\A0244528.exe -> TrojanDropper.Paradrop.a : Cleaned with backup C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1075\A0244595.exe -> TrojanDropper.Paradrop.a : Cleaned with backup C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1075\A0244600.exe -> TrojanDropper.Paradrop.a : Cleaned with backup C:\WINDOWS\SYSTEM32\ekjpfo.exe -> TrojanDropper.Paradrop.a : Cleaned with backup C:\WINDOWS\Temp\Cookies\leslie@2o7[2].txt -> Spyware.Cookie.2o7 : Cleaned with backup C:\WINDOWS\Temp\Cookies\leslie@abetterinternet[1].txt -> Spyware.Cookie.Abetterinternet : Cleaned with backup C:\WINDOWS\Temp\Cookies\leslie@trafficmp[2].txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
::Report End
The bottom line is the $&*%( pop ups are still here please if anyone can help I'll give you my first born!
The following is the hft log:
Logfile of HijackThis v1.99.1 Scan saved at 8:14:55 AM, on 9/22/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Intel\ASF Agent\ASFAgent.exe C:\WINDOWS\System32\drivers\CDAC11BA.EXE C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe C:\Program Files\NavNT\defwatch.exe C:\Program Files\ewido\security suite\ewidoctrl.exe C:\Program Files\ewido\security suite\ewidoguard.exe C:\Program Files\Dell\OpenManage\Client\Iap.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\NavNT\rtvscan.exe C:\WINDOWS\system32\RioMSC.exe C:\WINDOWS\System32\tcpsvcs.exe C:\WINDOWS\System32\snmp.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\MsPMSPSv.exe C:\WINDOWS\system32\MsgSys.EXE C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\Explorer.exe C:\Program Files\NavNT\vptray.exe C:\WINDOWS\system32\jknbdqh.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\Documents and Settings\Stephanie\My Documents\Stuff\aim.exe C:\Program Files\Hewlett-Packard\AiO\hp psc 900 series\Bin\hpobrt07.exe C:\Program Files\ArcSoft\Media Card Companion\MCC Monitor.exe G:\WinZip\WZQKPICK.EXE C:\Program Files\Linksys\WUSB11 Config Utility\WUSB11Cfg.exe C:\Program Files\Verizon Online\bin\mpbtn.exe C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOFXM07.exe C:\WINDOWS\system32\hpoipm07.exe C:\Program Files\Internet Explorer\iexplore.exe G:\WINZIP\winzip32.exe C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\HJT\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://education.dellnet.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr6/*http://www.yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://education.dellnet.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1 R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe O2 - BHO: (no name) - SOFTWARE - (no file) O2 - BHO: Band Class - {00F1D395-4744-40f0-A611-980F61AE2C59} - C:\WINDOWS\dsr.dll (file missing) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: Verizon Broadband Toolbar - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - C:\PROGRA~1\COMMON~1\VERIZO~1\SFP\vzbb.dll (file missing) O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll O3 - Toolbar: Verizon Broadband Toolbar - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - C:\PROGRA~1\COMMON~1\VERIZO~1\SFP\vzbb.dll (file missing) O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe O4 - HKLM\..\Run: [effhunu] C:\WINDOWS\system32\jknbdqh.exe r O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [AIM] C:\Documents and Settings\Stephanie\My Documents\Stuff\aim.exe -cnetwait.odl O4 - Global Startup: Adobe Gamma Loader.lnk.disabled O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe O4 - Global Startup: HPAiODevice(hp psc 900 series) - 1.lnk = C:\Program Files\Hewlett-Packard\AiO\hp psc 900 series\Bin\hpobrt07.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: Monitor.lnk = C:\Program Files\ArcSoft\Media Card Companion\MCC Monitor.exe O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe O4 - Global Startup: Quicken Startup.lnk = C:\Program Files\Quicken\QWDLLS.EXE O4 - Global Startup: Verizon Online Support Center.lnk = C:\Program Files\Verizon Online\bin\matcli.exe O4 - Global Startup: WinZip Quick Pick.lnk = G:\WinZip\WZQKPICK.EXE O4 - Global Startup: Wireless USB Network Adapter Config Utility.lnk = ? O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll (file missing) O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll (file missing) O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Documents and Settings\Stephanie\My Documents\Stuff\aim.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX.cab O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab O16 - DPF: {C1BAC744-8F0B-11D0-89E7-00C0A8295197} (Cameractl Class) - http://www.berkeley.edu/webcams/camera.cab O16 - DPF: {CE9E88DD-FC6F-11D4-87EC-00B0D025628B} (SAS Graph v9) - http://www2.sas.com/codebase/graph/v9/sasgraph.exe O16 - DPF: {E856B973-45FD-4559-8F82-EAB539144667} (Dell PC Checkup Installer Control) - http://pccheckup.dellfix.com/rel/35/install/gtdownde.cab O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/2,0,0,4585/mcfscan.cab O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll O23 - Service: ASF Agent (ASFAgent) - Intel Corporation - C:\Program Files\Intel\ASF Agent\ASFAgent.exe O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe O23 - Service: Iap - Dell Computer Corporation - C:\Program Files\Dell\OpenManage\Client\Iap.exe O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe O23 - Service: Rio MSC Manager (RioMSC) - Digital Networks North America, Inc. - C:\WINDOWS\system32\RioMSC.exe O23 - Service: sasrfc Service (sasrfcService) - Unknown owner - C:\Program Files\SAS Institute\SAS\V8\access\sasexe\sasrfc.exe O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe
Thank you, one and all.
LeslieB | | | John2gQui Tacet Consentit Premium Member join:2001-08-10 England |
John2g
Premium Member
2005-Sep-22 8:58 am
This should help you. The part dealing with nailfix is the part you need to follow. » HJT Log, Major Infection | | John2g |
to LeslieB
This is almost certainly some malware.
C:\WINDOWS\system32\jknbdqh.exe O4 - HKLM\..\Run: [effhunu] C:\WINDOWS\system32\jknbdqh.exe r | | TheJoker MVM join:2001-04-26 Charlottesville, VA |
to LeslieB
John2g - the fix you referenced is old, there is a new fix that should take care of both the Nail infection, and the often difficult to remove Epolvy trojan that installs it (your second reply), and another infection that is often bundled. LeslieB, BEFORE BEGINNING, Please read completely through the instructions below and download the files from the links provided. You may want to save or print out these instructions for easier reference. First, update Ewido Security Suite. 1. From the main ewido screen, click on update in the left menu, then click the Start update button. 2. After the update finishes (the status bar at the bottom will display "Update successful") Next, download Lavasoft's Ad-Aware and the VX2 Cleaner Plug-in. Install Ad-Aware using the default options, then install vx2cleaner_inst.exe, taking all the defaults there as well. Run Ad-Aware, update to the latest definitions, then click on Add-ons in the lefthand column. Select VX2 Cleaner V2.0 and click Run Tool. Click "OK", then, if something is found, click "Clean" as in the directions given. Click "Close", and exit Ad-Aware. Reboot your PC and run Ad-Aware again. This time, click on the Start button in Ad-Aware, select "Perform smart system scan" and click Next. Once the scan finishes, click "Next" again. Select all objects found (right click anywhere in the list of found objects and click "Select All Objects"). Click "Next" one more time, then "OK" to confirm the removal. You will be prompted to set Ad-Aware to run on reboot, click "OK". Exit Ad-Aware and restart your PC once again. When Ad-Aware starts up, click on "Start", then "Next". Follow the steps above if anything is found, or click "Finish", then exit Ad-Aware. Now run Ewido again 1. Click on the Scanner button in the left menu, then click on Complete System Scan. This scan can take quite a while to run. 2. If ewido finds anything, it will pop up a notification. We have been finding some cases of false positives with the new version of Ewido, so we need to step through the fixes one-by-one. If Ewido finds something that you KNOW is legitimate (for example, parts of AVG Antivirus, pcAnywhere and the game "Risk" have been flagged), select "none" as the action. DO NOT check "Perform action with all infections". If you are unsure of an entry, select "none" for the time being. I'll see that in the log you will post later and let you know if ewido needs to be run again. 3. When the scan finishes, click on " Save Report". This will create a text file. Make sure you know where to find this file again. Please finish up by rebooting your system once more, and posting a new HijackThis log and the log from the Ewido scan. | | John2gQui Tacet Consentit Premium Member join:2001-08-10 England |
John2g
Premium Member
2005-Sep-22 10:41 am
Thank you. I'd not heard of the Epolvy trojan before. I now read that they are commonly linked. | | |
LeslieB to TheJoker
Anon
2005-Sep-22 12:37 pm
to TheJoker
Thanks for answering so quickly. I did what you suggested.
When I ran Ad-Aware with the VX2 plug-in the first time there was one instance of vx2, after I rebooted and ran the smart system scan it found 33 criticals 29 of those were VX2 related. The third time I ran it (Ad-aware) it was clean! The following is the log form Ewido. As you can see I deleted 'abetterinternet' and 'trojan...' but not the other spyware cookies: --------------------------------------------------------- ewido security suite - Scan report ---------------------------------------------------------
+ Created on: 12:20:59 PM, 9/22/2005 + Report-Checksum: 24B205E1
+ Scan result:
:mozilla.11:C:\Documents and Settings\James\Application Data\Mozilla\Firefox\Profiles\rnc7wepj.default\cookies.txt -> Spyware.Cookie.Burstnet : Ignored :mozilla.12:C:\Documents and Settings\James\Application Data\Mozilla\Firefox\Profiles\rnc7wepj.default\cookies.txt -> Spyware.Cookie.Burstnet : Ignored :mozilla.13:C:\Documents and Settings\James\Application Data\Mozilla\Firefox\Profiles\rnc7wepj.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Ignored :mozilla.14:C:\Documents and Settings\James\Application Data\Mozilla\Firefox\Profiles\rnc7wepj.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Ignored :mozilla.19:C:\Documents and Settings\James\Application Data\Mozilla\Firefox\Profiles\rnc7wepj.default\cookies.txt -> Spyware.Cookie.Statcounter : Ignored :mozilla.20:C:\Documents and Settings\James\Application Data\Mozilla\Firefox\Profiles\rnc7wepj.default\cookies.txt -> Spyware.Cookie.Bridgetrack : Ignored :mozilla.21:C:\Documents and Settings\James\Application Data\Mozilla\Firefox\Profiles\rnc7wepj.default\cookies.txt -> Spyware.Cookie.Bridgetrack : Ignored :mozilla.22:C:\Documents and Settings\James\Application Data\Mozilla\Firefox\Profiles\rnc7wepj.default\cookies.txt -> Spyware.Cookie.Bridgetrack : Ignored :mozilla.27:C:\Documents and Settings\James\Application Data\Mozilla\Firefox\Profiles\rnc7wepj.default\cookies.txt -> Spyware.Cookie.Trafficmp : Ignored :mozilla.28:C:\Documents and Settings\James\Application Data\Mozilla\Firefox\Profiles\rnc7wepj.default\cookies.txt -> Spyware.Cookie.Trafficmp : Ignored :mozilla.29:C:\Documents and Settings\James\Application Data\Mozilla\Firefox\Profiles\rnc7wepj.default\cookies.txt -> Spyware.Cookie.Trafficmp : Ignored :mozilla.30:C:\Documents and Settings\James\Application Data\Mozilla\Firefox\Profiles\rnc7wepj.default\cookies.txt -> Spyware.Cookie.Trafficmp : Ignored :mozilla.31:C:\Documents and Settings\James\Application Data\Mozilla\Firefox\Profiles\rnc7wepj.default\cookies.txt -> Spyware.Cookie.Trafficmp : Ignored :mozilla.32:C:\Documents and Settings\James\Application Data\Mozilla\Firefox\Profiles\rnc7wepj.default\cookies.txt -> Spyware.Cookie.Trafficmp : Ignored :mozilla.33:C:\Documents and Settings\James\Application Data\Mozilla\Firefox\Profiles\rnc7wepj.default\cookies.txt -> Spyware.Cookie.Trafficmp : Ignored :mozilla.34:C:\Documents and Settings\James\Application Data\Mozilla\Firefox\Profiles\rnc7wepj.default\cookies.txt -> Spyware.Cookie.Trafficmp : Ignored :mozilla.42:C:\Documents and Settings\James\Application Data\Mozilla\Firefox\Profiles\rnc7wepj.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Ignored :mozilla.43:C:\Documents and Settings\James\Application Data\Mozilla\Firefox\Profiles\rnc7wepj.default\cookies.txt -> Spyware.Cookie.Doubleclick : Ignored :mozilla.44:C:\Documents and Settings\James\Application Data\Mozilla\Firefox\Profiles\rnc7wepj.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Ignored :mozilla.46:C:\Documents and Settings\James\Application Data\Mozilla\Firefox\Profiles\rnc7wepj.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Ignored :mozilla.47:C:\Documents and Settings\James\Application Data\Mozilla\Firefox\Profiles\rnc7wepj.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Ignored :mozilla.58:C:\Documents and Settings\James\Application Data\Mozilla\Firefox\Profiles\rnc7wepj.default\cookies.txt -> Spyware.Cookie.Advertising : Ignored :mozilla.59:C:\Documents and Settings\James\Application Data\Mozilla\Firefox\Profiles\rnc7wepj.default\cookies.txt -> Spyware.Cookie.Advertising : Ignored :mozilla.60:C:\Documents and Settings\James\Application Data\Mozilla\Firefox\Profiles\rnc7wepj.default\cookies.txt -> Spyware.Cookie.Advertising : Ignored :mozilla.62:C:\Documents and Settings\James\Application Data\Mozilla\Firefox\Profiles\rnc7wepj.default\cookies.txt -> Spyware.Cookie.Advertising : Ignored :mozilla.63:C:\Documents and Settings\James\Application Data\Mozilla\Firefox\Profiles\rnc7wepj.default\cookies.txt -> Spyware.Cookie.Advertising : Ignored :mozilla.73:C:\Documents and Settings\James\Application Data\Mozilla\Firefox\Profiles\rnc7wepj.default\cookies.txt -> Spyware.Cookie.Fastclick : Ignored :mozilla.74:C:\Documents and Settings\James\Application Data\Mozilla\Firefox\Profiles\rnc7wepj.default\cookies.txt -> Spyware.Cookie.Fastclick : Ignored :mozilla.75:C:\Documents and Settings\James\Application Data\Mozilla\Firefox\Profiles\rnc7wepj.default\cookies.txt -> Spyware.Cookie.Fastclick : Ignored :mozilla.76:C:\Documents and Settings\James\Application Data\Mozilla\Firefox\Profiles\rnc7wepj.default\cookies.txt -> Spyware.Cookie.Fastclick : Ignored :mozilla.77:C:\Documents and Settings\James\Application Data\Mozilla\Firefox\Profiles\rnc7wepj.default\cookies.txt -> Spyware.Cookie.Specificclick : Ignored :mozilla.78:C:\Documents and Settings\James\Application Data\Mozilla\Firefox\Profiles\rnc7wepj.default\cookies.txt -> Spyware.Cookie.Specificclick : Ignored :mozilla.79:C:\Documents and Settings\James\Application Data\Mozilla\Firefox\Profiles\rnc7wepj.default\cookies.txt -> Spyware.Cookie.Specificclick : Ignored :mozilla.80:C:\Documents and Settings\James\Application Data\Mozilla\Firefox\Profiles\rnc7wepj.default\cookies.txt -> Spyware.Cookie.Specificclick : Ignored :mozilla.81:C:\Documents and Settings\James\Application Data\Mozilla\Firefox\Profiles\rnc7wepj.default\cookies.txt -> Spyware.Cookie.Specificclick : Ignored :mozilla.89:C:\Documents and Settings\James\Application Data\Mozilla\Firefox\Profiles\rnc7wepj.default\cookies.txt -> Spyware.Cookie.Mediaplex : Ignored :mozilla.91:C:\Documents and Settings\James\Application Data\Mozilla\Firefox\Profiles\rnc7wepj.default\cookies.txt -> Spyware.Cookie.Euroclick : Ignored :mozilla.92:C:\Documents and Settings\James\Application Data\Mozilla\Firefox\Profiles\rnc7wepj.default\cookies.txt -> Spyware.Cookie.Euroclick : Ignored :mozilla.93:C:\Documents and Settings\James\Application Data\Mozilla\Firefox\Profiles\rnc7wepj.default\cookies.txt -> Spyware.Cookie.Euroclick : Ignored :mozilla.94:C:\Documents and Settings\James\Application Data\Mozilla\Firefox\Profiles\rnc7wepj.default\cookies.txt -> Spyware.Cookie.Tradedoubler : Ignored :mozilla.107:C:\Documents and Settings\James\Application Data\Mozilla\Firefox\Profiles\rnc7wepj.default\cookies.txt -> Spyware.Cookie.Com : Ignored :mozilla.108:C:\Documents and Settings\James\Application Data\Mozilla\Firefox\Profiles\rnc7wepj.default\cookies.txt -> Spyware.Cookie.Com : Ignored :mozilla.109:C:\Documents and Settings\James\Application Data\Mozilla\Firefox\Profiles\rnc7wepj.default\cookies.txt -> Spyware.Cookie.Pointroll : Ignored :mozilla.110:C:\Documents and Settings\James\Application Data\Mozilla\Firefox\Profiles\rnc7wepj.default\cookies.txt -> Spyware.Cookie.Pointroll : Ignored :mozilla.111:C:\Documents and Settings\James\Application Data\Mozilla\Firefox\Profiles\rnc7wepj.default\cookies.txt -> Spyware.Cookie.Pointroll : Ignored :mozilla.114:C:\Documents and Settings\James\Application Data\Mozilla\Firefox\Profiles\rnc7wepj.default\cookies.txt -> Spyware.Cookie.Serving-sys : Ignored :mozilla.115:C:\Documents and Settings\James\Application Data\Mozilla\Firefox\Profiles\rnc7wepj.default\cookies.txt -> Spyware.Cookie.Serving-sys : Ignored :mozilla.116:C:\Documents and Settings\James\Application Data\Mozilla\Firefox\Profiles\rnc7wepj.default\cookies.txt -> Spyware.Cookie.Serving-sys : Ignored :mozilla.117:C:\Documents and Settings\James\Application Data\Mozilla\Firefox\Profiles\rnc7wepj.default\cookies.txt -> Spyware.Cookie.Serving-sys : Ignored :mozilla.118:C:\Documents and Settings\James\Application Data\Mozilla\Firefox\Profiles\rnc7wepj.default\cookies.txt -> Spyware.Cookie.Targetnet : Ignored :mozilla.119:C:\Documents and Settings\James\Application Data\Mozilla\Firefox\Profiles\rnc7wepj.default\cookies.txt -> Spyware.Cookie.Targetnet : Ignored :mozilla.121:C:\Documents and Settings\James\Application Data\Mozilla\Firefox\Profiles\rnc7wepj.default\cookies.txt -> Spyware.Cookie.Casalemedia : Ignored :mozilla.122:C:\Documents and Settings\James\Application Data\Mozilla\Firefox\Profiles\rnc7wepj.default\cookies.txt -> Spyware.Cookie.Casalemedia : Ignored :mozilla.123:C:\Documents and Settings\James\Application Data\Mozilla\Firefox\Profiles\rnc7wepj.default\cookies.txt -> Spyware.Cookie.Bluestreak : Ignored :mozilla.125:C:\Documents and Settings\James\Application Data\Mozilla\Firefox\Profiles\rnc7wepj.default\cookies.txt -> Spyware.Cookie.Questionmarket : Ignored :mozilla.8:C:\Documents and Settings\Leslie\Application Data\Mozilla\Firefox\Profiles\0acgw7nc.default\cookies.txt -> Spyware.Cookie.Advertising : Ignored :mozilla.12:C:\Documents and Settings\Leslie\Application Data\Mozilla\Firefox\Profiles\0acgw7nc.default\cookies.txt -> Spyware.Cookie.Advertising : Ignored :mozilla.14:C:\Documents and Settings\Leslie\Application Data\Mozilla\Firefox\Profiles\0acgw7nc.default\cookies.txt -> Spyware.Cookie.Advertising : Ignored :mozilla.15:C:\Documents and Settings\Leslie\Application Data\Mozilla\Firefox\Profiles\0acgw7nc.default\cookies.txt -> Spyware.Cookie.Advertising : Ignored :mozilla.18:C:\Documents and Settings\Leslie\Application Data\Mozilla\Firefox\Profiles\0acgw7nc.default\cookies.txt -> Spyware.Cookie.Advertising : Ignored :mozilla.19:C:\Documents and Settings\Leslie\Application Data\Mozilla\Firefox\Profiles\0acgw7nc.default\cookies.txt -> Spyware.Cookie.Advertising : Ignored :mozilla.20:C:\Documents and Settings\Leslie\Application Data\Mozilla\Firefox\Profiles\0acgw7nc.default\cookies.txt -> Spyware.Cookie.Advertising : Ignored :mozilla.21:C:\Documents and Settings\Leslie\Application Data\Mozilla\Firefox\Profiles\0acgw7nc.default\cookies.txt -> Spyware.Cookie.Advertising : Ignored :mozilla.22:C:\Documents and Settings\Leslie\Application Data\Mozilla\Firefox\Profiles\0acgw7nc.default\cookies.txt -> Spyware.Cookie.Advertising : Ignored :mozilla.23:C:\Documents and Settings\Leslie\Application Data\Mozilla\Firefox\Profiles\0acgw7nc.default\cookies.txt -> Spyware.Cookie.Advertising : Ignored :mozilla.24:C:\Documents and Settings\Leslie\Application Data\Mozilla\Firefox\Profiles\0acgw7nc.default\cookies.txt -> Spyware.Cookie.Advertising : Ignored :mozilla.44:C:\Documents and Settings\Leslie\Application Data\Mozilla\Firefox\Profiles\0acgw7nc.default\cookies.txt -> Spyware.Cookie.Adserver : Ignored :mozilla.45:C:\Documents and Settings\Leslie\Application Data\Mozilla\Firefox\Profiles\0acgw7nc.default\cookies.txt -> Spyware.Cookie.Adserver : Ignored :mozilla.46:C:\Documents and Settings\Leslie\Application Data\Mozilla\Firefox\Profiles\0acgw7nc.default\cookies.txt -> Spyware.Cookie.Fastclick : Ignored :mozilla.47:C:\Documents and Settings\Leslie\Application Data\Mozilla\Firefox\Profiles\0acgw7nc.default\cookies.txt -> Spyware.Cookie.Fastclick : Ignored :mozilla.48:C:\Documents and Settings\Leslie\Application Data\Mozilla\Firefox\Profiles\0acgw7nc.default\cookies.txt -> Spyware.Cookie.Fastclick : Ignored :mozilla.49:C:\Documents and Settings\Leslie\Application Data\Mozilla\Firefox\Profiles\0acgw7nc.default\cookies.txt -> Spyware.Cookie.Fastclick : Ignored :mozilla.63:C:\Documents and Settings\Leslie\Application Data\Mozilla\Firefox\Profiles\0acgw7nc.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Ignored :mozilla.66:C:\Documents and Settings\Leslie\Application Data\Mozilla\Firefox\Profiles\0acgw7nc.default\cookies.txt -> Spyware.Cookie.Mediaplex : Ignored :mozilla.72:C:\Documents and Settings\Leslie\Application Data\Mozilla\Firefox\Profiles\0acgw7nc.default\cookies.txt -> Spyware.Cookie.Googleadservices : Ignored C:\Documents and Settings\Dick\Cookies\dick@abetterinternet[2].txt -> Spyware.Cookie.Abetterinternet : Cleaned with backup :mozilla.41:C:\Documents and Settings\James\Application Data\Mozilla\Firefox\Profiles\rnc7wepj.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup :mozilla.45:C:\Documents and Settings\James\Application Data\Mozilla\Firefox\Profiles\rnc7wepj.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup :mozilla.61:C:\Documents and Settings\James\Application Data\Mozilla\Firefox\Profiles\rnc7wepj.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup C:\Documents and Settings\Leslie\Cookies\leslie@abetterinternet[1].txt -> Spyware.Cookie.Abetterinternet : Cleaned with backup C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1063\A0244001.exe -> Trojan.Stervis.h : Cleaned with backup C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1068\A0244193.exe -> Trojan.Stervis.h : Cleaned with backup C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1068\A0244194.dll -> Trojan.Agent.iw : Cleaned with backup C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1069\A0244262.exe -> Trojan.Stervis.h : Cleaned with backup C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1069\A0244263.dll -> Trojan.Agent.iw : Cleaned with backup C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1069\A0244278.exe -> Trojan.Stervis.h : Cleaned with backup C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1069\A0244279.dll -> Trojan.Agent.iw : Cleaned with backup C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1069\A0244296.exe -> Trojan.Stervis.h : Cleaned with backup C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1069\A0244297.dll -> Trojan.Agent.iw : Cleaned with backup C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1070\A0244314.exe -> Trojan.Stervis.h : Cleaned with backup C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1070\A0244339.exe -> Trojan.Stervis.h : Cleaned with backup C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1070\A0244340.dll -> Trojan.Agent.iw : Cleaned with backup C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1070\A0244360.exe -> Trojan.Stervis.h : Cleaned with backup C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1070\A0244361.dll -> Trojan.Agent.iw : Cleaned with backup C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1073\A0244539.exe -> Trojan.Stervis.h : Cleaned with backup C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1073\A0244540.dll -> Trojan.Agent.iw : Cleaned with backup C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1074\A0244552.dll -> Trojan.Agent.iw : Cleaned with backup C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1074\A0244554.exe -> Trojan.Stervis.h : Cleaned with backup C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1075\A0244560.dll -> Trojan.Agent.iw : Cleaned with backup C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1075\A0244588.exe -> Trojan.Stervis.h : Cleaned with backup C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1076\A0244620.dll -> Trojan.Agent.iw : Cleaned with backup C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1076\A0244621.exe -> Trojan.Stervis.h : Cleaned with backup C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1077\A0244634.dll -> Trojan.Agent.iw : Cleaned with backup C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1077\A0244638.exe -> TrojanDropper.Paradrop.a : Cleaned with backup C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1077\A0244646.exe -> Trojan.Stervis.h : Cleaned with backup C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1078\A0244660.exe -> TrojanDropper.Paradrop.a : Cleaned with backup C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1079\A0244681.exe -> TrojanDropper.Paradrop.a : Cleaned with backup C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1079\A0244692.exe -> TrojanDropper.Paradrop.a : Cleaned with backup C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1079\A0244693.exe -> TrojanDropper.Paradrop.a : Cleaned with backup C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1079\A0244694.exe -> TrojanDropper.Paradrop.a : Cleaned with backup C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1079\A0244717.exe -> TrojanDropper.Paradrop.a : Cleaned with backup C:\WINDOWS\SYSTEM32\jknbdqh.exe -> TrojanDropper.Paradrop.a : Cleaned with backup C:\WINDOWS\Temp\Cookies\leslie@2o7[2].txt -> Spyware.Cookie.2o7 : Cleaned with backup C:\WINDOWS\Temp\Cookies\leslie@abetterinternet[1].txt -> Spyware.Cookie.Abetterinternet : Cleaned with backup C:\WINDOWS\Temp\Cookies\leslie@trafficmp[2].txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
::Report End
Finally, here is my new HJT log:
Logfile of HijackThis v1.99.1 Scan saved at 12:26:13 PM, on 9/22/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Intel\ASF Agent\ASFAgent.exe C:\WINDOWS\System32\drivers\CDAC11BA.EXE C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe C:\Program Files\NavNT\defwatch.exe C:\Program Files\ewido\security suite\ewidoctrl.exe C:\Program Files\ewido\security suite\ewidoguard.exe C:\Program Files\Dell\OpenManage\Client\Iap.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\NavNT\rtvscan.exe C:\WINDOWS\system32\RioMSC.exe C:\WINDOWS\System32\tcpsvcs.exe C:\WINDOWS\System32\snmp.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\MsPMSPSv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\MsgSys.EXE C:\Program Files\Hewlett-Packard\AiO\hp psc 900 series\Bin\hpobrt07.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\ArcSoft\Media Card Companion\MCC Monitor.exe G:\WinZip\WZQKPICK.EXE C:\Program Files\Verizon Online\bin\mpbtn.exe C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe C:\WINDOWS\system32\hpoipm07.exe C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOFXM07.exe C:\WINDOWS\system32\wuauclt.exe C:\HJT\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://education.dellnet.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr6/*http://www.yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://education.dellnet.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1 R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll O2 - BHO: (no name) - SOFTWARE - (no file) O2 - BHO: Band Class - {00F1D395-4744-40f0-A611-980F61AE2C59} - C:\WINDOWS\dsr.dll (file missing) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: Verizon Broadband Toolbar - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - C:\PROGRA~1\COMMON~1\VERIZO~1\SFP\vzbb.dll (file missing) O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll O3 - Toolbar: Verizon Broadband Toolbar - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - C:\PROGRA~1\COMMON~1\VERIZO~1\SFP\vzbb.dll (file missing) O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - Global Startup: Adobe Gamma Loader.lnk = ? O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe O4 - Global Startup: HPAiODevice(hp psc 900 series) - 1.lnk = C:\Program Files\Hewlett-Packard\AiO\hp psc 900 series\Bin\hpobrt07.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: Monitor.lnk = C:\Program Files\ArcSoft\Media Card Companion\MCC Monitor.exe O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe O4 - Global Startup: Quicken Startup.lnk = C:\Program Files\Quicken\QWDLLS.EXE O4 - Global Startup: Verizon Online Support Center.lnk = C:\Program Files\Verizon Online\bin\matcli.exe O4 - Global Startup: WinZip Quick Pick.lnk = G:\WinZip\WZQKPICK.EXE O4 - Global Startup: Wireless USB Network Adapter Config Utility.lnk.disabled O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll (file missing) O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll (file missing) O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Documents and Settings\Stephanie\My Documents\Stuff\aim.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX.cab O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab O16 - DPF: {C1BAC744-8F0B-11D0-89E7-00C0A8295197} (Cameractl Class) - http://www.berkeley.edu/webcams/camera.cab O16 - DPF: {CE9E88DD-FC6F-11D4-87EC-00B0D025628B} (SAS Graph v9) - http://www2.sas.com/codebase/graph/v9/sasgraph.exe O16 - DPF: {E856B973-45FD-4559-8F82-EAB539144667} (Dell PC Checkup Installer Control) - http://pccheckup.dellfix.com/rel/35/install/gtdownde.cab O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/2,0,0,4585/mcfscan.cab O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll O23 - Service: ASF Agent (ASFAgent) - Intel Corporation - C:\Program Files\Intel\ASF Agent\ASFAgent.exe O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe O23 - Service: Iap - Dell Computer Corporation - C:\Program Files\Dell\OpenManage\Client\Iap.exe O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe O23 - Service: Rio MSC Manager (RioMSC) - Digital Networks North America, Inc. - C:\WINDOWS\system32\RioMSC.exe O23 - Service: sasrfc Service (sasrfcService) - Unknown owner - C:\Program Files\SAS Institute\SAS\V8\access\sasexe\sasrfc.exe | | TheJoker MVM join:2001-04-26 Charlottesville, VA |
to LeslieB
Why keep the other tracking cookies? Those are for tracking, I would get rid of them if it was me, but they won't harm anything. If you decide to do that, just run Ewido again, and there would be no need to run it in Safe mode like before.
Now you need to run HijackThis and click "Do a system scan only." Place a check next to the following entries (if they are still there):
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = »red.clientapps.yahoo.com/customize/ie/.. R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1 O2 - BHO: (no name) - SOFTWARE - (no file) O2 - BHO: Band Class - {00F1D395-4744-40f0-A611-980F61AE2C59} - C:\WINDOWS\dsr.dll (file missing) O2 - BHO: Verizon Broadband Toolbar - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - C:\PROGRA~1\COMMON~1\VERIZO~1\SFP\vzbb.dll (file missing) O3 - Toolbar: Verizon Broadband Toolbar - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - C:\PROGRA~1\COMMON~1\VERIZO~1\SFP\vzbb.dll (file missing)
You can optionally check the following entry. This is part of Microsoft Office located in your Startup folder, but its not needed, and its a resource hog: O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
Now close all browser and other windows except for HijackThis, and click "Fix Checked" to have HijackThis fix the entries you checked.
Please restart your system, can post a new HijackThis log. | | |
LeslieB
Anon
2005-Sep-23 8:12 am
I kept the cookies because, although I know what tracking cookies are, I did not know exactly who put them there. Actually, at that time I think I'd done one too many scans (some of which take hours) and was getting a bit loopy. However, I have since removed them and ran the HJT 'fix checked' job as you suggested. I'm keeping my fingers crossed, because I have seen no more unwanted pop-ups since running the VX2 Cleaner plug-in with Ad-Aware. So if you still want my first born.... No, really thank you, my family and I can't thank you enough.
One tiny question. I opened the program remover task on the control panel. The task "The Best Offers" is still there and still won't let me remove it unless I go to their web site and use their remover. Now I know sometimes I do dumb things like not removing tracking cookies, but I'm not THAT stupid. Any idea how to manually remove it and/or any thoughts that it may start up again since it's still sitting there.
Once again thank you,
Leslie | | LeslieB |
LeslieB
Anon
2005-Sep-23 8:19 am
I meant to attach my last log from HJT to my above message:
Logfile of HijackThis v1.99.1 Scan saved at 8:02:25 AM, on 9/23/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Intel\ASF Agent\ASFAgent.exe C:\WINDOWS\System32\drivers\CDAC11BA.EXE C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe C:\Program Files\NavNT\defwatch.exe C:\Program Files\ewido\security suite\ewidoctrl.exe C:\Program Files\ewido\security suite\ewidoguard.exe C:\Program Files\Dell\OpenManage\Client\Iap.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\NavNT\rtvscan.exe C:\WINDOWS\system32\RioMSC.exe C:\WINDOWS\System32\tcpsvcs.exe C:\WINDOWS\System32\snmp.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\MsPMSPSv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\MsgSys.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Hewlett-Packard\AiO\hp psc 900 series\Bin\hpobrt07.exe C:\Program Files\ArcSoft\Media Card Companion\MCC Monitor.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Verizon Online\bin\mpbtn.exe G:\WinZip\WZQKPICK.EXE C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOFXM07.exe C:\WINDOWS\system32\hpoipm07.exe C:\Program Files\Common Files\Vbox\Common\vboxm.dll C:\WINDOWS\system32\RUNDLL32.exe C:\WINDOWS\system32\RUNDLL32.exe C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe C:\HJT\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://education.dellnet.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://education.dellnet.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: Adobe Gamma Loader.lnk = ? O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe O4 - Global Startup: HPAiODevice(hp psc 900 series) - 1.lnk = C:\Program Files\Hewlett-Packard\AiO\hp psc 900 series\Bin\hpobrt07.exe O4 - Global Startup: Monitor.lnk = C:\Program Files\ArcSoft\Media Card Companion\MCC Monitor.exe O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe O4 - Global Startup: Quicken Startup.lnk = C:\Program Files\Quicken\QWDLLS.EXE O4 - Global Startup: Verizon Online Support Center.lnk = C:\Program Files\Verizon Online\bin\matcli.exe O4 - Global Startup: WinZip Quick Pick.lnk = G:\WinZip\WZQKPICK.EXE O4 - Global Startup: Wireless USB Network Adapter Config Utility.lnk.disabled O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll (file missing) O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll (file missing) O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Documents and Settings\Stephanie\My Documents\Stuff\aim.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX.cab O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab O16 - DPF: {C1BAC744-8F0B-11D0-89E7-00C0A8295197} (Cameractl Class) - http://www.berkeley.edu/webcams/camera.cab O16 - DPF: {CE9E88DD-FC6F-11D4-87EC-00B0D025628B} (SAS Graph v9) - http://www2.sas.com/codebase/graph/v9/sasgraph.exe O16 - DPF: {E856B973-45FD-4559-8F82-EAB539144667} (Dell PC Checkup Installer Control) - http://pccheckup.dellfix.com/rel/35/install/gtdownde.cab O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/2,0,0,4585/mcfscan.cab O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll O23 - Service: ASF Agent (ASFAgent) - Intel Corporation - C:\Program Files\Intel\ASF Agent\ASFAgent.exe O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe O23 - Service: Iap - Dell Computer Corporation - C:\Program Files\Dell\OpenManage\Client\Iap.exe O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe O23 - Service: Rio MSC Manager (RioMSC) - Digital Networks North America, Inc. - C:\WINDOWS\system32\RioMSC.exe O23 - Service: sasrfc Service (sasrfcService) - Unknown owner - C:\Program Files\SAS Institute\SAS\V8\access\sasexe\sasrfc.exe | | TheJoker MVM join:2001-04-26 Charlottesville, VA |
to LeslieB
Congratulations, your HijackThis log is clean. All I see left is the uninstall entry for Best Offers that you mentioned, so lets get rid of that. Open HijackThis, and click the " Open the Misc Tools section" button, and in the window that opens, click the " Open Uninstall Manager" button. In the program list, find "Best Offers", left click on it once, and then left-click the " Delete this entry" button. Ok your way out, and close HijackThis. You need a software firewall. I didn't see one in your HijackThis log. Two free firewalls are Zone Alarm from zonelabs.com » www.zonelabs.com/store/c ··· load.jsp or Kerio Personal Firewall available from » www.kerio.com/us/kpf_home.html. There is a tutorial on understanding firewalls at » www.bleepingcomputer.com ··· l60.html. There are several free utilities you can use to help keep malware off your system: A HOSTS file will prevent Internet Explorer from communicating with sites associated with adware or spyware. A good regularly updated HOST file is MVPS HOSTS File, available at » www.mvps.org/winhelp2002 ··· osts.htm. IE/SPYAD adds sites associated with ads and spyware to your Internet Restricted Zone and you can download that at » netfiles.uiuc.edu/ehowes ··· #IESPYAD. A free non-resident utility to prevent the installation of ActiveX-based malware is JavaCool's SpywareBlaster. For real-time protection, there is SpywareGuard. Both are available at » www.javacoolsoftware.com ··· cts.html. I recommend reading Tony Klein's article How did I get Infected? at » www.computercops.biz/pos ··· 36-.htmlDoes your problem appear fixed? | | |
LeslieB
Anon
2005-Sep-23 1:06 pm
Thanks again - that worked. And yes, I'm glad of your advice to install a software firewall. Once I fixed things, I intended to figure out how to prevent this happening again. It's been a long strange journey (For someone from UNIX land). First you're told to install something like Norton. Then Adaware and Spybot and let's not forget to clean up all the temp files so there's Cleanup! Then a problem like this occurs and you need all the utilities like ewido and cwshredder. I'm starting to think that half my PC will be devoted to protecting my PC.
But, at least my faith in humanity is being restored by people like you and the rest on this board! You don't by any chance have an aunt and uncle who just moved to VA? | | |
UncleJesse to TheJoker
Anon
2005-Sep-25 11:17 pm
to TheJoker
Thank's Joker. I didn't have to ask the question and you've saved me hours of work allready. You really have gone above and beyond for LeslieB so I just wanted you to know that it didn't stop there. Thanks again. | | Flatey join:2005-12-02 Winnipeg, MB |
to John2g
Hi, site noob here. I wont quote everything here tho but i just read joker explain this. Now im just trying to understand it all. So... Ill just say that ive been having bandwidth problems, PC cillin didnt catch anything, and niether did microcraps antiSpyware for XP. SO the first thing i did was use Scan with Microtrend HOUSECALL and came up with a pile of cookies and SPYW EXCTSEAR.A So not knowing what this was i got housecall to remove them all. SO i did a search on that spyw exctsear.a and it gave me this site. So hear i am. THEN i read through everything here and downloaded the following. :ewido security suite : Adaware SE personal : CCleaner :spybotS&D and Hijackthis Ive installed everything and only ran Adaware... i dont see the original file Housecall removed. COuldnt update ewido for some reason after installing it. Showed no updates, so hopefully its just the right version. So im guessing this is why i didnt see anything displayed as " update Successful" DL'd and installed adaware with the VX2 Cleaner plug in only after id already scanned once(think thats where i messed up already). If ive already screwed up here... Can i get a little help in the right sequence i can try again?... I dont wanna mess anything else up. If thats possible. Much appreciated folks. bear with me. :inflateablesoulmate | | John2gQui Tacet Consentit Premium Member join:2001-08-10 England |
John2g
Premium Member
2005-Dec-2 5:36 am
I didn't understand your post. If you have a problem with your computer, you should start here:» Security » I think my computer is infected or hijacked. What should I do? | | Flatey join:2005-12-02 Winnipeg, MB |
to LeslieB
alright. thnx The only reason i started here is becuase when i first did a search on SPYW EXCTSEAR.A This thread was the only result. But ill go check out noobland. | |
|