Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Internet Explorer has encountered a problem...

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Internet Explorer has encountered a problem...

Unread postby EnderEd » September 26th, 2005, 11:08 am

I removed serious virus/spyware infections. Subsequent scans come up clean. But now, Internet Explorer continually crashes with a message box: "Internet Explorer has encountered a problem and needs to close. We are sorry for the inconvenience." It errors on ModName kernel32.dll. I've run the SFC and manually downloaded/updated IE patches, but still I get the error. Is there any hope before I re-install?
*************************************************************
Logfile of HijackThis v1.99.1
Scan saved at 11:03:43 AM, on 9/26/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINNT\System32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINNT\System32\DRIVERS\dcfssvc.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\wanmpsvc.exe
C:\Program Files\RealVNC\VNC4\winvnc4.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINNT\system32\devldr32.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\WINNT\system32\atiptaxx.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Administrator\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.net
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://support.microsoft.com/
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [ATIPTA] atiptaxx.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.com/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 7335159073
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 7501289458
O16 - DPF: {F554B9AB-E6C9-4FA6-BFE7-B3CB24AD5027} (MSN Money Charting) - http://fdl.msn.com/public/investor/v11/investor.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\System32\Ati2evxx.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINNT\TWFya2ll\command.exe (file missing)
O23 - Service: dcfssvc (Dcfssvc) - Eastman Kodak Company - C:\WINNT\System32\DRIVERS\dcfssvc.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINNT\System32\ImapiRox.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINNT\wanmpsvc.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - C:\Program Files\RealVNC\VNC4\winvnc4.exe" -service (file missing)
EnderEd
Active Member
 
Posts: 4
Joined: September 24th, 2005, 11:45 am
Advertisement
Register to Remove

Unread postby NonSuch » September 28th, 2005, 12:48 pm

Welcome to the forums, EnderEd! :)

Please print out the following instructions so you will have them readily at hand:

First we need to have you move HijckThis...

You are running HijackThis directly from the Desktop and it needs to be in a folder. Please create a new folder on the Desktop, name it HJT, HijackThis, or something similar. Then drag and drop HijackThis into that folder. Do this before you proceed further.

Close all programs leaving only HijackThis running. Place a check against the following, making sure you get only this one, and not any others by mistake:

O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINNT\TWFya2ll\command.exe (file missing)

Click on "Fix Checked" when finished and exit HijackThis.

Next, go to Start > Run and copy and paste the next commands in the field:

sc stop cmdService < Click OK >

sc delete cmdService < Click OK >

Reboot when finished.

Scan with HijackThis and post a fresh log into this same thread as there will be more to do.
User avatar
NonSuch
Administrator
Administrator
 
Posts: 28747
Joined: February 23rd, 2005, 7:08 am
Location: California

Unread postby EnderEd » September 28th, 2005, 4:01 pm

OK-- thanks-- here's the new log:
*******************************
Logfile of HijackThis v1.99.1
Scan saved at 3:59:45 PM, on 9/28/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINNT\System32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINNT\System32\DRIVERS\dcfssvc.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\wanmpsvc.exe
C:\Program Files\RealVNC\VNC4\winvnc4.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINNT\system32\devldr32.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\WINNT\system32\atiptaxx.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\EdB\Desktop\HJT\HijackThis.exe
C:\WINNT\system32\wuauclt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.net/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://support.microsoft.com/
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [ATIPTA] atiptaxx.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.com/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 7335159073
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 7501289458
O16 - DPF: {F554B9AB-E6C9-4FA6-BFE7-B3CB24AD5027} (MSN Money Charting) - http://fdl.msn.com/public/investor/v11/investor.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\System32\Ati2evxx.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: dcfssvc (Dcfssvc) - Eastman Kodak Company - C:\WINNT\System32\DRIVERS\dcfssvc.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINNT\System32\ImapiRox.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINNT\wanmpsvc.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - C:\Program Files\RealVNC\VNC4\winvnc4.exe" -service (file missing)
EnderEd
Active Member
 
Posts: 4
Joined: September 24th, 2005, 11:45 am

Unread postby NonSuch » September 28th, 2005, 9:20 pm

EnderEd,

Please print out the following instructions so you have them readily at hand while you're working in Safe Mode and unable to access the internet:

Please set your system to show all files; please see here if you're unsure how to do this.

First, download, install, and run CCleaner (so the scans won't take as long because CCleaner will clear out temporary files) *NOTE* CCleaner deletes EVERYTHING out of temp/temporary folders. If you have anything in a temp folder, back it up or move it to a permanent folder prior to running CCleaner!

Download CCleaner from here to clean temp files from your computer.
  • Double click on the file to start the installation of the program.
  • Select your language and click OK, then next.
  • Read the license agreement and click I Agree.
  • Click next to use the default install location. Click Install then finish to complete installation.
  • Double click the CCleaner shortcut on the desktop to start the program.
  • On the "Windows" tab, under "Internet Explorer," uncheck "Cookies" if you do not want them deleted. (If deleted, you will likely need to reenter your passwords at all sites where a cookie is used to recognize you when you visit).
  • If you use either the Firefox or Mozilla browsers, the box to uncheck for "Cookies" is on the Applications tab, under Firefox/Mozilla.
  • Click on "Options" at the top of the window, then click on the "advanced" button. deselect "Only delete files in Windows Temp folders older than 48 hours." Click on "OK."
  • Click Run Cleaner to run the program.
  • Caution: It is not recommended that you use the "Issues" feature unless you are very familiar with the registry as it has been known to find legitimate items.
  • After CCleaner has completed its process, click Exit.

NOTE: It is extremely important that you run Ewido in Safe Mode.

Please download ewido Security Suite
  • Install ewido security suite
  • When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu."
  • Launch ewido, there should be a big "E" icon on your desktop, double-click it.
  • The program will prompt you to update click the "OK" button
  • The program will now go to the main screen

    You will need to update ewido to the latest definition files.
  • On the left hand side of the main screen click update
  • Click on Start

    The update will start and a progress bar will show the updates being installed.
    After the updates are installed, exit ewido.

    Once the updates are installed do the following:
  • If you have an "always on" connection to the internet, physically disconnect that connection until you are finished with Safe Mode and have rebooted back into normal mode.
  • Reboot into Safe Mode, you can do this by restarting your computer, then contiunally tapping F8 until a menu appears. Use your up arrow key to highlight Safe Mode, then hit enter. Then, run ewido.
  • Close all open windows/programs/folders. Have nothing else open while ewido performs its scan!
  • Click on scanner
  • Click on Settings
    • Under "How to scan" all boxes should be selected
    • Under "Possibly unwanted software" all boxes should be selected
    • Under "What to scan" select scan every file
    • Click OK
  • Click on Complete system scan
  • Let the program scan the machine
  • If ewido finds anything, it will pop up a notification. NOTE: We have been finding some cases of false positives with the new version of Ewido, so we need to step through the fixes one-by-one. If Ewido finds something that you KNOW is legitimate (for example, parts of AVG Antivirus, AOL, pcAnywhere and the game "Risk" have been flagged. In particular, watch for alerts that have the word "Heuristic" in them - if you recognize the file name as "friendly," these may actually be false positives) select "none" as the action. DO NOT check "Perform action with all infections." If you are unsure of an entry, select "none" for the time being. I'll see that in the log you will post later and let you know if ewido needs to be run again.

    Once the scan has completed, there will be a button located on the bottom of the screen named Save report.
  • Click Save report
  • Save the report to your desktop


Remain in Safe Mode.

Using Windows Explorer, locate the following folder and, if found, delete it:

C:\WINNT\TWFya2ll\

Reboot into normal mode.

Then, please run this online virus scan:
ActiveScan

Save the results from ActiveScan.

Please post the log from Ewido, the log from ActiveScan, and a new HiJackThis log into this same topic.
User avatar
NonSuch
Administrator
Administrator
 
Posts: 28747
Joined: February 23rd, 2005, 7:08 am
Location: California

Unread postby EnderEd » September 28th, 2005, 11:08 pm

Thanks NonSuch--

I could not believe the number of infections found by ewido. As requested, log posted below along with the latest HJT. But when I tried to run ActiveScan, IE produced the same error message as what prompted my original post: "Internet Explorer has encountered a problem and needs to close. We are sorry for the inconvenience."
***********************************************************
ewido:
---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 10:56:56 PM, 9/28/2005
+ Report-Checksum: ABF70493

+ Scan result:

HKLM\SOFTWARE\Classes\AdultBar.AdultBar -> Spyware.AdultLinks : Cleaned with backup
HKLM\SOFTWARE\Classes\AdultBar.AdultBar\CLSID -> Spyware.AdultLinks : Cleaned with backup
HKLM\SOFTWARE\Classes\AdultBar.AdultBar\CLSID\\ -> Spyware.AdultLinks : Cleaned with backup
HKLM\SOFTWARE\Classes\AdultBar.AdultBar\CurVer -> Spyware.AdultLinks : Cleaned with backup
HKLM\SOFTWARE\Classes\AdultBar.AdultBar.1 -> Spyware.AdultLinks : Cleaned with backup
HKLM\SOFTWARE\Classes\AdultBar.AdultBar.1\CLSID\\ -> Spyware.AdultLinks : Cleaned with backup
HKLM\SOFTWARE\Classes\AdultSearch.AdultSearch -> Spyware.AdultLinks : Cleaned with backup
HKLM\SOFTWARE\Classes\AdultSearch.AdultSearch\CLSID -> Spyware.AdultLinks : Cleaned with backup
HKLM\SOFTWARE\Classes\AdultSearch.AdultSearch\CLSID\\ -> Spyware.AdultLinks : Cleaned with backup
HKLM\SOFTWARE\Classes\AdultSearch.AdultSearch\CurVer -> Spyware.AdultLinks : Cleaned with backup
HKLM\SOFTWARE\Classes\AdultSearch.AdultSearch.1 -> Spyware.AdultLinks : Cleaned with backup
HKLM\SOFTWARE\Classes\AdultSearch.AdultSearch.1\CLSID\\ -> Spyware.AdultLinks : Cleaned with backup
HKLM\SOFTWARE\Classes\bundle.BundleObj\CLSID\\ -> Spyware.ClientMan : Cleaned with backup
HKLM\SOFTWARE\Classes\bundle.BundleObj.1\CLSID\\ -> Spyware.ClientMan : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{11A4CA8C-A8B9-49c2-A6D3-3F64C9EEBAE6}\TypeLib\\ -> Spyware.TX4 : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{1E432263-6841-4653-8F02-366A2F77E339} -> Spyware.BlazeFind : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} -> Spyware.ISTBar : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{447160CD-ECF5-4EA2-8A8A-1F70CA363F85} -> Spyware.ClientMan : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{8940E505-72C6-44DE-BE85-1D746780EFBF} -> Spyware.SecondThought : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{8940E505-72C6-44DE-BE85-1D746780EFBF}\TypeLib\\ -> Spyware.VirtualBouncer : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{9A9C9B69-F908-4AAB-8D0C-10EA8997F37E} -> Spyware.NetNucleus : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{9FB534E3-67CB-4307-AE0A-9E8B5581BE2C} -> Spyware.WindowsSearchBar : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{A1DD937D-71E1-4BB5-BD5D-1B01B9CB1C2F} -> Spyware.WindowsSearchBar : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{AF8B3C81-CD19-45FB-B6BE-160D27711DE8}\TypeLib\\ -> Spyware.IBIS : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{B5AB638F-D76C-415B-A8F2-F3CEAC502212} -> Spyware.AproposMedia : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{BC333116-6EA1-40A1-9D07-ECB192DB8CEA} -> Spyware.AproposMedia : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{C91E8926-D4BE-4685-99F4-0D996B96BAC0} -> Spyware.P2PNetworking : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{FB45C451-B0E9-4407-BB6A-9361013F3E9A} -> Spyware.WebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{FB45C451-B0E9-4407-BB6A-9361013F3E9A}\TypeLib\\ -> Spyware.IBIS : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{FFFFDA2C-A0D5-4D60-8EE1-1B7F8929E24D} -> Spyware.SideSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\Common.Buttons -> Spyware.WebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\HTMLEdit.IETracker\CLSID\\ -> Spyware.CommonName : Cleaned with backup
HKLM\SOFTWARE\Classes\HTMLEdit.IETracker.1\CLSID\\ -> Spyware.CommonName : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{16097036-894C-4C00-A61F-93CA0D49A70E} -> Spyware.TOPicks : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{16097036-894C-4C00-A61F-93CA0D49A70E}\ProxyStubClsid32\\ -> Spyware.P2PNetworking : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{1B540D44-3F61-4394-AE30-25FDC3649405}\ProxyStubClsid32\\ -> Spyware.P2PNetworking : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{2ED5AF98-9258-45BA-B79B-06625C92F662} -> Spyware.TOPicks : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{2ED5AF98-9258-45BA-B79B-06625C92F662}\ProxyStubClsid32\\ -> Spyware.P2PNetworking : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{49DB48FF-02B5-4645-B676-94A4DF1AA026} -> Spyware.SecondThought : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{49DB48FF-02B5-4645-B676-94A4DF1AA026}\Forward\\ -> Spyware.SecondThought : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{6D7D135E-F7C2-4A27-A87C-C0DFEB3A628F}\TypeLib\\ -> Spyware.AdultLinks : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{6E0ED53C-9908-49ED-B055-7CB31B162577} -> Spyware.SecondThought : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{6E0ED53C-9908-49ED-B055-7CB31B162577}\Forward\\ -> Spyware.SecondThought : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{6F59D850-A155-4930-98AE-689A2BC7B8E8}\TypeLib\\ -> Spyware.IBIS : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{700DC0DD-F409-42E0-9DE5-21EE1A2BA9FD} -> Spyware.TOPicks : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{700DC0DD-F409-42E0-9DE5-21EE1A2BA9FD}\ProxyStubClsid32\\ -> Spyware.P2PNetworking : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{830D3AED-2FA9-454F-B266-D931862BBF34} -> Spyware.SecondThought : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{830D3AED-2FA9-454F-B266-D931862BBF34}\Forward\\ -> Spyware.SecondThought : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{8C53BD8E-B12D-4C8F-AD0E-C9DDC39D1273} -> Spyware.SecondThought : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{8C53BD8E-B12D-4C8F-AD0E-C9DDC39D1273}\TypeLib\\ -> Spyware.VirtualBouncer : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{9BCDD51B-4A7B-446C-8452-D32D38004582} -> Spyware.SecondThought : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{9BCDD51B-4A7B-446C-8452-D32D38004582}\Forward\\ -> Spyware.SecondThought : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{A986F4DB-792E-4571-8974-0BB6E024766F} -> Spyware.SecondThought : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{A986F4DB-792E-4571-8974-0BB6E024766F}\Forward\\ -> Spyware.SecondThought : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{BC333116-6EA1-40A1-9D07-ECB192DB8CEA} -> Spyware.AproposMedia : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{BC333116-6EA1-40A1-9D07-ECB192DB8CEA}\ProxyStubClsid32\\ -> Spyware.AproposMedia : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{BCCAB53D-0895-40C3-A942-A03538CE227A} -> Spyware.SecondThought : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{BCCAB53D-0895-40C3-A942-A03538CE227A}\Forward\\ -> Spyware.SecondThought : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{C0F88E9E-DCEB-4655-968A-AE508A677C39} -> Spyware.SecondThought : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{C0F88E9E-DCEB-4655-968A-AE508A677C39}\Forward\\ -> Spyware.SecondThought : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{C91E8926-D4BE-4685-99F4-0D996B96BAC0} -> Spyware.P2PNetworking : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{C91E8926-D4BE-4685-99F4-0D996B96BAC0}\ProxyStubClsid32\\ -> Spyware.P2PNetworking : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{CE9B37EC-D243-47A2-83DB-3A8350175193}\ProxyStubClsid32\\ -> Spyware.P2PNetworking : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{D1320CBB-403D-483D-AE9A-688960A96977} -> Spyware.AdultLinks : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{D1320CBB-403D-483D-AE9A-688960A96977}\TypeLib\\ -> Spyware.AdultLinks : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{D7EAC2D8-2D52-4010-A4AD-DFDF60C1706C} -> Spyware.SecondThought : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{D7EAC2D8-2D52-4010-A4AD-DFDF60C1706C}\Forward\\ -> Spyware.SecondThought : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{F8D96098-E9F7-42E1-88F3-A3719D70EA8D}\TypeLib\\ -> Spyware.BrowserAid : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{FD42F6D3-7AB1-470C-979B-7996EDC99099} -> Spyware.TOPicks : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{FD42F6D3-7AB1-470C-979B-7996EDC99099}\ProxyStubClsid32\\ -> Spyware.P2PNetworking : Cleaned with backup
HKLM\SOFTWARE\Classes\POP.Loader\CLSID\\ -> Spyware.PeopleOnPage : Cleaned with backup
HKLM\SOFTWARE\Classes\PROTOCOLS\Name-Space Handler\res -> Spyware.WebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\QaBar -> Spyware.Adultlinks : Cleaned with backup
HKLM\SOFTWARE\Classes\QaBar\CLSID -> Spyware.Adultlinks : Cleaned with backup
HKLM\SOFTWARE\Classes\QaBar\CLSID\\ -> Spyware.AdultLinks : Cleaned with backup
HKLM\SOFTWARE\Classes\QaBar\CurVer -> Spyware.Adultlinks : Cleaned with backup
HKLM\SOFTWARE\Classes\SWRT01.RT -> Spyware.SecondThought : Cleaned with backup
HKLM\SOFTWARE\Classes\SWRT01.RT\Clsid -> Spyware.SecondThought : Cleaned with backup
HKLM\SOFTWARE\Classes\SWRT01.RT\Clsid\\ -> Spyware.SecondThought : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{5E594162-60A9-487D-84B8-DBDD716CB862} -> Spyware.VirtualBouncer : Cleaned with backup
HKLM\SOFTWARE\Classes\WindowsSB.AutoSearch\CLSID\\ -> Spyware.BlazeFind : Cleaned with backup
HKLM\SOFTWARE\Classes\WindowsSB.AutoSearch.1\CLSID\\ -> Spyware.BlazeFind : Cleaned with backup
HKLM\SOFTWARE\Classes\WindowsSB.Band -> Spyware.BlazeFind : Cleaned with backup
HKLM\SOFTWARE\Classes\WindowsSB.Band\CLSID -> Spyware.BlazeFind : Cleaned with backup
HKLM\SOFTWARE\Classes\WindowsSB.Band\CLSID\\ -> Spyware.WindowsSearchBar : Cleaned with backup
HKLM\SOFTWARE\Classes\WindowsSB.Band\CurVer -> Spyware.BlazeFind : Cleaned with backup
HKLM\SOFTWARE\Classes\WindowsSB.Band.1 -> Spyware.BlazeFind : Cleaned with backup
HKLM\SOFTWARE\Classes\WindowsSB.Band.1\CLSID\\ -> Spyware.WindowsSearchBar : Cleaned with backup
HKLM\SOFTWARE\Classes\WindowsSB.EventHandler -> Spyware.BlazeFind : Cleaned with backup
HKLM\SOFTWARE\Classes\WindowsSB.EventHandler\CLSID -> Spyware.BlazeFind : Cleaned with backup
HKLM\SOFTWARE\Classes\WindowsSB.EventHandler\CLSID\\ -> Spyware.WindowsSearchBar : Cleaned with backup
HKLM\SOFTWARE\Classes\WindowsSB.EventHandler\CurVer -> Spyware.BlazeFind : Cleaned with backup
HKLM\SOFTWARE\Classes\WindowsSB.EventHandler.1 -> Spyware.BlazeFind : Cleaned with backup
HKLM\SOFTWARE\Classes\WindowsSB.EventHandler.1\CLSID\\ -> Spyware.WindowsSearchBar : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{850CD0B8-DA33-4558-A8C8-95D7908E37A7} -> Spyware.WebSearch : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\{2CF0B992-5EEB-4143-99C2-5297EF71F44B} -> Spyware.BrowserAid : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Bargain Buddy -> Spyware.BargainBuddy : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ISTbarISTbar -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{8A0DCBDA-6E20-489C-9041-C1E8A0352E75} -> Spyware.NetNucleus : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/Downloaded Program Files/anmqsrho.dll\\.Owner -> Spyware.SearchBarCash : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/Downloaded Program Files/anmqsrho.dll\\{52DCAD2D-D5DD-8EA5-315A-B4FE032A28F9} -> Spyware.SearchBarCash : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/Downloaded Program Files/btiein.dll\\.Owner -> Spyware.HuntBar : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/Downloaded Program Files/btiein.dll\\{26E8361F-BCE7-4F75-A347-98C88B418322} -> Spyware.HuntBar : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/Downloaded Program Files/PdpPlugin.dll\\.Owner -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/Downloaded Program Files/PdpPlugin.dll\\{731918D2-517A-47E2-886A-3BC1380C591D} -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/Downloaded Program Files/rnmrnkoe.dll\\.Owner -> Spyware.SearchBarCash : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/Downloaded Program Files/rnmrnkoe.dll\\{912EE662-9BDF-DBCA-9FEC-CC133D477FFF} -> Spyware.SearchBarCash : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\\{FFFFDA2C-A0D5-4D60-8EE1-1B7F8929E24D} -> Spyware.SideSearch : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DisplayUtility -> Spyware.Delfin : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WinDH -> Spyware.DealHelper : Cleaned with backup
HKLM\SOFTWARE\SecureWin -> Spyware.Adlogix : Cleaned with backup
HKLM\SYSTEM\CurrentControlSet\Services\WinIK -> Spyware.CommonName : Cleaned with backup
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\Security -> Spyware.CommonName : Cleaned with backup
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\Enum -> Spyware.CommonName : Cleaned with backup
HKU\.DEFAULT\Software\toolbar -> Spyware.WebSearch : Cleaned with backup
HKU\.DEFAULT\Software\toolbar\UrlSearchHooks -> Spyware.WebSearch : Cleaned with backup
HKU\S-1-5-18\Software\toolbar -> Spyware.WebSearch : Cleaned with backup
HKU\S-1-5-18\Software\toolbar\UrlSearchHooks -> Spyware.WebSearch : Cleaned with backup
:mozilla.7:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\mynoe76m.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.9:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\mynoe76m.default\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.11:C:\Documents and Settings\Mark Leonardis\Application Data\Mozilla\Firefox\Profiles\e3j4cgcb.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.12:C:\Documents and Settings\Mark Leonardis\Application Data\Mozilla\Firefox\Profiles\e3j4cgcb.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.13:C:\Documents and Settings\Mark Leonardis\Application Data\Mozilla\Firefox\Profiles\e3j4cgcb.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.14:C:\Documents and Settings\Mark Leonardis\Application Data\Mozilla\Firefox\Profiles\e3j4cgcb.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.17:C:\Documents and Settings\Mark Leonardis\Application Data\Mozilla\Firefox\Profiles\e3j4cgcb.default\cookies.txt -> Spyware.Cookie.Spylog : Cleaned with backup
:mozilla.18:C:\Documents and Settings\Mark Leonardis\Application Data\Mozilla\Firefox\Profiles\e3j4cgcb.default\cookies.txt -> Spyware.Cookie.Abetterinternet : Cleaned with backup
:mozilla.19:C:\Documents and Settings\Mark Leonardis\Application Data\Mozilla\Firefox\Profiles\e3j4cgcb.default\cookies.txt -> Spyware.Cookie.Abetterinternet : Cleaned with backup
:mozilla.20:C:\Documents and Settings\Mark Leonardis\Application Data\Mozilla\Firefox\Profiles\e3j4cgcb.default\cookies.txt -> Spyware.Cookie.Abetterinternet : Cleaned with backup
:mozilla.21:C:\Documents and Settings\Mark Leonardis\Application Data\Mozilla\Firefox\Profiles\e3j4cgcb.default\cookies.txt -> Spyware.Cookie.Abetterinternet : Cleaned with backup
:mozilla.22:C:\Documents and Settings\Mark Leonardis\Application Data\Mozilla\Firefox\Profiles\e3j4cgcb.default\cookies.txt -> Spyware.Cookie.Abetterinternet : Cleaned with backup
:mozilla.23:C:\Documents and Settings\Mark Leonardis\Application Data\Mozilla\Firefox\Profiles\e3j4cgcb.default\cookies.txt -> Spyware.Cookie.Abetterinternet : Cleaned with backup
:mozilla.24:C:\Documents and Settings\Mark Leonardis\Application Data\Mozilla\Firefox\Profiles\e3j4cgcb.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.25:C:\Documents and Settings\Mark Leonardis\Application Data\Mozilla\Firefox\Profiles\e3j4cgcb.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.26:C:\Documents and Settings\Mark Leonardis\Application Data\Mozilla\Firefox\Profiles\e3j4cgcb.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.27:C:\Documents and Settings\Mark Leonardis\Application Data\Mozilla\Firefox\Profiles\e3j4cgcb.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.49:C:\Documents and Settings\Mark Leonardis\Application Data\Mozilla\Firefox\Profiles\e3j4cgcb.default\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.50:C:\Documents and Settings\Mark Leonardis\Application Data\Mozilla\Firefox\Profiles\e3j4cgcb.default\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.65:C:\Documents and Settings\Mark Leonardis\Application Data\Mozilla\Firefox\Profiles\e3j4cgcb.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.66:C:\Documents and Settings\Mark Leonardis\Application Data\Mozilla\Firefox\Profiles\e3j4cgcb.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.67:C:\Documents and Settings\Mark Leonardis\Application Data\Mozilla\Firefox\Profiles\e3j4cgcb.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.68:C:\Documents and Settings\Mark Leonardis\Application Data\Mozilla\Firefox\Profiles\e3j4cgcb.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.69:C:\Documents and Settings\Mark Leonardis\Application Data\Mozilla\Firefox\Profiles\e3j4cgcb.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.70:C:\Documents and Settings\Mark Leonardis\Application Data\Mozilla\Firefox\Profiles\e3j4cgcb.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\Program Files\Common Files\services.exe -> Spyware.Maxifiles : Cleaned with backup
C:\WINNT\bsx32 -> Spyware.BookedSpace : Cleaned with backup
C:\WINNT\bsx32\ASI2.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINNT\bsx32\ASI50.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINNT\bsx32\ASICLRE.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINNT\bsx32\ASICLV.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINNT\bsx32\ASIEPRE.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINNT\bsx32\ASIEZ.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINNT\bsx32\ASIKAB2.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINNT\bsx32\ASIMBC.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINNT\bsx32\ASIRCPRE.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINNT\bsx32\ASISS2RE.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINNT\bsx32\ASISSRE.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINNT\bsx32\EECH1.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINNT\bsx32\SPZ3.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINNT\bsx32\TMPC.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINNT\bsx32\TMPD.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINNT\bsx32\TMPE.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINNT\bsx32\TMPF.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINNT\bsx32\TMPFAM.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINNT\bsx32\TMPFI.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINNT\bsx32\TMPFIN.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINNT\bsx32\TMPG.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINNT\bsx32\TMPH.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINNT\bsx32\TMPHL.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINNT\bsx32\TMPJ.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINNT\bsx32\TMPM.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINNT\bsx32\TMPMTV.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINNT\bsx32\TMPN.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINNT\bsx32\TMPR.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINNT\bsx32\TMPS.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINNT\bsx32\TMPSHOP.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINNT\bsx32\TMPSP.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINNT\bsx32\TMPW.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINNT\bsx32\WEBS1.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINNT\bsx32\WEBS2.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINNT\bsx32\ZNETGP.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINNT\cfgmgr52\EECH1.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINNT\cfgmgr52\SPZ3.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINNT\gogotools.exe/SilentInstallW32.exe -> Spyware.GogoTools : Cleaned with backup
C:\WINNT\NDNuninstall4_50.exe -> Spyware.NewDotNet : Cleaned with backup
C:\WINNT\NDNuninstall4_80.exe -> Spyware.NewDotNet : Cleaned with backup
C:\WINNT\NDNuninstall6_38.exe -> Spyware.NewDotNet : Cleaned with backup
C:\WINNT\svcproc.exe -> Trojan.Stervis.i : Cleaned with backup
C:\WINNT\system32\aomparse.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINNT\system32\BO2202031216.dll -> Spyware.BargainBuddy : Cleaned with backup
C:\WINNT\system32\BO2802040113.dll -> Spyware.BargainBuddy : Cleaned with backup
C:\WINNT\system32\bS_L.dll/bi.dll -> Trojan.Bispy.A : Cleaned with backup
C:\WINNT\system32\bS_L.dll/preInsBI.exe -> Spyware.BiSpy : Cleaned with backup
C:\WINNT\system32\bS_L.dll/bi.dll -> Trojan.Bispy.A : Cleaned with backup
C:\WINNT\system32\bS_L.dll/preInsBI.exe -> Spyware.BiSpy : Cleaned with backup
C:\WINNT\system32\ca.dll -> Spyware.SearchIt : Cleaned with backup
C:\WINNT\system32\ca2.dll -> Spyware.SearchIt : Cleaned with backup
C:\WINNT\system32\cdgbkend.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINNT\system32\chktrust.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\WINNT\system32\coqujf.exe -> Spyware.Adstart : Cleaned with backup
C:\WINNT\system32\ctbv2.dll -> Adware.SAHA : Cleaned with backup
C:\WINNT\system32\cwgmgr32.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINNT\system32\daquery.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINNT\system32\guard.tmp -> Spyware.Look2Me : Cleaned with backup
C:\WINNT\system32\hwetwiz.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINNT\system32\iezset.exe -> Adware.eZula : Cleaned with backup
C:\WINNT\system32\ignet.dll -> TrojanDropper.Mudrop.w : Cleaned with backup
C:\WINNT\system32\ignet2.dll -> TrojanDropper.Mudrop.w : Cleaned with backup
C:\WINNT\system32\ihv6mon.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINNT\system32\in5bCs.dll/bi.dll -> Spyware.BiSpy : Cleaned with backup
C:\WINNT\system32\in5bCs.dll/biprep.exe -> Trojan.Bispy.B : Cleaned with backup
C:\WINNT\system32\in5bCs.dll/bi.dll -> Spyware.BiSpy : Cleaned with backup
C:\WINNT\system32\in5bCs.dll/biprep.exe -> Trojan.Bispy.B : Cleaned with backup
C:\WINNT\system32\kddne.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINNT\system32\kvdsf.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINNT\system32\mbbi8016.dll -> Spyware.BargainBuddy : Cleaned with backup
C:\WINNT\system32\mcjter40.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINNT\system32\mer2cenu.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINNT\system32\mpftedit.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINNT\system32\mvvideo.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINNT\system32\naf2A.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINNT\system32\nostalgia.dll/MSView.dll -> Trojan.KeyHost.e : Cleaned with backup
C:\WINNT\system32\nostalgia.dll/MSVprep.exe -> Spyware.BiSpy : Cleaned with backup
C:\WINNT\system32\nostalgia.dll/MSView.dll -> Trojan.KeyHost.e : Cleaned with backup
C:\WINNT\system32\nostalgia.dll/MSVprep.exe -> Spyware.BiSpy : Cleaned with backup
C:\WINNT\system32\nostalgia1.dll/MSView.dll -> Trojan.KeyHost.e : Cleaned with backup
C:\WINNT\system32\nostalgia1.dll/MSVprep.exe -> Spyware.BiSpy : Cleaned with backup
C:\WINNT\system32\nostalgia1.dll/MSView.dll -> Trojan.KeyHost.e : Cleaned with backup
C:\WINNT\system32\nostalgia1.dll/MSVprep.exe -> Spyware.BiSpy : Cleaned with backup
C:\WINNT\system32\nstui2.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINNT\system32\nvtigf.exe -> Spyware.Adstart : Cleaned with backup
C:\WINNT\system32\otethk32.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINNT\system32\pelmon.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINNT\system32\pglstore.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINNT\system32\pLqsp.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINNT\system32\QTBar.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINNT\system32\SHAgent.dll -> Adware.SAHA : Cleaned with backup
C:\WINNT\system32\SHAgentNew.dll -> Spyware.BargainBuddy : Cleaned with backup
C:\WINNT\system32\solgntfy.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINNT\system32\SWRT01.dll -> Spyware.VirtualBouncer : Cleaned with backup
C:\WINNT\system32\virsion.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINNT\system32\weatherb.dll -> TrojanDropper.Small.so : Cleaned with backup
C:\WINNT\system32\WinStat12.dll -> Spyware.Winsta : Cleaned with backup
C:\WINNT\system32\wjtdecod.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINNT\system32\wunsta.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINNT\system32\wzhtcpip.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINNT\system32\zergkmk.exe -> TrojanDownloader.Lastad.n : Cleaned with backup
C:\WINNT\ttil_sbc.exe -> Adware.eZula : Cleaned with backup
C:\WINNT\whxowgms.exe -> Spyware.BookedSpace : Cleaned with backup


::Report End
*************************************************************
HJT:
Logfile of HijackThis v1.99.1
Scan saved at 11:08:00 PM, on 9/28/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\devldr32.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\WINNT\system32\atiptaxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINNT\System32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINNT\System32\DRIVERS\dcfssvc.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\wanmpsvc.exe
C:\Program Files\RealVNC\VNC4\winvnc4.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Documents and Settings\EdB\Desktop\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.net/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://support.microsoft.com/
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [ATIPTA] atiptaxx.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.com/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 7335159073
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 7501289458
O16 - DPF: {F554B9AB-E6C9-4FA6-BFE7-B3CB24AD5027} (MSN Money Charting) - http://fdl.msn.com/public/investor/v11/investor.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\System32\Ati2evxx.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: dcfssvc (Dcfssvc) - Eastman Kodak Company - C:\WINNT\System32\DRIVERS\dcfssvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINNT\System32\ImapiRox.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINNT\wanmpsvc.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - C:\Program Files\RealVNC\VNC4\winvnc4.exe" -service (file missing)
EnderEd
Active Member
 
Posts: 4
Joined: September 24th, 2005, 11:45 am

Unread postby NonSuch » September 29th, 2005, 12:46 am

EnderEd,

That's truly a whopper of an ewido log! :D

Let's just make sure we have all the malware off your system, especially since you were unable to run the Panda ActiveScan. So, please make sure that your resident antivirus, avast! is updated with the latest virus definitions as you will be doing a scan with it.

As your original infection may have been related to one of the AIM viruses, I suggest you run a removal tool specifically developed for the removal of those particular viruses, some of which may not be revealed in a HijackThis log.

This link will take you to a site where you can download the removal tool AIM Fix...

http://www.jayloden.com/aimfix.htm

After you finish using the AimFix tool, please scan again with ewido to see if anything further is picked up. Be sure to check for updates prior to booting into Safe Mode as it is not unusual for ewido to update several times a day.

Next, after you've finished with the ewido scan, reboot (again in Safe Mode) and run your resident antivirus, avast!, being sure that you have it set to scan your hard disk, including all folders. Your scan mode should be "thorough." In addition, set it to scan archives and zipped files. Then let it scan (it may take quite a while) and remove all that it finds.

When you've finished, reboot into normal mode, scan with HijackThis and post a fresh log and the results of the ewido scan, if any. Please also let me know if avast! and/or the AIM Fix tool produced any results, and also how your system is now running.
User avatar
NonSuch
Administrator
Administrator
 
Posts: 28747
Joined: February 23rd, 2005, 7:08 am
Location: California

Unread postby EnderEd » September 29th, 2005, 9:22 am

Thanks again NonSuch--

You are brilliant and tireless. As you'll see from the posted logs, the AimFix removed the load registry entry. Both ewido and avast scanned cleanly. Yet still, IE produces that error message even on WindowsUpdate pages. I am proceeding as I type with a WinXPHome overinstall.

Couple of questions your procedure raises: Is ewido the defacto virus scanner now? Are Avast and TrendMirco's scanners just not up to par (the two I originally used)? Was TWFya2ll an AIM infection? Whatever I had, it seemed to have been some kind of backdoor installer for a bunch of other spyware and trojans, yes?

Thanks again for all your help!

--EnderEd
*************************************************************
AIMFix:
1.3.831.2037


Setting security privileges for AIMfix...

Error setting SeDebug Privilege
First, closing any running copies of AOL Instant Messenger (aim.exe):

***ANY VIRUS FILES REMOVED WILL BE LISTED BELOW***

Registry key "HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows\load" removed

***RUN COMPLETED. ANY FILES REMOVED LISTED ABOVE***
----------------------------------------------------------

***********************************************************
ewido:
---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 8:48:57 AM, 9/29/2005
+ Report-Checksum: 8BC32A24

+ Scan result:

No infected objects found.


::Report End
************************************************************
AVast:
09/29/2005 08:50
Scan of all local drives

Number of searched folders: 3053
Number of tested files: 74555
Number of infected files: 0
************************************************************
HJT:
Logfile of HijackThis v1.99.1
Scan saved at 9:13:22 AM, on 9/29/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINNT\system32\devldr32.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINNT\System32\DRIVERS\dcfssvc.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\wanmpsvc.exe
C:\Program Files\RealVNC\VNC4\winvnc4.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\WINNT\system32\atiptaxx.exe
C:\Documents and Settings\EdB\Desktop\HJT\HijackThis.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.net/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://support.microsoft.com/
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [ATIPTA] atiptaxx.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.com/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 7335159073
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 7501289458
O16 - DPF: {F554B9AB-E6C9-4FA6-BFE7-B3CB24AD5027} (MSN Money Charting) - http://fdl.msn.com/public/investor/v11/investor.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\System32\Ati2evxx.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: dcfssvc (Dcfssvc) - Eastman Kodak Company - C:\WINNT\System32\DRIVERS\dcfssvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINNT\System32\ImapiRox.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINNT\wanmpsvc.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - C:\Program Files\RealVNC\VNC4\winvnc4.exe" -service (file missing)
EnderEd
Active Member
 
Posts: 4
Joined: September 24th, 2005, 11:45 am

Unread postby NonSuch » September 29th, 2005, 12:57 pm

EnderEd,

You're very welcome. :)

It appears that we've cleared the malware off your system. It's quite possible that the virus had done some damage along the way. The overinstall may be just the ticket to fix the error. Yes, TWFya2ll appears to have been an AIM infection and one that indeed brought in other malware, and a lot of it! :D

Ewido is a security suite that is compatible with your antivirus. For instance, I have ewido on one system, running alongside avast! antivirus and Kerio Personal Firewall. Although you cannot run two antivirus products together (avast! with Norton for example) without creating problems, some of which could be quite serious, ewido was made to be compatible with other products. See here for ewido's information on program compatibility: http://www.ewido.net/en/compatibility/. So, no it does not replace your antivirus product, it complements it.

Your HijackThis log is clean, please follow these simple steps in order to keep your computer clean and secure in the future:

  1. Disable and Enable System Restore. - If you are using Windows ME or XP then you should disable and re-enable system restore to make sure there are no infected files found in a restore point.
    You can find instructions on how to enable and re enable system restore here:
    Managing Windows Millennium System Restore
    or
    Windows XP System Restore Guide
    re-enable system restore with instructions from tutorial above
  2. Make your Internet Explorer more secure - This can be done by following these simple instructions:

    1. From within Internet Explorer click on the Tools menu and then click on Options.
    2. Click once on the Security tab
    3. Click once on the Internet icon so it becomes highlighted.
    4. Click once on the Custom Level button.

      1. Change the Download signed ActiveX controls to Prompt
      2. Change the Download unsigned ActiveX controls to Disable
      3. Change the Initialise and script ActiveX controls not marked as safe to Disable
      4. Change the Installation of desktop items to Prompt
      5. Change the Launching programs and files in an IFRAME to Prompt
      6. Change the Navigate sub-frames across different domains to Prompt
      7. When all these settings have been made, click on the OK button.
      8. If it prompts you as to whether or not you want to save the settings, press the Yes button.
    5. Next press the Apply button and then the OK to exit the Internet Properties page.
  3. Use an Anti Virus Software - It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future. See this link for a listing of some online & their stand-alone anti virus programs:
    Computer Safety On line - Anti-Virus
  4. Update your Anti Virus Software - It is imperative that you update your Anti virus software at least once a week (Even more if you wish). If you do not update your anti virus software then it will not be able to catch any of the new variants that may come out.
  5. Use a Firewall - I cannot stress how important it is that you use a firewall on your computer. Without a firewall your computer is susceptible to being hacked and taken over. Simply using a firewall in its default configuration can lower your risk greatly. For an article on firewalls and a listing of some available ones see the link below:
    Computer Safety On line - Software Firewalls
  6. Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer always has the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
  7. Install Spybot - Search and Destroy - Install and download Spybot - Search and Destroy with its TeaTimer option.
    This will provide real-time spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with program on a regular basis just as you would an anti virus software. A tutorial on installing & using this product can be found here:
    Instructions for - Spybot S & D and Ad-aware
  8. Install Ad-Aware - Install and download Ad-Aware. You should also scan your computer with the program on a regular basis just as you would an anti virus software in conjunction with Spybot. A tutorial on installing & using this product can be found here:
    Instructions for - Spybot S & D and Ad-aware
  9. Install SpywareBlaster - SpywareBlaster will add a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs. A article on anti-malware products with links for this program and others can be found here:
    Computer Safety on line - Anti-Malware
  10. Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Follow this list and your potential for being infected again will reduce dramatically.
User avatar
NonSuch
Administrator
Administrator
 
Posts: 28747
Joined: February 23rd, 2005, 7:08 am
Location: California

Unread postby NonSuch » October 2nd, 2005, 12:29 am

Glad we could be of assistance.

This topic is now closed. If you wish it reopened, please send us an email to 'admin at malwareremoval.com' with a link to your thread.

You can help support this site from this link :
Donations For Malware Removal

Do not bother contacting us if you are not the topic starter. A valid, working link to the closed topic is required along with the user name used. If the user name does not match the one in the thread linked, the email will be deleted.
User avatar
NonSuch
Administrator
Administrator
 
Posts: 28747
Joined: February 23rd, 2005, 7:08 am
Location: California
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 41 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware