Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

HJT LOg

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

HJT LOg

Unread postby jasonbuchanan83 » January 8th, 2007, 5:00 pm

Sorry this is a repost i don't know if I did this right the first time....i'm getting messenger service pop ups saying my registry is infected. they come 2 or 3 every 5-10 minutes

running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\BitTorrent\bittorrent.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp/ ... ch/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp/ ... .yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/ ... .yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O1 - Hosts: 216.19.0.250 idenupdate.motorola.com
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [masqform.exe] C:\Program Files\PureEdge\Viewer 6.5\masqform.exe -RunOnce
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O12 - Plugin for .xfd: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://symantec.atgnow.com/sdccommon/do ... gctlsi.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 2433963400
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
jasonbuchanan83
Active Member
 
Posts: 9
Joined: January 8th, 2007, 4:40 pm
Advertisement
Register to Remove

Unread postby Navigator » January 8th, 2007, 8:52 pm

Hello jason...welcome to malware removal!

You cut off the 'top' portion of the HJT log which contains some important system information...please make sure all future HJT logs you post are complete.

I do not see anything particularly bothersome in your HJT log....can you give me more information about the 'warnings' such as from what site they are coming from or any other information?

Sometimes malware can hide from HJT...so let's do this:

Navigate to this file in Windows explorer by right-clicking start and selecting explore...then navigate to this file: C:\Program Files\HijackThis\HijackThis.exe and right-click on it to select it, and chose rename. Rename the file to analyzethis.exe.

After renaming the file, double-click on it to run the 'renamed' HJT program and produce a log...copy and paste it here in your next reply...this will tell us if the malware is 'hiding' from HJT.
User avatar
Navigator
MRU Honors Grad Emeritus
 
Posts: 1237
Joined: December 21st, 2005, 8:35 pm
Location: Missouri

Unread postby jasonbuchanan83 » January 9th, 2007, 12:24 am

thank you for your help.....

Logfile of HijackThis v1.99.1
Scan saved at 10:23:10 PM, on 1/8/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis\analyzethis.exe.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp/ ... ch/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp/ ... .yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/ ... .yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O1 - Hosts: 216.19.0.250 idenupdate.motorola.com
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [masqform.exe] C:\Program Files\PureEdge\Viewer 6.5\masqform.exe -RunOnce
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O12 - Plugin for .xfd: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://symantec.atgnow.com/sdccommon/do ... gctlsi.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 2433963400
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
jasonbuchanan83
Active Member
 
Posts: 9
Joined: January 8th, 2007, 4:40 pm

Unread postby jasonbuchanan83 » January 9th, 2007, 12:28 am

The messages come in a box from "messenger service" that reads: your computer may be at risk, or your computer has been infected, etc....they always list a website for me to go to such as msreg.com,winreg.com etc.....
jasonbuchanan83
Active Member
 
Posts: 9
Joined: January 8th, 2007, 4:40 pm

Unread postby Navigator » January 9th, 2007, 12:48 am

I still do not see any evidence of malware in your log....

This sounds like a Windows Messenger security vulnerabilty, which is turned off automatically with the SP2 upgrade (which you do not have installed....yet).

To remove the ability for anyone in the world to pop up messages on your computer, you can disable the Messenger service.

    1. Click Start->Settings ->Control Panel
    2. Click Administrative Tools
    3. Double click Services
    4. Scroll down and highlight "Messenger"
    5. Right-click the highlighted line and choose Properties
    6. Click the STOP button
    7. Select Disable or Manual in the Startup Type scroll bar Click OK


See if this works...post back and let me know how things are going...we will need to upgrade to SP2 at the least.
User avatar
Navigator
MRU Honors Grad Emeritus
 
Posts: 1237
Joined: December 21st, 2005, 8:35 pm
Location: Missouri

Unread postby jasonbuchanan83 » January 9th, 2007, 1:29 am

I did that and we will see what happens in a few...what is the "daemon???" in my registry....
jasonbuchanan83
Active Member
 
Posts: 9
Joined: January 8th, 2007, 4:40 pm

Unread postby Navigator » January 9th, 2007, 9:56 am

jasonbuchanan83 wrote:I did that and we will see what happens in a few...what is the "daemon???" in my registry....


I have no idea...you'll have to be much more specific with information about the registry entry.

Have the security warnings stopped?

We need to get your Windows XP updated to SP2, but we should make sure your computer is 'clean' before we do that...I believe it is, based on the HJT log, but let's check an online scan to see what it finds, update your Java and look at an unistall list too:

1. Update Java and Remove old Java Versions
  • Download the latest version of Java Runtime Environment (JRE) 6.<== scroll down the list to find THIS entry
  • Click the "Download" button to the right.
  • Check the box that says: "Accept License Agreement".
  • The page will refresh.
  • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
Remove older Java Versions:
  • Close any programs you may have running - especially your web browser.
  • Go to Start >> Control Panel double-click on Add/Remove Programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
Install latest Java Version:
  • From your desktop, double-click on jre-6-windows-i586.exe to install the newest version.

2. Open HijackThis, click Open Misc Tools
Click "Open Uninstall Manager"
Click "Save List" (generates uninstall_list.txt)
Click Save, copy and paste the results in your next post.

3. Please go HERE to run Panda's ActiveScan
  • Once you are on the Panda site click the Scan your PC button
  • A new window will open...click the Check Now button
  • Enter your Country
  • Enter your State/Province
  • Enter your e-mail address and click send
  • Select either Home User or Company
  • Click the big Scan Now button
  • If it wants to install an ActiveX component allow it
  • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  • When download is complete, click on My Computer to start the scan
  • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report
User avatar
Navigator
MRU Honors Grad Emeritus
 
Posts: 1237
Joined: December 21st, 2005, 8:35 pm
Location: Missouri

Unread postby jasonbuchanan83 » January 9th, 2007, 11:57 am

I'm not getting anymore popups but i'm still going to follow your directions.....
jasonbuchanan83
Active Member
 
Posts: 9
Joined: January 8th, 2007, 4:40 pm

Unread postby jasonbuchanan83 » January 9th, 2007, 12:17 pm

1Click DVD Copy Pro 2.1.0.5
Adobe Acrobat 5.0
Adobe Flash Player 9 ActiveX
Adobe Reader 7.0.8
Adobe Shockwave Player
Adobe® Photoshop® Album Starter Edition 3.0
AnyDVD
AppCore
AV
BitTorrent 5.0.1
ccCommon
Comcast High-Speed Internet Install Wizard
Creative MediaSource
Creative Zen Touch
dBpowerAMP Music Converter
dBpowerAMP WMA V9.1 Codec
EuroTalk Talk Now Plus!
GdiplusUpgrade
Google Earth
HarryThompson.com - Webjal Patcher
HijackThis 1.99.1
HP Extended Capabilities 4.7
HP Image Zone 4.7
HP PSC & OfficeJet 4.7
HP Software Update
InterActual Player
Java(TM) SE Runtime Environment 6
LimeWire 4.10.9
LiveUpdate 3.1 (Symantec Corporation)
Microsoft .NET Framework 1.1
Microsoft ActiveSync 3.8
Microsoft Office 2000 Small Business
Microsoft Office PowerPoint Viewer 2003
Microsoft Office XP Media Content
MSRedist
Nero Suite
Norton AntiVirus
Norton Confidential Browser Component
Norton Confidential Web Protection Component
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security (Symantec Corporation)
Norton Protection Center
NVIDIA Drivers
PCI Audio Driver
Philips PSC705 V1.89 Update Driver (ENG)
PowerDVD
PureEdge Viewer 6.5
QuickTime
Roxio Easy Media Creator 7 Basic VCD Edition
SPBBC 32bit
SureThing CD Labeler 4 SE
SymNet
Windows Installer 3.1 (KB893803)
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix - KB822603
Yahoo! Anti-Spy
Yahoo! extras
Yahoo! Install Manager
Yahoo! Internet Mail
Yahoo! Messenger
Yahoo! Toolbar
jasonbuchanan83
Active Member
 
Posts: 9
Joined: January 8th, 2007, 4:40 pm

here u go

Unread postby jasonbuchanan83 » January 9th, 2007, 3:05 pm

Incident Status Location

Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Elexia\Cookies\elexia@2o7[1].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Elexia\Cookies\elexia@ad.yieldmanager[1].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Elexia\Cookies\elexia@adrevolver[1].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Elexia\Cookies\elexia@adrevolver[2].txt
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Elexia\Cookies\elexia@ads.pointroll[2].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Elexia\Cookies\elexia@advertising[2].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Elexia\Cookies\elexia@atdmt[2].txt
Spyware:Cookie/Azjmp Not disinfected C:\Documents and Settings\Elexia\Cookies\elexia@azjmp[1].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Elexia\Cookies\elexia@doubleclick[1].txt
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Elexia\Cookies\elexia@fastclick[1].txt
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Elexia\Cookies\elexia@hitbox[2].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Elexia\Cookies\elexia@mediaplex[1].txt
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Elexia\Cookies\elexia@overture[1].txt
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Elexia\Cookies\elexia@questionmarket[2].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Elexia\Cookies\elexia@realmedia[1].txt
Spyware:Cookie/Target Not disinfected C:\Documents and Settings\Elexia\Cookies\elexia@target[2].txt
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Elexia\Cookies\elexia@trafficmp[1].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Elexia\Cookies\elexia@tribalfusion[2].txt
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Guest\Cookies\guest@2o7[2].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Guest\Cookies\guest@ad.yieldmanager[1].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Guest\Cookies\guest@adrevolver[1].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Guest\Cookies\guest@adrevolver[3].txt
Spyware:Cookie/AdDynamix Not disinfected C:\Documents and Settings\Guest\Cookies\guest@ads.addynamix[1].txt
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Guest\Cookies\guest@ads.pointroll[2].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Guest\Cookies\guest@advertising[1].txt
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Guest\Cookies\guest@apmebf[2].txt
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Guest\Cookies\guest@as-us.falkag[1].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Guest\Cookies\guest@atdmt[2].txt
Spyware:Cookie/Azjmp Not disinfected C:\Documents and Settings\Guest\Cookies\guest@azjmp[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Guest\Cookies\guest@belnk[1].txt
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\Guest\Cookies\guest@bluestreak[1].txt
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Guest\Cookies\guest@c5.zedo[2].txt
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Guest\Cookies\guest@casalemedia[2].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Guest\Cookies\guest@dist.belnk[2].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Guest\Cookies\guest@doubleclick[2].txt
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Guest\Cookies\guest@fastclick[2].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Guest\Cookies\guest@mediaplex[1].txt
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Guest\Cookies\guest@overture[1].txt
Spyware:Cookie/QkSrv Not disinfected C:\Documents and Settings\Guest\Cookies\guest@qksrv[2].txt
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Guest\Cookies\guest@questionmarket[2].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Guest\Cookies\guest@realmedia[2].txt
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Guest\Cookies\guest@statcounter[2].txt
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Guest\Cookies\guest@trafficmp[2].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Guest\Cookies\guest@tribalfusion[1].txt
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Guest\Cookies\guest@zedo[2].txt
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Jason\Cookies\jason@2o7[1].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Jason\Cookies\jason@ad.yieldmanager[1].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Jason\Cookies\jason@adrevolver[2].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Jason\Cookies\jason@adrevolver[3].txt
Spyware:Cookie/AdDynamix Not disinfected C:\Documents and Settings\Jason\Cookies\jason@ads.addynamix[1].txt
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Jason\Cookies\jason@ads.pointroll[2].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Jason\Cookies\jason@advertising[1].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Jason\Cookies\jason@atdmt[2].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Jason\Cookies\jason@bs.serving-sys[2].txt
Spyware:Cookie/Ccbill Not disinfected C:\Documents and Settings\Jason\Cookies\jason@ccbill[1].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Jason\Cookies\jason@doubleclick[2].txt
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Jason\Cookies\jason@ehg-dig.hitbox[2].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Jason\Cookies\jason@mediaplex[1].txt
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Jason\Cookies\jason@microsoftwga.112.2o7[1].txt
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Jason\Cookies\jason@questionmarket[2].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Jason\Cookies\jason@serving-sys[1].txt
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Jason\Cookies\jason@statcounter[1].txt
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Jason\Cookies\jason@statse.webtrendslive[2].txt
Spyware:Cookie/Target Not disinfected C:\Documents and Settings\Jason\Cookies\jason@target[1].txt
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Jason\Cookies\jason@zedo[1].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Jason\Local Settings\Temp\Cookies\jason@atdmt[1].txt
Spyware:Cookie/2o7 Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq16F.tmp
Spyware:Cookie/Adtech Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq170.tmp
Spyware:Cookie/PointRoll Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq173.tmp
Spyware:Cookie/RealMedia Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq174.tmp
Spyware:Cookie/Serving-sys Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq175.tmp
Spyware:Cookie/WebtrendsLive Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq176.tmp
Spyware:Cookie/Advertising Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq593B.tmp
Spyware:Cookie/Atlas DMT Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq593C.tmp
Spyware:Cookie/Bluestreak Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq593D.tmp
Spyware:Cookie/Doubleclick Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq593E.tmp
Spyware:Cookie/Mediaplex Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq593F.tmp
Spyware:Cookie/QuestionMarket Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq5940.tmp
jasonbuchanan83
Active Member
 
Posts: 9
Joined: January 8th, 2007, 4:40 pm

Unread postby Navigator » January 9th, 2007, 11:30 pm

Hello again jason....

OK....All Panda found were some cookies which we will clean/delete in a minute, and I don't see much in the uninstall list except for the P2P/file sharing applications. Since your computer now appears to be clean, you really should update WindowsXP to SP2.

1. While it is not my place to tell you what to do, you have P2P/file sharing programs installed on your computer. P2p apps like it are the largest source of malware we see. Some of the programs come bundled with malware, and others invite it onto your system when downloading. You'll be doing yourself a favor by removing them.

References for the risk of these programs are here: http://www.microsoft.com/windows/ie/com ... ction.mspx here: http://www.techweb.com/wire/160500554 and here: http://www.internetworldstats.com/articles/art053.htm

I would recommend that you uninstall LimeWire and Bit Torrent, however that choice is up to you. If you choose to remove these programs, you can do so via Control Panel >> Add or Remove Programs.

2. Clear IE's Cookies and Cache

  • Close all instances of Outlook Express and Internet Explorer.
  • Go to Control Panel » Internet Options » General tab.
  • Click Delete Cookies.
  • Next to it, Click the Delete Files button.
  • When prompted, place a check in: Delete all offline content, click OK.

Clear Firefox' Cookies

  • Open Firefox.
  • Click Tools » Options.
  • Click the Privacy tab, then the Cookies tab.
  • Click the Clear Cookies Now button.
  • Then click OK to exit.

Clean Temporary Files

  • Go to Start » Run » type: cleanmgr » OK.
  • Choose (C: ) and then click OK.
  • Make sure these are the only ones that are checked :

    • Temporary Internet Files
    • Temporary Files
    • Recycle Bin
  • Click OK to remove them.
  • Click Yes to confirm the deletion.


3. Go here, follow hte directions and update your OS with the latest security patches...without SP2, you are more vulnerable to infection/security threats:

http://www.microsoft.com/windowsxp/sp2/default.mspx

After the above, let me know that all is still well with your system and we can finish up.
User avatar
Navigator
MRU Honors Grad Emeritus
 
Posts: 1237
Joined: December 21st, 2005, 8:35 pm
Location: Missouri

Unread postby jasonbuchanan83 » January 9th, 2007, 11:56 pm

everything is well :lol:
jasonbuchanan83
Active Member
 
Posts: 9
Joined: January 8th, 2007, 4:40 pm

Unread postby Navigator » January 10th, 2007, 12:01 am

jasonbuchanan83 wrote:everything is well :lol:


Great! :D

Your HJT appears clean and I'm glad your system is running well with out problems!

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:
  • THIS IS IMPORTANT! - If you are using Windows XP then you should reset system restore to make sure there are no infected files found in a restore point and that you have a clean restore point should you need one!

    Now let's reset your restore points.

    Click Start Menu >> All Programs >> Accessories >> System Tools >> SystemRestore

    Press OK. Choose 'Create a Restore Point' then Next. Name it and press 'Create' then when the confirmation screen shows the restore point has been created click 'Close'.

    Next go to Start Menu >> Run, then type:

    cleanmgr


    click OK, when Disk Cleanup opens go to the 'More Options' tab and press 'Cleanup' on the system restore area which will remove all the restore points except the one we just created. To close Disk Cleanup and remove the Temporary Internet Files detected in the initial scan click OK then choose Yes on the confirmation window.

  • Make your Internet Explorer more secure - This can be done by following these simple instructions:
    • From within Internet Explorer click on the Tools menu and then click on Options.
    • Click once on the Security tab
    • Click once on the Internet icon so it becomes highlighted.
    • Click once on the Custom Level button.
      • Change the Download signed ActiveX controls to Prompt
      • Change the Download unsigned ActiveX controls to Disable
      • Change the Initialize and script ActiveX controls not marked as safe to Disable
      • Change the Installation of desktop items to Prompt
      • Change the Launching programs and files in an IFRAME to Prompt
      • Change the Navigate sub-frames across different domains to Prompt
    • When all these settings have been made, click on the OK button.
    • If it prompts you as to whether or not you want to save the settings, press the Yes button.
    • Next press the Apply button and then the OK to exit the Internet Properties page.
The following is a list of tools and utilities that I like to suggest to people. This list is full of great tools and utilities to help you understand how you got infected and how to keep from getting infected again.
  • Spybot Search & Destroy- Uber powerful tool which can search and annhilate nasties that make it onto your system. Now with an Immunize section that will help prevent future infections.
  • AdAware - Another very powerful tool which searches and kills nasties that infect your system. AdAware and Spybot Search & Destroy compliment each other very well.
  • SpywareBlaster - Great prevention tool to keep nasties from installing on your system.
  • SpywareGuard - Works as a Spyware "Shield" to protect your computer from getting malware in the first place.
  • IE-SpyAd - puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.
  • ATF Cleaner by Atribune. This program is for XP and Windows 2000 only. ATF is a new, freeware, temporary file cleaner for Windows, IE, Firefox and Opera with a simple, easy-to-use interface. The main screen allows the user to either clean all temporary files, or select files for cleaning. The program also knows if Firefox and or Opera is being used, and gives the option of cleaning the temporary files associated with those applications.
To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Tony Klein. These are excellent reads too: I'm not pulling your leg and Malware: Preventing the Infection



Remember...be careful out there!
User avatar
Navigator
MRU Honors Grad Emeritus
 
Posts: 1237
Joined: December 21st, 2005, 8:35 pm
Location: Missouri

Unread postby NonSuch » January 22nd, 2007, 1:51 am

Glad we could be of assistance.

This topic is now closed. If you wish it reopened, please send us an email to 'admin at malwareremoval.com' with a link to your thread.

You can help support this site from this link :
Donations For Malware Removal

Please do not contact us if you are not the topic starter. A valid, working link to the closed topic is required along with the user name used. If the user name does not match the one in the thread linked, the email will be deleted.
User avatar
NonSuch
Administrator
Administrator
 
Posts: 28747
Joined: February 23rd, 2005, 7:08 am
Location: California
Advertisement
Register to Remove


Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 292 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware