Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Safesurfing key logger/Traffic sector wont go away!!!

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Safesurfing key logger/Traffic sector wont go away!!!

Unread postby italidesign » March 20th, 2006, 5:37 pm

I have Spybot on my computer, Pestpatrol and Adaware on my computer and I have done the necessary scans with them each time i have scanned, delted the files and and rebooted... only to when i open IE the magical green links appear and the key loggers are back on the rescan!!! Ive attached my hijack this log and also my pestpatrol log... this buggers dont know how to give up! I need to take the head off instead of the limbs if you catch my drift because all they seem to do is come back every single time!!! Thanks guys so much!!!


Logfile of HijackThis v1.99.1
Scan saved at 4:27:54 PM, on 3/20/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\Rundll32.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\PestPatrol\PPMemCheck.exe
C:\PestPatrol\PPControl.exe
C:\PestPatrol\CookiePatrol.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Microsoft Broadband Networking\MSBNTray.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Documents and Settings\Mom\Desktop\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: web compressor - {23FB5ADD-DA37-4a40-9FC0-B0E2384CDE92} - C:\WINDOWS\system32\nsm6B.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: RieMon Class - {70F6A776-579A-4C95-BA88-134253907752} - C:\WINDOWS\system32\irsmldfw.dll (file missing)
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [PPMemCheck] C:\PestPatrol\PPMemCheck.exe
O4 - HKLM\..\Run: [PestPatrol Control Center] C:\PestPatrol\PPControl.exe
O4 - HKLM\..\Run: [CookiePatrol] C:\PestPatrol\CookiePatrol.exe
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Broadband Networking.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar V35\ViewBar.dll/CXTSEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://click.getmirar.com (HKLM)
O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader Object) - http://www.miniclip.com/platypus/miniclipGameLoader.dll
O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} (WebGameLoader Class) - http://www.shockwave.com/content/ricoch ... Loader.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {9AC54695-69A4-46F1-BE10-10C74F9520D5} - http://cabs.elitemediagroup.net/cabs/mediaview.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.shockwave.com/content/heavyw ... der_v6.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe


Pest Patrol Log

Scan of 03/20/2006 4:19:57 PM
Pests found: 6
Area scanned: C:
Volume Name:
File System Name: NTFS
Volume Serial No: 1680960057
Windows Version: Windows XP
Product Edition: Corporate
PestPatrol.exe: 12/27/2004 4.4.4.81
PPClean.exe: 03/17/2006 4.5.9.156
Pest Database: 03/17/2006
PestPatrolCL.exe: 12/15/2004 4.4.4.80

Pest: SafeSurfing
Pest Info: Category: Key Logger Release Date: 6/9/2005 0:00:00 Background Info: Click here
File Info: In File: C:\Documents and Settings\Michael\Local Settings\Temp\mndcntas.tmp PVT: 1980470481 MD5: 03f45e0b9f6a90cd604e4a511112eff2 Date: 02/12/2006 12:09:04 PM File Analysis: Look up with MD5 (recommended) or PVT.
Certainty: Confirmed Threatens: Confidentiality, Integrity, Availability, Liability Risk: Low. Advice: Delete
Action: Ignored
~~~
Pest: SafeSurfing
Pest Info: Category: Key Logger Release Date: 6/9/2005 0:00:00 Background Info: Click here
File Info: In File: C:\Documents and Settings\Mom\Local Settings\Temp\mndcntas.tmp PVT: 1980470481 MD5: 03f45e0b9f6a90cd604e4a511112eff2 Date: 03/16/2006 7:17:16 PM File Analysis: Look up with MD5 (recommended) or PVT.
Certainty: Confirmed Threatens: Confidentiality, Integrity, Availability, Liability Risk: Low. Advice: Delete
Action: Ignored
~~~
Pest: TrafficSector
Pest Info: Category: Browser Helper Object Author: http://www.trafficsector.com Release Date: 1/1/2005 0:00:00 Background Info: Click here
File Info: In File: C:\Documents and Settings\Mom\Local Settings\Temp\ts_b2search_0303.exe PVT: -636158537 MD5: 34cb9354f1d9d98ed6ed629c8e6408e0 Date: 03/17/2006 12:59:44 AM File Analysis: Look up with MD5 (recommended) or PVT.
Certainty: Confirmed Threatens: Liability Risk: Moderate - this file can be executed! Advice: Delete
Action: Ignored
~~~
Pest: SafeSurfing
Pest Info: Category: Key Logger Release Date: 6/9/2005 0:00:00 Background Info: Click here
File Info: In File: C:\WINDOWS\system32\irismon.dll PVT: 1679581175 MD5: 34b2b0f264ebfcbb379dba8ff75d681c Date: 03/16/2006 7:17:12 PM Company Name: File Description: irismon dll File Version: 1, 14, 0, 1 Internal Name: irismon.dll Legal Copyright: Copyright © 2005 Original Filename: irismon.dll Product Version: 1, 14, 0, 0 File Analysis: Look up with MD5 (recommended) or PVT.
Certainty: Confirmed Threatens: Confidentiality, Integrity, Availability, Liability Risk: Moderate - this file can be executed! Advice: Delete
Action: Ignored
~~~
Pest: SafeSurfing
Pest Info: Category: Key Logger Release Date: 6/9/2005 0:00:00 Background Info: Click here
File Info: In File: C:\WINDOWS\system32\irsmldfw.dll PVT: 912569897 MD5: 1fed856606b6cd003b4f95f23f97129c Date: 03/16/2006 7:17:14 PM File Description: RieMon Module File Version: 2, 18, 0, 3 Internal Name: RieMon Legal Copyright: RieMon LLC, Copyright 2005 Original Filename: RieMon.DLL Product Name: RieMon Module Product Version: 2, 18, 0, 0 File Analysis: Look up with MD5 (recommended) or PVT.
Certainty: Confirmed Threatens: Confidentiality, Integrity, Availability, Liability Risk: Moderate - this file can be executed! Advice: Delete
Action: Ignored
~~~
Pest: SafeSurfing
Pest Info: Category: Key Logger Release Date: 6/9/2005 0:00:00 Background Info: Click here
File Info: In File: C:\WINDOWS\system32\irssyncd.exe PVT: 1980470481 MD5: 03f45e0b9f6a90cd604e4a511112eff2 Date: 03/16/2006 7:17:16 PM File Analysis: Look up with MD5 (recommended) or PVT.
Certainty: Confirmed Threatens: Confidentiality, Integrity, Availability, Liability Risk: Moderate - this file can be executed! Advice: Delete
Action: Ignored
~~~
italidesign
Active Member
 
Posts: 3
Joined: March 20th, 2006, 5:32 pm
Advertisement
Register to Remove

Unread postby SpotCheckBilly » March 20th, 2006, 9:40 pm

Hello italidesign,

Welcome to the MWR forums. 8)

Let's see if we can get you fixed up.

We need to temporarily disable Spybot S&D "Tea Timer" as it may interfere with the fix. Please do the following:

1. Run Spybot-S&D
2. Go to the Mode menu, and make sure "Advanced Mode" is selected
3. On the left hand side, choose Tools -> Resident
4. Uncheck "Resident TeaTimer" and OK any prompts.

Please download ATFCleaner by Atribune©

Double-click ATF-Cleaner.exe to run the program.
  • Under Main choose: Select All
  • Click the Empty Selected button.
If you use Firefox and/or Opera browser
  • Click Firefox at the top and choose: Select All
  • Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit von the Main menu to close the program.

Note: For Technical Support, double-click the e-mail address located at the bottom of each menu.

Please download the NEW free version of Ewido Trojan Scanner
  • Install ewido security suite
  • When installing, under "Additional Options" uncheck
    • "Install background guard"
    • "Install scan via context menu."
  • Launch ewido, there should be a big "E" icon on your desktop, double-click it.
  • The program will prompt you to update click the "OK" button
  • The program will now go to the main screen

    You will need to update ewido to the latest definition files.
    • On the left hand side of the main screen click update
    • Click on Start
  • The update will start and a progress bar will show the updates being installed. After the updates are installed, exit ewido.

    If you are having problems with the updater, you can use this link to manually update ewido.
    Ewido manual updates

    Once the updates are installed do the following:
  • If you have an "always on" connection to the internet, physically disconnect that connection until you are finished with Safe Mode and have rebooted back into normal mode.
  • Reboot into Safe Mode, you can do this by restarting your computer, then contiunally tapping F8 until a menu appears. Use your up arrow key to highlight Safe Mode, then hit enter. Then, run ewido.
  • Close all open windows/programs/folders. Have nothing else open while ewido performs its scan!
  • Click on scanner
  • Click on Settings
    • Under "How to scan" all boxes should be selected
    • Under "Possibly unwanted software" all boxes should be selected
    • Under "What to scan" select scan every file
    • Click OK
  • Click on Complete system scan
  • Let the program scan the machine
  • If ewido finds anything, it will pop up a notification. NOTE: We have been finding some cases of false positives with the new version of Ewido, so we need to step through the fixes one-by-one. If Ewido finds something that you KNOW is legitimate (for example, parts of AVG Antivirus, AOL, pcAnywhere and the game "Risk" have been flagged. In particular, watch for alerts that have the word "Heuristic" in them - if you recognize the file name as "friendly," these may actually be false positives) select "none" as the action. DO NOT check "Perform action with all infections." If you are unsure of an entry, select "none" for the time being. I'll see that in the log you will post later and let you know if ewido needs to be run again.

    Once the scan has completed, there will be a button located on the bottom of the screen named Save report.
  • Click Save report
  • Save the report to your desktop
  • Exit ewido
Run HiJackThis and click "Scan", then check(tick) the following, if present:

R3 - Default URLSearchHook is missing

O2 - BHO: web compressor - {23FB5ADD-DA37-4a40-9FC0-B0E2384CDE92} - C:\WINDOWS\system32\nsm6B.dll
O2 - BHO: RieMon Class - {70F6A776-579A-4C95-BA88-134253907752} - C:\WINDOWS\system32\irsmldfw.dll (file missing)

O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar V35\ViewBar.dll/CXTSEARCH.HTML

O15 - Trusted Zone: http://click.getmirar.com (HKLM)
O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)

O16 - DPF: {9AC54695-69A4-46F1-BE10-10C74F9520D5} - http://cabs.elitemediagroup.net/cabs/mediaview.cab

With all windows closed except HiJackThis, click "Fix checked".

From "Safe Mode", (Reboot if necessary.) locate and delete the following item(s), if present. Make sure you're able to view system and hidden files/ folders:

To show hidden files :

1. Click Start=>Control Panel=>Folder Options=>View tab.
2. Select "Show hidden files and folders"
3. Clear the check mark in "Hide protected operating system files"=>Yes[/color] to confirm.
4. Click Apply=>OK.
5. Close Control Panel.

folders...

C:\Program Files\Viewpoint

files...

C:\WINDOWS\system32\nsm6B.dll
C:\WINDOWS\system32\irismon.dlll
C:\WINDOWS\system32\irsmldfw.dlll
C:\WINDOWS\system32\irssyncd.exel

Note that some of these file(s) may not be present.

In your next reply, please include:
1. The results from the ewido scan.
2. A fresh HijackThis log. :wave:

SpotCheckBilly
User avatar
SpotCheckBilly
MRU Master
MRU Master
 
Posts: 943
Joined: February 22nd, 2005, 5:14 am
Location: Twin Cities, MN

Unread postby italidesign » March 20th, 2006, 10:56 pm

ty for the warm welcome

here is the results of the ewido scan:



---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 9:37:22 PM, 3/20/2006
+ Report-Checksum: 4ED32383

+ Scan result:

C:\AgeOfCastles_Setup-dm.exe -> Adware.Trymedia : Cleaned with backup
C:\AntWar_Setup-dm.exe -> Adware.Trymedia : Cleaned with backup
:mozilla.6:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\j6mqksyl.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.7:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\j6mqksyl.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.10:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\j6mqksyl.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.11:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\j6mqksyl.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.12:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\j6mqksyl.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.30:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\j6mqksyl.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup
:mozilla.31:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\j6mqksyl.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.32:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\j6mqksyl.default\cookies.txt -> TrackingCookie.Revenue : Cleaned with backup
:mozilla.33:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\j6mqksyl.default\cookies.txt -> TrackingCookie.Revenue : Cleaned with backup
:mozilla.34:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\j6mqksyl.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.35:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\j6mqksyl.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.36:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\j6mqksyl.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.37:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\j6mqksyl.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.38:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\j6mqksyl.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.39:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\j6mqksyl.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.40:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\j6mqksyl.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
:mozilla.41:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\j6mqksyl.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
:mozilla.42:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\j6mqksyl.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
:mozilla.43:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\j6mqksyl.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
:mozilla.44:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\j6mqksyl.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
:mozilla.45:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\j6mqksyl.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned with backup
:mozilla.46:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\j6mqksyl.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned with backup
:mozilla.47:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\j6mqksyl.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
:mozilla.48:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\j6mqksyl.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
:mozilla.49:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\j6mqksyl.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
:mozilla.50:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\j6mqksyl.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
:mozilla.54:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\j6mqksyl.default\cookies.txt -> TrackingCookie.Centrport : Cleaned with backup
:mozilla.55:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\j6mqksyl.default\cookies.txt -> TrackingCookie.Centrport : Cleaned with backup
:mozilla.56:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\j6mqksyl.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.57:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\j6mqksyl.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.58:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\j6mqksyl.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.59:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\j6mqksyl.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.60:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\j6mqksyl.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.65:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\j6mqksyl.default\cookies.txt -> TrackingCookie.Coremetrics : Cleaned with backup
:mozilla.72:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\j6mqksyl.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup
:mozilla.73:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\j6mqksyl.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup
:mozilla.74:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\j6mqksyl.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.75:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\j6mqksyl.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.78:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\j6mqksyl.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup
:mozilla.79:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\j6mqksyl.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.80:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\j6mqksyl.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.81:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\j6mqksyl.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.82:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\j6mqksyl.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.83:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\j6mqksyl.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.86:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\j6mqksyl.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned with backup
:mozilla.89:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\j6mqksyl.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.91:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\j6mqksyl.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup
:mozilla.95:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\j6mqksyl.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.96:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\j6mqksyl.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.97:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\j6mqksyl.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.98:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\j6mqksyl.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.110:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\j6mqksyl.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.111:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\j6mqksyl.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.112:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\j6mqksyl.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.113:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\j6mqksyl.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.114:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\j6mqksyl.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.116:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\j6mqksyl.default\cookies.txt -> TrackingCookie.Targetnet : Cleaned with backup
:mozilla.117:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\j6mqksyl.default\cookies.txt -> TrackingCookie.Targetnet : Cleaned with backup
:mozilla.133:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\j6mqksyl.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.136:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\j6mqksyl.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup
:mozilla.160:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\j6mqksyl.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.161:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\j6mqksyl.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.162:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\j6mqksyl.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.163:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\j6mqksyl.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.167:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\j6mqksyl.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup
:mozilla.168:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\j6mqksyl.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup
C:\Downloads\AntWar_Setup-dm[1].exe -> Adware.Trymedia : Cleaned with backup


::Report End







Hijiack This



Logfile of HijackThis v1.99.1
Scan saved at 9:53:52 PM, on 3/20/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\Rundll32.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\PestPatrol\PPMemCheck.exe
C:\PestPatrol\PPControl.exe
C:\PestPatrol\CookiePatrol.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\Microsoft Broadband Networking\MSBNTray.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Mom\Desktop\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [PPMemCheck] C:\PestPatrol\PPMemCheck.exe
O4 - HKLM\..\Run: [PestPatrol Control Center] C:\PestPatrol\PPControl.exe
O4 - HKLM\..\Run: [CookiePatrol] C:\PestPatrol\CookiePatrol.exe
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Broadband Networking.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} (WebGameLoader Class) - http://www.shockwave.com/content/ricoch ... Loader.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.shockwave.com/content/heavyw ... der_v6.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
italidesign
Active Member
 
Posts: 3
Joined: March 20th, 2006, 5:32 pm

Unread postby SpotCheckBilly » March 21st, 2006, 4:31 am

Hello italidesign,

Things are looking pretty good. 8)

Run HiJackThis and click "Scan", then check(tick) the following, if present:

The following are OPTIONAL fixes. They are either known resource hogs or can be launched manually when needed. Disabling them may improve overall system performance.

O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE


With all windows closed except HiJackThis, click "Fix checked".

The best news of all:

Congratulations! Your log looks clean - good work!

Below is my standard "Final Cleanup" and "All Clean" speech. Included in it are tips on how to keep your computer from being reinfected. They are simple to set up and simple to maintain, and I HIGHLY recommend that you follow them. (I use every one.)

Download, install and run Cleanup! from Steven Gould, then:

1. Click "Cleanup!"

(wait for the program to finish scanning your system, and selecting files to be removed.)

2. Exit the program and reboot the computer, if necessary.

For more information about using Cleanup! see here.

If everything is running ok, let's do the final cleanup...

1. Run "Disk Cleanup" and allow it to remove everything it finds.

2. If you've downloaded MicroWorld AV (MWAV), run it again - but don't scan, just click "Clear Log" and exit the program.

Please skip this step 3. Go to www.trendmicro.com and click "Free Online Scan", then "Scan now, it's free!". Follow on-screen prompts.

4. Disable, then reenable System Restore; with a reboot in-between. Then immediately create a new system restore point manually.

Here are some tips, to reduce the potential for spyware infection in the future, I strongly recommend installing the following applications:
  • Spywareblaster => SpywareBlaster will prevent spyware from being installed.
  • Spywareguard => SpywareGuard offers realtime protection from spyware installation attempts.
  • How to use Ad-Aware to remove Spyware => If you suspect that you have spyware installed on your computer, here are instructions on how to download, install and then use Ad-Aware.
  • How to use Spybot to remove Spyware => If you suspect that you have spyware installed on your computer, here are instructions on how to download, install and then use Spybot. Similar to Ad-Aware, I strongly recommend both to catch most spyware
To protect yourself further:
  • IE/Spyad => IE/Spyad places over 4000 websites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites.
  • MVPS Hosts file => The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer.
  • Google Toolbar => Get the free google toolbar to help stop pop up windows.
  • Use a Firewall => I can not stress enough how important it is that you use a Firewall on your computer. For an excellent article on Firewalls, why you should use one and a some of those available, see Computer Safety On line - Software Firewalls. I recommend ZoneAlarm or Sunbelts Kerio. ZoneAlarm is more user-friendly, but Sunbelts Kerio is considered more secure.
  • UPDATE!-UPDATE!-UPDATE! => This is, without a doubt, THE MOST IMPORTANT element in keeping your computer free of malware. Keep each and every one of your anti-malware tools AND Windows up-to-date with all current definitions and patches.
I also suggest that you delete your temporary files by deleting all files and folders that are in those folders (do not delete the temp folder itself), for example:
  • C:\WINDOWS\Temp\--->Everything After the \.
  • C:\Temp\--->Everything After the \.
  • C:\Documents and Settings\username\Local Settings\Temp\--->Everything After the \.
  • Repeat for all users.
Also delete your Temporary Internet Files and use the ATFCleaner that your downloaded earlier to delete all of the cookies in Mozilla Firefox:
  • Click Start=>Control Panel=>Internet options.
  • Under the Generaltab.
  • Click Delete Files button.
  • Place a check-mark in Delete all off-line content.
  • Click OK=>OK
  • Exit Control Panel
  • Repeat for all users.
Empty the recycle bin:
  • Right-click the Recycle Bin icon on your desktop.
  • Select "Empty Recycle Bin".
  • Repeat forall users.
Note: You can also do the above steps using a program such as Cleanup! from Steven Gould or CCleaner.These steps should be done on a regular basis.

Also, please see: So how did I get infected in the first place?

if you have any other concerns, please don't hesitate to ask. :wave:

SpotCheckBilly
User avatar
SpotCheckBilly
MRU Master
MRU Master
 
Posts: 943
Joined: February 22nd, 2005, 5:14 am
Location: Twin Cities, MN

Unread postby italidesign » March 21st, 2006, 3:54 pm

Thank you so much for your help! You have saved my computer and my personal information!!!! Again I can't thank you enough I was gonna rebuild the whole thing over again.

Take care.
italidesign
Active Member
 
Posts: 3
Joined: March 20th, 2006, 5:32 pm

Unread postby SpotCheckBilly » March 21st, 2006, 5:51 pm

You are very welcome. 8) I'm glad that I could help. That's what we're here for. :wave:

SpotCheckBilly
User avatar
SpotCheckBilly
MRU Master
MRU Master
 
Posts: 943
Joined: February 22nd, 2005, 5:14 am
Location: Twin Cities, MN

Unread postby Nellie2 » March 21st, 2006, 6:26 pm

Glad we could be of assistance.

This topic is now closed. If you wish it reopened, please send us an email to 'admin at malwareremoval.com' with a link to your thread.

The help you receive here is free but you can help support this site from this link if you wish:
Donations For Malware Removal

Do not bother contacting us if you are not the topic starter. A valid, working link to the closed topic is required along with the user name used.
If the user name does not match the one in the thread linked, the email will be deleted

Please take the time to tell us what you would like to be done about the people who are behind all the problems you have had. We can only get something done about this if the people that we help, like you, are prepared to complain. We have a dedicated forum for collecting these complaints Malware Complaints, you do not have to be registered to post.. just find your country room and register your complaint.
The infection you had was ......
User avatar
Nellie2
Administrator Emeritus
 
Posts: 8737
Joined: December 16th, 2004, 5:01 pm
Location: UK
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 14 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware