Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Adware-Zeno Removal

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Unread postby Paul W. » September 10th, 2007, 12:57 am

/--------------------------------------------------------------\
| Trend Micro System Cleaner |
| Copyright 2006, Trend Micro, Inc. |
| http://www.antivirus.com |
\--------------------------------------------------------------/


2007-09-09, 23:04:34, Running scanner "C:\Documents and Settings\Paul Wills Sr\Desktop\Trend Micro\TSC.BIN"...
2007-09-09, 23:04:54, Scanner "C:\Documents and Settings\Paul Wills Sr\Desktop\Trend Micro\TSC.BIN" has finished running.
2007-09-09, 23:04:54, TSC Log:

2007-09-09, 23:06:02, An error was detected on "C:\System Volume Information\*.*": Access is denied.
2007-09-09, 23:55:04, Files Detected:
Copyright (c) 1990 - 2004 Trend Micro Inc.
Report Date : 9/9/2007 23:06:15
VSAPI Engine Version : 8.000-1001
VSCANTM Version : 1.1-1001
Virus Pattern Version : 705 (224083 Patterns) (2007/09/07) (470500)
Command Line: C:\Documents and Settings\Paul Wills Sr\Desktop\Trend Micro\VSCANTM.BIN /NBPM /S /CLEANALL /DCEGENCLEAN /LAPPEND /LD /LC /LCF /NM /NB C:\*.* /P=C:\Documents and Settings\Paul Wills Sr\Desktop\Trend Micro

C:\qoobox\Quarantine\C\Program Files\Windows NT\megeri22011.exe.vir [TROJ_DLOADER.NXG]
C:\qoobox\Quarantine\C\VundoFix Backups\awfxfctm.dll.bad.vir [TROJ_VUNDO.BBT]
C:\qoobox\Quarantine\C\VundoFix Backups\bmijorcq.dll.bad.vir [TROJ_VUNDO.BBT]
C:\qoobox\Quarantine\C\VundoFix Backups\cxrtwftf.dll.bad.vir [TROJ_VUNDO.BBT]
C:\qoobox\Quarantine\C\VundoFix Backups\dfsjfatn.dll.bad.vir [TROJ_VUNDO.BBT]
C:\qoobox\Quarantine\C\VundoFix Backups\dsrjjoew.dll.bad.vir [TROJ_VUNDO.BBT]
C:\qoobox\Quarantine\C\VundoFix Backups\hhtsxpwt.dll.bad.vir [TROJ_VUNDO.BBT]
C:\qoobox\Quarantine\C\VundoFix Backups\hiqdnkxu.dll.bad.vir [TROJ_VUNDO.BBT]
C:\qoobox\Quarantine\C\VundoFix Backups\hjuvkiwf.dll.bad.vir [TROJ_VUNDO.BBT]
C:\qoobox\Quarantine\C\VundoFix Backups\hojrhqig.dll.bad.vir [TROJ_VUNDO.BBT]
C:\qoobox\Quarantine\C\VundoFix Backups\igvrxele.dll.bad.vir [TROJ_VUNDO.BBT]
C:\qoobox\Quarantine\C\VundoFix Backups\jpjmonlr.dll.bad.vir [TROJ_VUNDO.BBT]
C:\qoobox\Quarantine\C\VundoFix Backups\kiqdjupe.dll.bad.vir [TROJ_VUNDO.BBT]
C:\qoobox\Quarantine\C\VundoFix Backups\njugxini.dll.bad.vir [TROJ_VUNDO.BBT]
C:\qoobox\Quarantine\C\VundoFix Backups\olgisait.dll.bad.vir [TROJ_VUNDO.BBT]
C:\qoobox\Quarantine\C\VundoFix Backups\ooosfsho.dll.bad.vir [TROJ_VUNDO.BBT]
C:\qoobox\Quarantine\C\VundoFix Backups\psmwtctu.dll.bad.vir [TROJ_VUNDO.BBT]
C:\qoobox\Quarantine\C\VundoFix Backups\pvmnkanm.dll.bad.vir [TROJ_VUNDO.BBT]
C:\qoobox\Quarantine\C\VundoFix Backups\qnkbfykc.dll.bad.vir [TROJ_VUNDO.BBT]
C:\qoobox\Quarantine\C\VundoFix Backups\rradbyxt.dll.bad.vir [TROJ_VUNDO.BBT]
C:\qoobox\Quarantine\C\VundoFix Backups\upbdtiis.dll.bad.vir [TROJ_VUNDO.BBT]
C:\qoobox\Quarantine\C\VundoFix Backups\ventxwdc.dll.bad.vir [TROJ_VUNDO.BBT]
C:\qoobox\Quarantine\C\VundoFix Backups\vxpicqcr.dll.bad.vir [TROJ_VUNDO.BBT]
C:\qoobox\Quarantine\C\VundoFix Backups\wbpofnjp.dll.bad.vir [TROJ_VUNDO.BBT]
C:\qoobox\Quarantine\C\VundoFix Backups\wftdhgtj.dll.bad.vir [TROJ_VUNDO.BBT]
C:\qoobox\Quarantine\C\VundoFix Backups\whpocxsl.dll.bad.vir [TROJ_VUNDO.BBT]
C:\qoobox\Quarantine\C\VundoFix Backups\wlilcthm.dll.bad.vir [TROJ_VUNDO.BBT]
C:\qoobox\Quarantine\C\VundoFix Backups\xqjeblro.dll.bad.vir [TROJ_VUNDO.BBT]
65922 files have been read.
65922 files have been checked.
59281 files have been scanned.
112350 files have been scanned. (including files in archived)
28 files containing viruses.
Found 28 viruses totally.
Maybe 0 viruses totally.
Stop At : 9/9/2007 23:55:04
---------*---------*---------*---------*---------*---------*---------*---------*
2007-09-09, 23:55:04, Files Clean:
Copyright (c) 1990 - 2004 Trend Micro Inc.
Report Date : 9/9/2007 23:06:15
VSAPI Engine Version : 8.000-1001
VSCANTM Version : 1.1-1001
Virus Pattern Version : 705 (224083 Patterns) (2007/09/07) (470500)
Command Line: C:\Documents and Settings\Paul Wills Sr\Desktop\Trend Micro\VSCANTM.BIN /NBPM /S /CLEANALL /DCEGENCLEAN /LAPPEND /LD /LC /LCF /NM /NB C:\*.* /P=C:\Documents and Settings\Paul Wills Sr\Desktop\Trend Micro

Success Clean [TROJ_DLOADER.NXG]( 1) from C:\qoobox\Quarantine\C\Program Files\Windows NT\megeri22011.exe.vir
Success Clean [ TROJ_VUNDO.BBT]( 1) from C:\qoobox\Quarantine\C\VundoFix Backups\awfxfctm.dll.bad.vir
Success Clean [ TROJ_VUNDO.BBT]( 1) from C:\qoobox\Quarantine\C\VundoFix Backups\bmijorcq.dll.bad.vir
Success Clean [ TROJ_VUNDO.BBT]( 1) from C:\qoobox\Quarantine\C\VundoFix Backups\cxrtwftf.dll.bad.vir
Success Clean [ TROJ_VUNDO.BBT]( 1) from C:\qoobox\Quarantine\C\VundoFix Backups\dfsjfatn.dll.bad.vir
Success Clean [ TROJ_VUNDO.BBT]( 1) from C:\qoobox\Quarantine\C\VundoFix Backups\dsrjjoew.dll.bad.vir
Success Clean [ TROJ_VUNDO.BBT]( 1) from C:\qoobox\Quarantine\C\VundoFix Backups\hhtsxpwt.dll.bad.vir
Success Clean [ TROJ_VUNDO.BBT]( 1) from C:\qoobox\Quarantine\C\VundoFix Backups\hiqdnkxu.dll.bad.vir
Success Clean [ TROJ_VUNDO.BBT]( 1) from C:\qoobox\Quarantine\C\VundoFix Backups\hjuvkiwf.dll.bad.vir
Success Clean [ TROJ_VUNDO.BBT]( 1) from C:\qoobox\Quarantine\C\VundoFix Backups\hojrhqig.dll.bad.vir
Success Clean [ TROJ_VUNDO.BBT]( 1) from C:\qoobox\Quarantine\C\VundoFix Backups\igvrxele.dll.bad.vir
Success Clean [ TROJ_VUNDO.BBT]( 1) from C:\qoobox\Quarantine\C\VundoFix Backups\jpjmonlr.dll.bad.vir
Success Clean [ TROJ_VUNDO.BBT]( 1) from C:\qoobox\Quarantine\C\VundoFix Backups\kiqdjupe.dll.bad.vir
Success Clean [ TROJ_VUNDO.BBT]( 1) from C:\qoobox\Quarantine\C\VundoFix Backups\njugxini.dll.bad.vir
Success Clean [ TROJ_VUNDO.BBT]( 1) from C:\qoobox\Quarantine\C\VundoFix Backups\olgisait.dll.bad.vir
Success Clean [ TROJ_VUNDO.BBT]( 1) from C:\qoobox\Quarantine\C\VundoFix Backups\ooosfsho.dll.bad.vir
Success Clean [ TROJ_VUNDO.BBT]( 1) from C:\qoobox\Quarantine\C\VundoFix Backups\psmwtctu.dll.bad.vir
Success Clean [ TROJ_VUNDO.BBT]( 1) from C:\qoobox\Quarantine\C\VundoFix Backups\pvmnkanm.dll.bad.vir
Success Clean [ TROJ_VUNDO.BBT]( 1) from C:\qoobox\Quarantine\C\VundoFix Backups\qnkbfykc.dll.bad.vir
Success Clean [ TROJ_VUNDO.BBT]( 1) from C:\qoobox\Quarantine\C\VundoFix Backups\rradbyxt.dll.bad.vir
Success Clean [ TROJ_VUNDO.BBT]( 1) from C:\qoobox\Quarantine\C\VundoFix Backups\upbdtiis.dll.bad.vir
Success Clean [ TROJ_VUNDO.BBT]( 1) from C:\qoobox\Quarantine\C\VundoFix Backups\ventxwdc.dll.bad.vir
Success Clean [ TROJ_VUNDO.BBT]( 1) from C:\qoobox\Quarantine\C\VundoFix Backups\vxpicqcr.dll.bad.vir
Success Clean [ TROJ_VUNDO.BBT]( 1) from C:\qoobox\Quarantine\C\VundoFix Backups\wbpofnjp.dll.bad.vir
Success Clean [ TROJ_VUNDO.BBT]( 1) from C:\qoobox\Quarantine\C\VundoFix Backups\wftdhgtj.dll.bad.vir
Success Clean [ TROJ_VUNDO.BBT]( 1) from C:\qoobox\Quarantine\C\VundoFix Backups\whpocxsl.dll.bad.vir
Success Clean [ TROJ_VUNDO.BBT]( 1) from C:\qoobox\Quarantine\C\VundoFix Backups\wlilcthm.dll.bad.vir
Success Clean [ TROJ_VUNDO.BBT]( 1) from C:\qoobox\Quarantine\C\VundoFix Backups\xqjeblro.dll.bad.vir
65922 files have been read.
65922 files have been checked.
59281 files have been scanned.
112350 files have been scanned. (including files in archived)
28 files containing viruses.
Found 28 viruses totally.
Maybe 0 viruses totally.
Stop At : 9/9/2007 23:55:04 48 minutes 48 seconds (2928.33 seconds) has elapsed.

---------*---------*---------*---------*---------*---------*---------*---------*
2007-09-09, 23:55:04, Clean Fail:
Copyright (c) 1990 - 2004 Trend Micro Inc.
Report Date : 9/9/2007 23:06:15
VSAPI Engine Version : 8.000-1001
VSCANTM Version : 1.1-1001
Virus Pattern Version : 705 (224083 Patterns) (2007/09/07) (470500)
Command Line: C:\Documents and Settings\Paul Wills Sr\Desktop\Trend Micro\VSCANTM.BIN /NBPM /S /CLEANALL /DCEGENCLEAN /LAPPEND /LD /LC /LCF /NM /NB C:\*.* /P=C:\Documents and Settings\Paul Wills Sr\Desktop\Trend Micro

65922 files have been read.
65922 files have been checked.
59281 files have been scanned.
112350 files have been scanned. (including files in archived)
28 files containing viruses.
Found 28 viruses totally.
Maybe 0 viruses totally.
Stop At : 9/9/2007 23:55:04 48 minutes 48 seconds (2928.33 seconds) has elapsed.

---------*---------*---------*---------*---------*---------*---------*---------*
2007-09-09, 23:55:04, Scanner "C:\Documents and Settings\Paul Wills Sr\Desktop\Trend Micro\VSCANTM.BIN" has finished running.
Paul W.
Regular Member
 
Posts: 19
Joined: August 27th, 2007, 3:03 am
Location: Illinois
Advertisement
Register to Remove

Unread postby ndmmxiaomayi » September 11th, 2007, 12:32 am

Hello Paul,

Please update your Adobe Reader as it is outdated.

Update Adobe Acrobat Reader

  1. Please uninstall Adobe Reader 7.0.9 before installing the latest version by going to Start > Control Panel and double clicking on Add/Remove Programs. Locate Adobe Reader 7.0.9 and click on Change/Remove to uninstall it.
  2. Click here to download the latest version of Adobe Acrobat Reader.
  3. Select your Windows version and click on Download. If you are using Internet Explorer, you will receive prompts. Allow the installation to be ran and it will be installed automatically for you.

    If you are using other browsers, it will prompt you to save a file. Save this file to your desktop and run it to install the latest version of Adobe Reader.
  4. Close your Internet browser and open it again.

____________________

Uninstall previous versions of Java

Click on Start > Control Panel and double clicking on Add/Remove Programs. Locate Java 2 Runtime Environment, SE v1.4.2_03 and click on Change/Remove to uninstall it.
____________________

Delete folder

Please delete this folder:

C:\qoobox
____________________

In your next reply, please post back a new HijackThis log and a summary of how your computer is performing now. :)
ndmmxiaomayi
MRU Emeritus
MRU Emeritus
 
Posts: 9708
Joined: July 17th, 2006, 9:22 am

Unread postby Paul W. » September 11th, 2007, 1:56 am

My computer is running fine now, Thank You Very Much. Here's the HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 12:52:15 AM, on 9/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe
C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Watch.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.comcast.net/toolbar2.0/search/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.comcast.net/toolbar2.0/search/
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~2\COMCAS~2.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~2\COMCAS~2.DLL
O4 - HKLM\..\Run: [MSKAgentExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MskDetct.exe /startup
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [DVDLauncher] C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKCU\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKCU\..\Run: [DW4] "C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe"
O4 - HKCU\..\Run: [AWMON] "C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Watch.exe"
O4 - HKCU\..\RunOnce: [CheckNetworkConnection] "C:\Program Files\Support.com\providerComcast\desktopdoctor.exe" /flow /flow=diagnosenetwork /trayclick=true /haveconfirmedwiring=true /haverenewed=true /haverestartedmodem=true /onrestart=true /havehealed=true /issuenumber=9a966111-ec8c-4369-be6c-74dd82ac6fe6
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/share ... cgdmgr.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe

Ad-Aware SE Plus
Adobe Reader 8.1.0
AIM 6.0
ATI Display Driver
AVG Anti-Spyware 7.5
Comcast Rhapsody
Comcast Toolbar
Creative MediaSource
Dell Driver Reset Tool
DellSupport
getPlus(R)_ocx
HijackThis 1.99.1
Hotfix for Windows XP (KB896344)
hp deskjet 3600
hp deskjet 3600 series
HP Memories Disc
HP Photo and Imaging 2.0 - Deskjet Series
HP Update
Image Resizer Powertoy for Windows XP
Intel Application Accelerator
Intel(R) 537EP V9x DF PCI Modem
Internet Explorer Default Page
iTunes
Jasc Paint Shop Pro 8 Dell Edition
Java(TM) 6 Update 2
Macromedia Flash Player
McAfee SecurityCenter
McAfee SpamKiller
Microsoft .NET Framework 1.0 Hotfix (KB887998)
Microsoft .NET Framework 1.0 Hotfix (KB930494)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft Office Excel Viewer 2003
Microsoft Office XP Professional with FrontPage
Microsoft PowerPoint Viewer 97
Modem Event Monitor
Modem Helper
Modem On Hold
Musicmatch® Jukebox
Picture Package
PowerDVD 5.3
QuickTime
RealPlayer Basic
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931768)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933566)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937143)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938829)
Sonic Encoders
Sony USB Driver
Sound Blaster Live! 24-bit
The Weather Channel Desktop
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Update for Windows XP (KB920342)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Viewpoint Media Player
Windows Installer 3.1 (KB893803)
Windows Installer 3.1 (KB893803)
Windows Media Player 10
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
Paul W.
Regular Member
 
Posts: 19
Joined: August 27th, 2007, 3:03 am
Location: Illinois

Unread postby ndmmxiaomayi » September 12th, 2007, 1:07 am

Hi Paul,

Please disable Lavasoft Ad-watch temporary as it may interfere with the fixes. You can re-enable it after your computer is clean.

  1. Right click on the Ad-Watch icon in the system tray (next to the clock).
  2. There will be two options called Active and Automatic.
  3. Uncheck (untick) both of these boxes.


Open HijackThis and select Do a system scan only.

Put a check (tick) next to this line: R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - (no file)

Click Fix checked. Close HijackThis.

Please post back a new HijackThis log in your next reply.
ndmmxiaomayi
MRU Emeritus
MRU Emeritus
 
Posts: 9708
Joined: July 17th, 2006, 9:22 am

Unread postby Paul W. » September 12th, 2007, 2:44 am

Here it is. Thank you.


Logfile of HijackThis v1.99.1
Scan saved at 1:40:35 AM, on 9/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe
C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Watch.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.comcast.net/toolbar2.0/search/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.comcast.net/toolbar2.0/search/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~2\COMCAS~2.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~2\COMCAS~2.DLL
O4 - HKLM\..\Run: [MSKAgentExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MskDetct.exe /startup
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [DVDLauncher] C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKCU\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
O4 - HKCU\..\Run: [DW4] "C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe"
O4 - HKCU\..\Run: [AWMON] "C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Watch.exe"
O4 - HKCU\..\RunOnce: [CheckNetworkConnection] "C:\Program Files\Support.com\providerComcast\desktopdoctor.exe" /flow /flow=diagnosenetwork /trayclick=true /haveconfirmedwiring=true /haverenewed=true /haverestartedmodem=true /onrestart=true /havehealed=true /issuenumber=9a966111-ec8c-4369-be6c-74dd82ac6fe6
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/share ... cgdmgr.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe

Ad-Aware SE Plus
Adobe Reader 8.1.0
AIM 6.0
ATI Display Driver
AVG Anti-Spyware 7.5
Comcast Rhapsody
Comcast Toolbar
Creative MediaSource
Dell Driver Reset Tool
DellSupport
getPlus(R)_ocx
HijackThis 1.99.1
Hotfix for Windows XP (KB896344)
hp deskjet 3600
hp deskjet 3600 series
HP Memories Disc
HP Photo and Imaging 2.0 - Deskjet Series
HP Update
Image Resizer Powertoy for Windows XP
Intel Application Accelerator
Intel(R) 537EP V9x DF PCI Modem
Internet Explorer Default Page
iTunes
Jasc Paint Shop Pro 8 Dell Edition
Java(TM) 6 Update 2
Macromedia Flash Player
McAfee SecurityCenter
McAfee SpamKiller
Microsoft .NET Framework 1.0 Hotfix (KB887998)
Microsoft .NET Framework 1.0 Hotfix (KB930494)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft Office Excel Viewer 2003
Microsoft Office XP Professional with FrontPage
Microsoft PowerPoint Viewer 97
Modem Event Monitor
Modem Helper
Modem On Hold
Musicmatch® Jukebox
Picture Package
PowerDVD 5.3
QuickTime
RealPlayer Basic
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931768)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933566)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937143)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938829)
Sonic Encoders
Sony USB Driver
Sound Blaster Live! 24-bit
The Weather Channel Desktop
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Update for Windows XP (KB920342)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Viewpoint Media Player
Windows Installer 3.1 (KB893803)
Windows Installer 3.1 (KB893803)
Windows Media Player 10
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
Paul W.
Regular Member
 
Posts: 19
Joined: August 27th, 2007, 3:03 am
Location: Illinois

Unread postby ndmmxiaomayi » September 12th, 2007, 10:09 am

Hello Paul,

Your logs look clean now. :)

Here are some tips to prevent a re-infection.

Re-enable Ad-Aware Ad-Watch

  1. Open Ad-Aware.
  2. Go to the the Ad-Watch interface.
  3. Go to Tools and Options.
  4. At the bottom, you will see two options: Active and Automatic. Check (tick) these two boxes. Click OK to apply the settings.

Flush the system restore points

  1. Right click on My Computer and select Properties.
  2. Select the System Restore tab.
  3. Check (tick) Turn off system restore on all drives box.
  4. Click OK.
  5. Restart your computer.
After restarting your computer, follow these steps:

  1. Right click on My Computer and select Properties.
  2. Select the System Restore tab.
  3. Uncheck (untick) Turn off system restore on all drives box.
  4. Click OK.
  5. Restart your computer.
Note: Do this only ONCE, don't flush it regularly.

Keep your system updated

Microsoft releases patches for Windows and Office products regularly to patch up Windows and Office products loopholes and fix any bugs found. Please ensure that you visit the following websites regularly or do update your system regularly.

Install the updates immediately if they are found. Reboot your computer if necessary, revisit Windows Update and Office update sites until there are no more updates to be installed.

To update Windows

Go to Start > All Programs > Windows Update

To update Office

Open up any Office program.

Go to Help > Check for Updates

Alternatively, you can visit the links below to update Windows and Office products.

Windows Update
Office Update

If you are forgetful, you can change some settings so that you will be
informed of updates. Here's how:

  1. Go to Start > Control Panel > Automatic Updates
  2. Select Automatic (recommended) radio button if you want the updates to be downloaded and installed without prompting you.
  3. Select Download updates for me, but let me chose when to install them radio button if you want the updates to be downloaded automatically but to be installed at another time.
  4. Select Notify me but don't automatically download or install them radio button if you want to be notified of the updates.

Java is another program that updates regularly to fix bug issues and loopholes in it. Here's the instructions for updating Java:

  1. Click here to visit Java's website.
  2. Scroll down to Java Runtime Environment (JRE). Click on Download.
  3. Select Accept License Agreement. The page will refresh.
  4. Click on Windows Offline Installation, Multi-language and save it to a convenient location.
  5. Run this installation to update your Java.
Remember to remove all previous versions of Java when you update it to a new version to prevent exploitation of the older versions left on your system.

Besides Windows and Java that need regular updating, antivirus, anti-spyware and firewall programs update regularly too.

Please make sure that you update your antivirus, firewall and anti-spyware programs at least once a week.

Be careful when opening attachments and downloading files.

  1. Never open email attachments, not even if they are from someone you know. If you need to open them, scan them with your antivirus program before opening.
  2. Never open emails from unknown senders.
  3. Beware of emails that warn about viruses that are spreading, especially those from antivirus vendors. These email addresses can be easily spoofed. Check the antivirus vendor websites to be sure.
  4. Be careful of what you download. Only download files from known sources. Also, avoid cracked programs. If you need a particular program that costs too much for you, try finding free alternatives on Sourceforge or Pricelessware.

Stop malicious scripts

Windows by default allow scripts (which is VBScript and JavaScript) to run and some of these scripts are malicious. Use Noscript by Symantec or Script Defender by AnalogX to handle these scripts.

Backup regularly

You never know when your PC will become unstable or become so infected that you can't recover it. Follow this Microsoft article to learn how to backup. Follow this article by Microsoft to restore your backups.

Alternatively, you can use 3rd-party programs to back up your data. One example can be found at Bleeping Computer.

Make your Internet Explorer safer

For Internet Explorer 6

  1. Open Internet Explorer. Click on Tools > Options.
  2. Click on the Security tab.
  3. Click on the Internet icon.
  4. Click on the Custom Level button.
  5. Under Download signed ActiveX controls, select Prompt.
  6. Under Download unsigned ActiveX controls, select Disable.
  7. Under Initialize and script ActiveX controls not marked as safe, select Disable.
  8. Under Installation of desktop items, select Prompt.
  9. Under Launching programs and files in an IFRAME, select Prompt.
  10. Under Navigate sub-frames across different domains, select Prompt.
  11. Under Allow paste operations via script, select Disable.
  12. Click OK to apply these settings.
  13. If it prompts you as to whether or not you want to save the settings, press the Yes button.
  14. Press OK to exit the Internet Properties page.
For a pictorial guide, please refer to this article.

Avoid P2P

P2P may be a great way to get lots of stuffs, but it is a great way to get infected as well. There's no way to tell if the file being shared is infected. Worse still, some worms spread via P2P networks, infecting you as well. If you do need to use them, use them sparingly. Check this list of clean and infected P2P programs if you need to use one.

Prevent a re-infection

  1. Spyware Blaster
    SpywareBlaster is a program that is used to secure Internet Explorer by making it harder for ActiveX programs to run on your computer. It does this by disabling known offending ActiveX programs from running at all.

    You can download SpywareBlaster from Javacool.

    If you need help in using SpywareBlaster, you can read SpywareBlaster's tutorial at Bleeping Computer.
  2. SpywareGuard
    Just as an antivirus program scans a file for viruses before opening it, SpywareGuard does the same thing, except that it scans it for spywares.

    You can download SpywareGuard from Javacool.

    If you need help in using SpywareGuard, you can SpywareGuard's tutorial at Bleeping Computer.
  3. IE-SPYAD
    IE-SPYAD adds over 5000 sites to your Internet Explorer restricted zone so that you will be protected if the website turns out to be a bad one. Sites that are in the restricted zone of Internet Explorer can't have any scripts ran, no downloads and cookies. However, you can still connect to these sites.

    You can download IE-SPYAD from Spyware Warrior. Be sure to read the whole website carefully for instructions on usage of IE-SPYAD.

    Updates for IE-SPYAD can be found at Castlecops.
  4. Hosts File
    A Hosts file is like a phone book. You look up someone's name in the phone book before calling him/her. Similarly, your PC will look up the website's IP address before you can view the website.

    Hosts file will replace your current Hosts file with another one containing well-known advertisement sites, spyware sites and other bad sites. This new Hosts file will protect you by re-directing these bad sites to 127.0.0.1.

    Here are some Hosts files:

    MVPS Hosts File
    Bluetack's Hosts File
    Bluetack's Host Manager
    hpHosts

    A tutorial about Hosts File can be found at Malware Removal.

    Updates for the Hosts File can be found at Castlecops.
  5. Spybot Search and Destroy
    Spybot Search & Destroy is another program for scanning spywares and adwares. Not only so, it has other preventive options as well. You are strongly encouraged to run a scan at least once per week.

    Spybot Search & Destroy can be downloaded from here.

    If you need help in using Spybot Search & Destroy, you can read Spybot Search and Destroy tutorial at Bleeping Computer.
  6. a-squared Free
    a-squared Free is also another program for scanning spywares and adwares. It doesn't have preventive features like Spybot Search & Destroy though.

    You can download a-squared Free from here.
  7. CounterSpy
    CounterSpy is pretty much like Spybot Search & Destroy, but it isn't free.
    You can try CounterSpy for 15 days.

    Before downloading any anti-spyware programs, always check the Rogue/Suspect list of anti-spyware programs. This will save you from a lot of trouble. If in doubt, don't ever download it.
  8. SiteHound Toolbar
    SiteHound is a toolbar that warns you if you go to a site that is known to scam people, that has potentially lots of viruses or spywares or has questionable contents. If you know the site, you can enter it; if you don't, it will bring you back to the previous page. Currently, SiteHound works for Internet Explorer and Firefox only.
  9. Winpatrol
    Winpatrol is heuristic protection program, meaning it looks for patterns in codes that work like malware. It also takes a snapshot of your system's critical resources and alerts you to any changes that may occur without you knowing. You can read more about Winpatrol's features here.

    You can get a free copy of Winpatrol or use the Plus version for more features.

    You can read Winpatrol's FAQ if you run into problems.


Use an alternative Internet Browser

Many of the exploits are directed to users of Internet Explorer. Try using a different browser instead.

Firefox
Opera
K-Meleon

Use an alternative email client

If you are using Outlook Express as your default email client, try using Thunderbird or Pegasus Mail instead.

Here are some more things to read about:

List of clean and infected download managers
Configuring Skype
Greater email safety
Phishing - what is it?
Configuring Outlook Express
The Unofficial Cookie FAQ
Securing your home wireless network
80 Super Security Tips
The different classes of security softwares
ndmmxiaomayi
MRU Emeritus
MRU Emeritus
 
Posts: 9708
Joined: July 17th, 2006, 9:22 am

Unread postby Paul W. » September 13th, 2007, 10:48 pm

Well it looks like I've got some reading to do. My computer is back to normal, thank you very much. I really appreciate all of your help.
Paul W.
Regular Member
 
Posts: 19
Joined: August 27th, 2007, 3:03 am
Location: Illinois

Unread postby askey127 » September 24th, 2007, 7:26 am

Glad we could be of assistance.

This topic is now closed. If you wish it reopened, please send us an email to 'admin at malwareremoval.com' with a link to your thread.
If you are the topic starter, you will need a valid, working link to the closed topic, along with the user name used.
The user name must match the one in the linked thread linked to avoid having the email deleted.

You can help support this site from this link :
Donations For Malware Removal
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13897
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA
Advertisement
Register to Remove

Previous

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 37 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware