Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Trojan and pop-ups

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Unread postby Myriddan » December 11th, 2005, 11:45 pm

Yes there are multiple accounts on my computer
Myriddan
Regular Member
 
Posts: 24
Joined: December 5th, 2005, 12:07 am
Advertisement
Register to Remove

Unread postby AndyAtHull » December 12th, 2005, 7:24 am

If one has the Administrator rights, log into that. Then continue with the fix please :D
User avatar
AndyAtHull
Visiting Staff
 
Posts: 1636
Joined: October 6th, 2005, 2:03 pm
Location: UK

Unread postby Myriddan » December 12th, 2005, 1:12 pm

Logfile of HijackThis v1.99.1
Scan saved at 9:10:57 AM, on 12/12/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\ewido\security suite\ewidoctrl.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Browser Mouse\Browser Mouse\1.0\lwbwheel.exe
C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
c:\program files\mcafee.com\agent\mcagent.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
F:\Programs\DAEMON Tools\daemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\AOLCOM~1\ACCAgnt.exe
C:\Program Files\Common Files\AOL\1133491950\ee\AOLHostManager.exe
C:\Program Files\Common Files\AOL\1133491950\ee\AOLServiceHost.exe
C:\WINDOWS\system32\wuauclt.exe
c:\program files\common files\aol\1133491950\ee\services\antiSpywareApp\ver2_0_7\AOLSP Scheduler.exe
C:\Program Files\Common Files\AOL\1133491950\ee\AOLServiceHost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://dellnet.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://dellnet.msn.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
F1 - win.ini: run= C:\WESTWOOD\REDALERT\INSTICON.EXE
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [AHQInit] C:\Program Files\Creative\SBLive\Program\AHQInit.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [Dell|Alert] C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\Browser Mouse\Browser Mouse\1.0\lwbwheel.exe
O4 - HKLM\..\Run: [D-Link AirPlus XtremeG] C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "F:\Programs\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1133491950\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [DAEMON Tools] "F:\Programs\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [AOLCC] "C:\PROGRA~1\AOLCOM~1\ACCAgnt.exe" /startup
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: Yahoo! Poker - http://download.games.yahoo.com/games/c ... /pt3_x.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/kws/ ... nicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540012} - http://www.funnytaf.com/fun/installer/Install.cab
O16 - DPF: {37DF41B2-61DB-4CAC-A755-CFB3C7EE7F40} (AOL Content Update) - http://esupport.aol.com/help/acp2/engin ... core_1.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/ ... 0_0_44.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - https://objects.aol.com/mcafee/molbin/s ... insctl.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Fac ... loader.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 3998590875
O16 - DPF: {75565ED2-1560-4F15-B841-20358DE6A0D1} (ImageControl Class) - http://content.ancestry.com/asfiles/fil ... ImgVwr.cab
O16 - DPF: {861DB4B6-3838-11D2-8E50-002018200E57} - http://images.myfamily.net/isfiles/downloads/MrSIDI.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan ... asinst.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - https://objects.aol.com/mcafee/molbin/s ... cGDMgr.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://zone.msn.com/bingame/shpo/default/shapo.cab
O16 - DPF: {D8F595EF-81B1-47A5-8CC4-F7DA44B5FF64} (ImagePreview Class) - http://images.ancestry.com/asfiles/file ... ImgVwr.cab
O16 - DPF: {DAF5D9A2-D982-4671-83E4-0398706A5F6A} (SCEWebLauncherCtl Object) - http://zone.msn.com/bingame/hsol/defaul ... uncher.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/dim2/defaul ... der_v6.cab
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - c:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Unknown owner - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (file missing)
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe


3 Dragons
A Flight Of The Dragons
Ad-Aware SE Personal
Adobe Atmosphere Player for Acrobat and Adobe Reader
Adobe Download Manager 1.2 (Remove Only)
Adobe Reader 6.0
AirPlus XtremeG
America Online (Choose which version to remove)
ANIO Service
ANIWZCS2 Service
AOL Coach Version 2.0(Build:20041026.5 en)
AOL Computer Check-Up
AOL Connectivity Services
AOL Instant Messenger
AOL Uninstaller
ArcSoft Multimedia Email
ArcSoft PhotoImpression 5
Baldur's Gate
Baldur's Gate(TM) II - Shadows of Amn(TM)
Browser Mouse Browser Mouse 1.0
Call of Duty Game of the Year Edition
CCleaner (remove only)
Command & Conquer Generals
Creative WebCam Center
Creative WebCam Live! Driver (1.00.06.0414)
Curator Defense
Dell | Support
Dell Digital Jukebox Driver
Dell Picture Studio - Dell Image Expert
Dell ResourceCD
Dell Solution Center
Deus Ex
Diablo
Diablo II
DivX
Doom 3 DVD
EA SPORTS online 2004
Easy CD Creator 5 Basic
EAX(tm) Unified (SHELL)
Empire Earth II
ewido security suite
Final Fantasy VII
Final Fantasy VII XP Patch
FINAL FANTASY VIII
GetRight
Half-Life(R) 2
HAM
HAM 3.0
Heroes II Gold
Heroes of Might and Magic®
Heroes of Might and Magic® III
HighMAT Extension to Microsoft Windows XP CD Writing Wizard
HijackThis 1.99.1
Hotfix for Windows XP (KB896344)
HP LaserJet 1100
HyperLoad
Icewind Dale
Icewind Dale II
iTunes
J2SE Runtime Environment 5.0 Update 3
J2SE Runtime Environment 5.0 Update 5
J2SE Runtime Environment 5.0 Update 6
Java 2 Runtime Environment Standard Edition v1.3.1_04
Kaspersky On-line Scanner
Kazaa Media Desktop 2.0
Knights Of Honor
LiveReg (Symantec Corporation)
LiveUpdate 1.80 (Symantec Corporation)
Lucent Win Modem
Macromedia Flash Player 8
Macromedia Shockwave Player
McAfee SecurityCenter
McAfee VirusScan
Medal of Honor Allied Assault
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft Data Access Components KB870669
Microsoft Encarta Encyclopedia Standard 2002
Microsoft Excel 97
Microsoft Halo
Microsoft Money 2002
Microsoft Money 2002 System Pack
Microsoft Picture It! Photo 2002
Microsoft Streets and Trips 2002
Microsoft Visual J# .NET Redistributable Package 1.1
Microsoft Visual Studio .NET Professional 2003 - English
Microsoft Windows Journal Viewer
Microsoft Word 2002
Microsoft Word 97
Microsoft Works 2002 Setup Launcher
Microsoft Works 6.0
Microsoft Works Suite Add-in for Microsoft Word
Modem Helper
Morrowind
Mozilla Firefox (1.5)
MSN Gaming Zone
MSN Messenger 7.0
MSXML 4.0 SP2 Parser and SDK
MVP Baseball 2004
Need for Speed Underground 2
Need for Speedâ„¢ Most Wanted
Nero Suite
Neverwinter Nights
NVDVD
NVIDIA Drivers
Panda ActiveScan
PCSpim
PhoneTools
PowerCrypt 2000
PowerCrypt 2000 (C:\Program Files\PowerCrypt 2000\)
Pure Networks Port Magic
Quake 4(TM)
QuickTime
RealPlayer
Risk
RollerCoaster Tycoon® 3
RPG World Online Client
Runtime Files Pack 3
SD4Blocker for speed
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Shattered Galaxy
Shattered Galaxy 1.74
Shockwave
Sid Meier's Civilization 4
Sierra On-Line Games (Remove only)
Snood for Windows version 3.52-W
Sound Blaster Live! Value
Sound Blaster Live! Web 2K/XP
Spybot - Search & Destroy 1.4
Star Wars Republic Commando
Star Wars(R) Knights of the Old Republic(R) II: The Sith Lords(TM)
SWAT 4
TES Construction Set
Thief:The Dark Project
Tom Clancy's Rainbow Six
Tom Clancy's Rainbow Six: Eagle Watch
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900930)
Ventrilo Client
Viewpoint Media Player
Visual Basic 4 Runtime Files
VR Baseball 2000
Warlords Battlecry
Windows Blaster Worm Removal Tool (KB833330)
Windows Genuine Advantage v1.3.0254.0
Windows Installer 3.1 (KB893803)
Windows Installer 3.1 (KB893803)
Windows Media Connect
Windows Media Connect
Windows Media Format Runtime
Windows Media Player 10
Windows Sasser Worm Removal Tool (KB841720)
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB887797
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
Windows XP Service Pack 2
WinRAR archiver
WinZip
World of Warcraft
XBBURN (remove only)
Myriddan
Regular Member
 
Posts: 24
Joined: December 5th, 2005, 12:07 am

Unread postby Myriddan » December 12th, 2005, 1:12 pm

-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Monday, December 12, 2005 09:04:09
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version: 5.0.67.0
Kaspersky Anti-Virus database last update: 12/12/2005
Kaspersky Anti-Virus database records: 164559
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\

Scan Statistics:
Total number of scanned objects: 209033
Number of viruses found: 7
Number of infected objects: 119
Number of suspicious objects: 1
Duration of the scan process: 13909 sec

Infected Object Name - Virus Name
C:\Documents and Settings\Alicia\Local Settings\Temporary Internet Files\Content.IE5\GTQVWLYR\deliver46860[1].html Suspicious: Exploit.HTML.Mht
C:\Documents and Settings\Earl\Local Settings\Temporary Internet Files\Content.IE5\6JKCMWOG\11[2] Infected: Trojan-Clicker.JS.Linker.j
C:\Documents and Settings\Earl\Local Settings\Temporary Internet Files\Content.IE5\T047H5ST\protect[1].html Infected: Trojan-Downloader.JS.Codebase.c
C:\Documents and Settings\Earl\Local Settings\Temporary Internet Files\Content.IE5\T047H5ST\protect[1].php/packed Infected: Trojan-Downloader.JS.Codebase.c
C:\Documents and Settings\Earl\Local Settings\Temporary Internet Files\Content.IE5\T047H5ST\protect[1].php Infected: Trojan-Downloader.JS.Codebase.c
C:\Documents and Settings\Eric\.housecall\Quarantine\A0256604.exe.bac_a04092 Infected: not-a-virus:AdWare.Win32.NewDotNet
C:\Documents and Settings\Eric\.housecall\Quarantine\A0256608.dll.bac_a04092 Infected: Trojan-Downloader.Win32.Delf.zu
C:\Documents and Settings\Eric\.housecall\Quarantine\A0256609.dll.bac_a04092 Infected: Trojan-Downloader.Win32.Delf.zu
C:\Documents and Settings\Eric\.housecall\Quarantine\A0256610.dll.bac_a04092 Infected: Trojan-Downloader.Win32.Delf.zu
C:\Documents and Settings\Eric\.housecall\Quarantine\A0256611.dll.bac_a04092 Infected: Trojan-Downloader.Win32.Delf.zu
C:\Documents and Settings\Eric\.housecall\Quarantine\A0256612.dll.bac_a04092 Infected: Trojan-Downloader.Win32.Delf.zu
C:\Documents and Settings\Eric\.housecall\Quarantine\A0256613.dll.bac_a04092 Infected: Trojan-Downloader.Win32.Delf.zu
C:\Documents and Settings\Eric\.housecall\Quarantine\A0256614.dll.bac_a04092 Infected: Trojan-Downloader.Win32.Delf.zu
C:\Documents and Settings\Eric\.housecall\Quarantine\A0256615.dll.bac_a04092 Infected: Trojan-Downloader.Win32.Delf.zu
C:\Documents and Settings\Eric\.housecall\Quarantine\A0256616.dll.bac_a04092 Infected: Trojan-Downloader.Win32.Delf.zu
C:\Documents and Settings\Eric\.housecall\Quarantine\A0256617.dll.bac_a04092 Infected: Trojan-Downloader.Win32.Delf.zu
C:\Documents and Settings\Eric\.housecall\Quarantine\A0256618.dll.bac_a04092 Infected: Trojan-Downloader.Win32.Delf.zu
C:\Documents and Settings\Eric\.housecall\Quarantine\A0256619.dll.bac_a04092 Infected: Trojan-Downloader.Win32.Delf.zu
C:\Documents and Settings\Eric\.housecall\Quarantine\A0256620.dll.bac_a04092 Infected: Trojan-Downloader.Win32.Delf.zu
C:\Documents and Settings\Eric\.housecall\Quarantine\A0256621.dll.bac_a04092 Infected: Trojan-Downloader.Win32.Delf.zu
C:\Documents and Settings\Eric\.housecall\Quarantine\A0256622.dll.bac_a04092 Infected: Trojan-Downloader.Win32.Delf.zu
C:\Documents and Settings\Eric\.housecall\Quarantine\A0256623.dll.bac_a04092 Infected: Trojan-Downloader.Win32.Delf.zu
C:\Documents and Settings\Eric\.housecall\Quarantine\A0256624.dll.bac_a04092 Infected: Trojan-Downloader.Win32.Delf.zu
C:\Documents and Settings\Eric\.housecall\Quarantine\A0256625.dll.bac_a04092 Infected: Trojan-Downloader.Win32.Delf.zu
C:\Documents and Settings\Eric\.housecall\Quarantine\A0256626.dll.bac_a04092 Infected: Trojan-Downloader.Win32.Delf.zu
C:\Documents and Settings\Eric\.housecall\Quarantine\A0256627.dll.bac_a04092 Infected: Trojan-Downloader.Win32.Delf.zu
C:\Documents and Settings\Eric\.housecall\Quarantine\A0256628.dll.bac_a04092 Infected: Trojan-Downloader.Win32.Delf.zu
C:\Documents and Settings\Eric\.housecall\Quarantine\A0256629.dll.bac_a04092 Infected: Trojan-Downloader.Win32.Delf.zu
C:\Documents and Settings\Eric\.housecall\Quarantine\A0256630.dll.bac_a04092 Infected: Trojan-Downloader.Win32.Delf.zu
C:\Documents and Settings\Eric\.housecall\Quarantine\A0256631.dll.bac_a04092 Infected: Trojan-Downloader.Win32.Delf.zu
C:\Documents and Settings\Eric\.housecall\Quarantine\A0256632.dll.bac_a04092 Infected: Trojan-Downloader.Win32.Delf.zu
C:\Documents and Settings\Eric\.housecall\Quarantine\A0256633.dll.bac_a04092 Infected: Trojan-Downloader.Win32.Delf.zu
C:\Documents and Settings\Eric\.housecall\Quarantine\A0256634.dll.bac_a04092 Infected: Trojan-Downloader.Win32.Delf.zu
C:\Documents and Settings\Eric\.housecall\Quarantine\A0256635.dll.bac_a04092 Infected: Trojan-Downloader.Win32.Delf.zu
C:\Documents and Settings\Eric\.housecall\Quarantine\A0256636.dll.bac_a04092 Infected: Trojan-Downloader.Win32.Delf.zu
C:\Documents and Settings\Eric\.housecall\Quarantine\A0256637.dll.bac_a04092 Infected: Trojan-Downloader.Win32.Delf.zu
C:\Documents and Settings\Eric\.housecall\Quarantine\A0256638.dll.bac_a04092 Infected: Trojan-Downloader.Win32.Delf.zu
C:\Documents and Settings\Eric\.housecall\Quarantine\A0256639.dll.bac_a04092 Infected: Trojan-Downloader.Win32.Delf.zu
C:\Documents and Settings\Eric\.housecall\Quarantine\A0256640.dll.bac_a04092 Infected: Trojan-Downloader.Win32.Delf.zu
C:\Documents and Settings\Eric\.housecall\Quarantine\A0256641.dll.bac_a04092 Infected: Trojan-Downloader.Win32.Delf.zu
C:\Documents and Settings\Eric\.housecall\Quarantine\A0256642.dll.bac_a04092 Infected: Trojan-Downloader.Win32.Delf.zu
C:\Documents and Settings\Eric\.housecall\Quarantine\A0256643.dll.bac_a04092 Infected: Trojan-Downloader.Win32.Delf.zu
C:\Documents and Settings\Eric\.housecall\Quarantine\A0256644.dll.bac_a04092 Infected: Trojan-Downloader.Win32.Delf.zu
C:\Documents and Settings\Eric\.housecall\Quarantine\A0256645.dll.bac_a04092 Infected: Trojan-Downloader.Win32.Delf.zu
C:\Documents and Settings\Eric\.housecall\Quarantine\A0256646.dll.bac_a04092 Infected: Trojan-Downloader.Win32.Delf.zu
C:\Documents and Settings\Eric\.housecall\Quarantine\A0256647.dll.bac_a04092 Infected: Trojan-Downloader.Win32.Delf.zu
C:\Documents and Settings\Eric\.housecall\Quarantine\A0256648.dll.bac_a04092 Infected: Trojan-Downloader.Win32.Delf.zu
C:\Documents and Settings\Eric\.housecall\Quarantine\A0256649.dll.bac_a04092 Infected: Trojan-Downloader.Win32.Delf.zu
C:\Documents and Settings\Eric\.housecall\Quarantine\A0256650.dll.bac_a04092 Infected: Trojan-Downloader.Win32.Delf.zu
C:\Documents and Settings\Eric\.housecall\Quarantine\A0256651.dll.bac_a04092 Infected: Trojan-Downloader.Win32.Delf.zu
C:\Documents and Settings\Eric\.housecall\Quarantine\A0256652.dll.bac_a04092 Infected: Trojan-Downloader.Win32.Delf.zu
C:\Documents and Settings\Eric\.housecall\Quarantine\A0256653.dll.bac_a04092 Infected: Trojan-Downloader.Win32.Delf.zu
C:\Documents and Settings\Eric\.housecall\Quarantine\A0256654.dll.bac_a04092 Infected: Trojan-Downloader.Win32.Delf.zu
C:\Documents and Settings\Eric\.housecall\Quarantine\A0256655.dll.bac_a04092 Infected: Trojan-Downloader.Win32.Delf.zu
C:\Documents and Settings\Eric\.housecall\Quarantine\A0256656.dll.bac_a04092 Infected: Trojan-Downloader.Win32.Delf.zu
C:\Documents and Settings\Eric\.housecall\Quarantine\A0256657.dll.bac_a04092 Infected: Trojan-Downloader.Win32.Delf.zu
C:\Documents and Settings\Eric\.housecall\Quarantine\A0256658.dll.bac_a04092 Infected: Trojan-Downloader.Win32.Delf.zu
C:\Documents and Settings\Eric\.housecall\Quarantine\A0256659.dll.bac_a04092 Infected: Trojan-Downloader.Win32.Delf.zu
C:\Documents and Settings\Eric\.housecall\Quarantine\A0256660.dll.bac_a04092 Infected: Trojan-Downloader.Win32.Delf.zu
C:\Documents and Settings\Eric\.housecall\Quarantine\A0256661.dll.bac_a04092 Infected: Trojan-Downloader.Win32.Delf.zu
C:\Documents and Settings\Eric\.housecall\Quarantine\A0256662.dll.bac_a04092 Infected: Trojan-Downloader.Win32.Delf.zu
C:\Documents and Settings\Eric\.housecall\Quarantine\A0256663.dll.bac_a04092 Infected: Trojan-Downloader.Win32.Delf.zu
C:\Documents and Settings\Eric\.housecall\Quarantine\A0256664.dll.bac_a04092 Infected: Trojan-Downloader.Win32.Delf.zu
C:\Documents and Settings\Eric\.housecall\Quarantine\A0256665.dll.bac_a04092 Infected: Trojan-Downloader.Win32.Delf.zu
C:\Documents and Settings\Eric\.housecall\Quarantine\A0256666.dll.bac_a04092 Infected: Trojan-Downloader.Win32.Delf.zu
C:\Documents and Settings\Eric\.housecall\Quarantine\A0256667.dll.bac_a04092 Infected: Trojan-Downloader.Win32.Delf.zu
C:\Documents and Settings\Eric\.housecall\Quarantine\A0256668.dll.bac_a04092 Infected: Trojan-Downloader.Win32.Delf.zu
C:\Documents and Settings\Eric\.housecall\Quarantine\A0256669.dll.bac_a04092 Infected: Trojan-Downloader.Win32.Delf.zu
C:\Documents and Settings\Eric\.housecall\Quarantine\A0256670.dll.bac_a04092 Infected: Trojan-Downloader.Win32.Delf.zu
C:\Documents and Settings\Eric\.housecall\Quarantine\A0256671.dll.bac_a04092 Infected: Trojan-Downloader.Win32.Delf.zu
C:\Documents and Settings\Eric\.housecall\Quarantine\A0256672.dll.bac_a04092 Infected: Trojan-Downloader.Win32.Delf.zu
C:\Documents and Settings\Eric\.housecall\Quarantine\A0256673.dll.bac_a04092 Infected: Trojan-Downloader.Win32.Delf.zu
C:\Documents and Settings\Eric\.housecall\Quarantine\A0256674.dll.bac_a04092 Infected: Trojan-Downloader.Win32.Delf.zu
C:\Documents and Settings\Eric\.housecall\Quarantine\A0256675.dll.bac_a04092 Infected: Trojan-Downloader.Win32.Delf.zu
C:\Documents and Settings\Eric\.housecall\Quarantine\A0256676.dll.bac_a04092 Infected: Trojan-Downloader.Win32.Delf.zu
C:\Documents and Settings\Eric\.housecall\Quarantine\A0256677.dll.bac_a04092 Infected: Trojan-Downloader.Win32.Delf.zu
C:\Documents and Settings\Eric\.housecall\Quarantine\A0256678.dll.bac_a04092 Infected: Trojan-Downloader.Win32.Delf.zu
C:\Documents and Settings\Eric\.housecall\Quarantine\A0256679.dll.bac_a04092 Infected: Trojan-Downloader.Win32.Delf.zu
C:\Documents and Settings\Eric\.housecall\Quarantine\A0256680.dll.bac_a04092 Infected: Trojan-Downloader.Win32.Delf.zu
C:\Documents and Settings\Eric\.housecall\Quarantine\A0256681.dll.bac_a04092 Infected: Trojan-Downloader.Win32.Delf.zu
C:\Documents and Settings\Eric\.housecall\Quarantine\A0256682.dll.bac_a04092 Infected: Trojan-Downloader.Win32.Delf.zu
C:\Documents and Settings\Eric\.housecall\Quarantine\A0256683.dll.bac_a04092 Infected: Trojan-Downloader.Win32.Delf.zu
C:\Documents and Settings\Eric\.housecall\Quarantine\A0256684.dll.bac_a04092 Infected: Trojan-Downloader.Win32.Delf.zu
C:\Documents and Settings\Eric\.housecall\Quarantine\A0256685.dll.bac_a04092 Infected: Trojan-Downloader.Win32.Delf.zu
C:\Documents and Settings\Eric\.housecall\Quarantine\A0256686.dll.bac_a04092 Infected: Trojan-Downloader.Win32.Delf.zu
C:\Documents and Settings\Eric\.housecall\Quarantine\A0256687.dll.bac_a04092 Infected: Trojan-Downloader.Win32.Delf.zu
C:\Documents and Settings\Eric\.housecall\Quarantine\A0256688.dll.bac_a04092 Infected: Trojan-Downloader.Win32.Delf.zu
C:\Documents and Settings\Eric\.housecall\Quarantine\A0256689.dll.bac_a04092 Infected: Trojan-Downloader.Win32.Delf.zu
C:\Documents and Settings\Eric\.housecall\Quarantine\A0256690.dll.bac_a04092 Infected: Trojan-Downloader.Win32.Delf.zu
C:\Documents and Settings\Eric\.housecall\Quarantine\A0256691.dll.bac_a04092 Infected: Trojan-Downloader.Win32.Delf.zu
C:\Documents and Settings\Eric\.housecall\Quarantine\A0256692.dll.bac_a04092 Infected: Trojan-Downloader.Win32.Delf.zu
C:\Documents and Settings\Eric\.housecall\Quarantine\A0256693.dll.bac_a04092 Infected: Trojan-Downloader.Win32.Delf.zu
C:\Documents and Settings\Eric\.housecall\Quarantine\A0256694.dll.bac_a04092 Infected: Trojan-Downloader.Win32.Delf.zu
C:\Documents and Settings\Eric\.housecall\Quarantine\A0256695.dll.bac_a04092 Infected: Trojan-Downloader.Win32.Delf.zu
C:\Documents and Settings\Eric\.housecall\Quarantine\A0256696.dll.bac_a04092 Infected: Trojan-Downloader.Win32.Delf.zu
C:\Documents and Settings\Eric\.housecall\Quarantine\A0256697.dll.bac_a04092 Infected: Trojan-Downloader.Win32.Delf.zu
C:\Documents and Settings\Eric\.housecall\Quarantine\A0256698.dll.bac_a04092 Infected: Trojan-Downloader.Win32.Delf.zu
C:\Documents and Settings\Eric\.housecall\Quarantine\A0256699.dll.bac_a04092 Infected: Trojan-Downloader.Win32.Delf.zu
C:\Documents and Settings\Eric\.housecall\Quarantine\A0256700.dll.bac_a04092 Infected: Trojan-Downloader.Win32.Delf.zu
C:\Documents and Settings\Eric\.housecall\Quarantine\A0256701.dll.bac_a04092 Infected: Trojan-Downloader.Win32.Delf.zu
C:\Documents and Settings\Eric\.housecall\Quarantine\A0256702.dll.bac_a04092 Infected: Trojan-Downloader.Win32.Delf.zu
C:\Documents and Settings\Eric\.housecall\Quarantine\A0256703.dll.bac_a04092 Infected: Trojan-Downloader.Win32.Delf.zu
C:\Documents and Settings\Eric\.housecall\Quarantine\A0256704.dll.bac_a04092 Infected: Trojan-Downloader.Win32.Delf.zu
C:\Documents and Settings\Eric\.housecall\Quarantine\A0256705.dll.bac_a04092 Infected: Trojan-Downloader.Win32.Delf.zu
C:\Documents and Settings\Eric\.housecall\Quarantine\A0256706.dll.bac_a04092 Infected: Trojan-Downloader.Win32.Delf.zu
C:\Documents and Settings\Eric\.housecall\Quarantine\A0256707.dll.bac_a04092 Infected: Trojan-Downloader.Win32.Delf.zu
C:\Documents and Settings\Eric\.housecall\Quarantine\A0256708.dll.bac_a04092 Infected: Trojan-Downloader.Win32.Delf.zu
C:\Documents and Settings\Eric\.housecall\Quarantine\A0256709.dll.bac_a04092 Infected: Trojan-Downloader.Win32.Delf.zu
C:\Documents and Settings\Eric\.housecall\Quarantine\A0256710.dll.bac_a04092 Infected: Trojan-Downloader.Win32.Delf.zu
C:\Documents and Settings\Eric\.housecall\Quarantine\A0256711.dll.bac_a04092 Infected: Trojan-Downloader.Win32.Delf.zu
C:\Documents and Settings\Eric\.housecall\Quarantine\A0256712.dll.bac_a04092 Infected: Trojan-Downloader.Win32.Delf.zu
C:\Documents and Settings\Eric\.housecall\Quarantine\A0256713.dll.bac_a04092 Infected: Trojan-Downloader.Win32.Delf.zu
C:\Documents and Settings\Eric\.housecall\Quarantine\A0256714.dll.bac_a04092 Infected: Trojan-Downloader.Win32.Delf.zu
C:\Documents and Settings\Eric\.housecall\Quarantine\A0256715.dll.bac_a04092 Infected: Trojan-Downloader.Win32.Delf.zu
C:\Documents and Settings\Eric\.housecall\Quarantine\A0256716.dll.bac_a04092 Infected: Trojan-Downloader.Win32.Delf.zu
C:\Documents and Settings\Eric\.housecall\Quarantine\A0256717.dll.bac_a04092 Infected: Trojan-Downloader.Win32.Delf.zu
C:\Documents and Settings\Eric\.housecall\Quarantine\A0256718.dll.bac_a04092 Infected: Trojan-Downloader.Win32.Delf.zu
C:\Documents and Settings\Eric\.housecall\Quarantine\init[1].js.bac_a04092 Infected: Trojan-Downloader.JS.IstBar.af
C:\Program Files\GetRight\getrt45d.exe/WISE0087.BIN Infected: not-a-virus:AdWare.Win32.Gator.1050
C:\Program Files\GetRight\getrt45d.exe Infected: not-a-virus:AdWare.Win32.Gator.1050

Scan process completed.
Myriddan
Regular Member
 
Posts: 24
Joined: December 5th, 2005, 12:07 am

Unread postby Myriddan » December 12th, 2005, 1:13 pm

All the accounts on my computer have admin rights
Myriddan
Regular Member
 
Posts: 24
Joined: December 5th, 2005, 12:07 am

Unread postby AndyAtHull » December 12th, 2005, 8:42 pm

Thanks Myriddan for the logs,

After reviewing the uninstall list, I can see the problem to why your computer may be running slow. There are several installations that do not need to be there. Also I can see that you have a few games on your system. This is not bad as it does not cause infections. But it does cause for your system to slow down alot. That is the main reason to why you are experiencing this. All I can recommend is for you to decide yourself to what games and other applications you want to remove. Offcourse you don't have to. Like for example you have Final Fantasy 7 and 8. And Heroes of Might and Magic® 1 and 3. Multiple installations will cause slowdown.

I would however uninstall the following from Add/Remove, as they are not needed
(Be carefull to what you uninstall, as it may catch you out. Read the names carefully)

J2SE Runtime Environment 5.0 Update 3
J2SE Runtime Environment 5.0 Update 5
Java 2 Runtime Environment Standard Edition v1.3.1_04


I would recommend in removing this as it's a P2P and Shareware.

Kazaa Media Desktop 2.0
GetRight

Please note that as long as you're using any form of peer-to-peer networking and downloading files from non-documented sources, the cleanliness of which has not been verified, you can expect infestations of malware to occur. This has not always been the case, and once upon a time was fairly safe. This can no longer be said for peer-to-peer filesharing. You may continue to do so at your own risk but cannot rely upon someone always being able to clean up your system and bail you out of trouble. This practice is in all probability the source of your current malware infestation. For comprehensive information and comparisons of P2P programs, you may want to read this linked information:

http://www.benedelman.org/spyware/p2p/


----------

Reveal Hidden Files

  1. Click Start.
  2. Open My Computer.
  3. SelectTools menu
  4. Click Folder Options.
  5. Select the View Tab.
  6. Select Show hidden files and foldersin the Hidden files and folders section.
  7. Uncheck Hide protected operating system files (recommended) option.
  8. Uncheck the Hide file extensions for known file types option.
  9. Click Yes.
  10. Click OK.

----------

Looking at the KAV scan nothing major to report back at other than removing a few files.

1. Navigate to C:\Documents and Settings\Eric\.housecall\Quarantine. In Quarantine, delete every file other than the folder itself.

2. Delete all the files in RED:

Navigate to:

* C:\Documents and Settings\Alicia\Local Settings\Temporary Internet Files\Content.IE5\GTQVWLYR\deliver46860[1].html
* C:\Documents and Settings\Earl\Local Settings\Temporary Internet Files\Content.IE5\6JKCMWOG\11[2]
* C:\Documents and Settings\Earl\Local Settings\Temporary Internet Files\Content.IE5\T047H5ST\protect[1].html
* C:\Documents and Settings\Earl\Local Settings\Temporary Internet Files\Content.IE5\T047H5ST\protect[1].php/packed
* C:\Documents and Settings\Earl\Local Settings\Temporary Internet Files\Content.IE5\T047H5ST\protect[1].php

----------

Update Ewido:

1 You will need to update ewido to the latest definition files:

* On the left hand side of the main screen click update.
* Then click on Start Update.


2 The update will start and a progress bar will show the updates being installed.
(the status bar at the bottom will display "Update successful")

Do not run yet.

----------

If you already have Ad-Aware SE, please configure it as indicated below. If you have a previous version of Ad-Aware, please uninstall your current version and install the newest version SE 1.06.

1) Run Ad-Aware, and click Check for updates now.

2) Select Configurations (click the Gear wheel at the top) as follows:

  • General Button > Safety & Settings: Check (Green) all three.
  • Tweak Button > Cleaning Engine > UNcheck "Always try to unload modules before deletion".

Click Proceed.
3) To start the scan, Click > "Scan Now" at left

    Deselect "Search for negligible risk entries" as negligible risk entries (MRU's) are not considered to be a threat.
    Select "Search for low-risk threats"

    Do not perform an Adware scan yet

    ----------

    If you already have Spybot S&D, please configure it as indicated below. If you have a previous version of SpyBot, please uninstall your current version and install the newest version 1.4

    Setting up Spybot S&D

    1. In the Menu Bar at the top of the Spybot window you will see 'Mode. Make certain that 'default mode' has a check mark beside it.
    2. Close ALL windows except Spybot S&D
    3. Click the button to ‘Search for Updates’ then download and install the Updates.
    4. Next click the button ‘Check for Problems'
    5. When Spybot is complete, it will be showing ‘RED’ entries bold 'Black' entries and ‘GREEN’ entries in the window.
    6. Make certain there is a check mark beside all of the RED entries ONLY.
    7. Choose ‘Fix Selected Problems’ and allow Spybot to fix the RED entries.
    8. REBOOT to complete the scan and clear memory.


    Then open up Spybot and click on recovery. Select any items in there and click on Purge selected items then click ok when asked to.

    ----------

    Run Ccleaner

    1. Double click the CCleaner shortcut on the desktop to start the program.
    2. On the "Windows" tab, under "Internet Explorer", uncheck "Cookies" if you do not want them deleted. (If deleted, you will likely need to reenter your passwords at all sites where a cookie is used to recognize you when you visit).
    3. If you use either the Firefox or Mozilla browsers, the box to uncheck for "Cookies" is on the Applications tab, under Firefox/Mozilla.
    4. Click on "Options" at the top of the window, then click on the "advanced" button.
    5. Deselect "Only delete files in Windows Temp folders older than 48 hours". Click on "OK".
    6.Click Run Cleaner to run the program.

    Caution: It is not recommended that you use the "Issues" feature unless you are very familiar with the registry as it has been known to find legitimate items.

    After CCleaner has completed its process, click Exit.

    ----------

    Please disconnect from the Internet and unplug your modem for the duration of this fix

    Reboot your computer into Safe Mode by tapping F8 while booting up and continue for the rest of the fix in

    Safe Mode.

    ----------

    Only if you decided to uninstall Kazaa or Getright can you follow this. Start HJT and check the following:

    O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
    O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm


    With no other windows open other than HJT, click on Fix.

    ----------

    If you uninstalled Kazaa and GetRight. Delete the following folders in RED too:

    * C:\Program Files\GetRight
    * C:\Program Files\Kazaa Media Desktop 2.0

    ----------

    Staying in safe mode. With no other windows open. Please Run Ewido

    1. Click on scanner.
    2. Click on Complete System Scan, the scan will now begin.
    3. While the scan is in progress you will be promted to clean files, click OK.
    4. When it asks if you want to clean the first file, put a checkmark in the lower left corner of the box that says "Perform action on all infections", then choose clean and click OK.
    5. Once the scan has completed, there will be a button located at the bottom of the screen named Save Report.
    6. Click Save Report.
    7. Now save the report .txt file to your desktop.

    Please note that you should leave the computer alone when Ewido is scanning untill it is finished

    ----------
    Open up Lavasoft Adware in safe mode

  • Select Scan Now then "Perform full system scan"
  • Click Next
4) When the scan has completed, select Next.

  • In the Scanning Results window, select the "Critical Objects" tab.
  • Right-click on the screen and choose "Select all objects"
  • Click Next to remove the infections found, and click OK to the prompt.
  • Restart the computer

----------

In your next reply I would like:

A fesh HJT log
A new Ewido log.
Also let me know how your computer is running etc. :D
User avatar
AndyAtHull
Visiting Staff
 
Posts: 1636
Joined: October 6th, 2005, 2:03 pm
Location: UK

Unread postby Myriddan » December 12th, 2005, 9:06 pm

Could not locate this file: * C:\Documents and Settings\Earl\Local Settings\Temporary Internet Files\Content.IE5\T047H5ST\protect[1].php/packed

Also Kazaa I uninstalled before but it didn't completely uninstall and Getright won't uninstall because the log file is incorrect
Myriddan
Regular Member
 
Posts: 24
Joined: December 5th, 2005, 12:07 am

Unread postby Myriddan » December 12th, 2005, 9:19 pm

Was able to uninstall getright...also all the games I have installed are on my external hard drive, I don't think they are causing my system to be slower than normal...but I could check by turning it off
Myriddan
Regular Member
 
Posts: 24
Joined: December 5th, 2005, 12:07 am

Unread postby AndyAtHull » December 12th, 2005, 9:50 pm

/Edit.

You may want to print out these instructions or save them as a text file with Notepad to your desktop. You might not be able to access the Internet. Read this instructions carefully and feel free to ask if you're unsure about something

Download LSPfix in case you should lose your internet connection; however, this is unlikely to occur as you are not infected with New.Net, WebHancer and/or CommonName. It is usually the removal of those infections in conjunction with using Kazaa Begone that may cause an internet connection to be lost.

http://www.malwareremoval.com/downloads.html Option 12.

Download it to your desktop and extract it to a new folder called lspfix. Only use when your internect connection is lost.

----------

For removing all traces of Kazaa, go to the link below, scroll almost to the bottom of the page, and click on the link to download Kazaa Begone, a tool developed by Merijn Bellekom, the creator of HijackThis and CWShredder.

http://www.spywareinfo.com/~merijn/downloads.html

Download it to your desktop and extract it to a new folder called kazzabegone. Then make sure your internet connection is of and your modem is unplugged and run the exe in the kazaabegone folder. Select the bottom option, Search and Destroy all components and click GO

Then please continue with the scans and post me a fesh HJT log and Ewido log :D
User avatar
AndyAtHull
Visiting Staff
 
Posts: 1636
Joined: October 6th, 2005, 2:03 pm
Location: UK

Unread postby Myriddan » December 13th, 2005, 7:02 pm

Logfile of HijackThis v1.99.1
Scan saved at 3:00:04 PM, on 12/13/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\ewido\security suite\ewidoctrl.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
C:\Program Files\Browser Mouse\Browser Mouse\1.0\lwbwheel.exe
C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
F:\Programs\DAEMON Tools\daemon.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\AOLCOM~1\ACCAgnt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\AOL\1133491950\ee\AOLHostManager.exe
C:\Program Files\Common Files\AOL\1133491950\ee\AOLServiceHost.exe
c:\program files\common files\aol\1133491950\ee\services\antiSpywareApp\ver2_0_7\AOLSP Scheduler.exe
C:\Program Files\Common Files\AOL\1133491950\ee\AOLServiceHost.exe
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://dellnet.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://dellnet.msn.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
F1 - win.ini: run= C:\WESTWOOD\REDALERT\INSTICON.EXE
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [AHQInit] C:\Program Files\Creative\SBLive\Program\AHQInit.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [Dell|Alert] C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\Browser Mouse\Browser Mouse\1.0\lwbwheel.exe
O4 - HKLM\..\Run: [D-Link AirPlus XtremeG] C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "F:\Programs\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1133491950\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [DAEMON Tools] "F:\Programs\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [AOLCC] "C:\PROGRA~1\AOLCOM~1\ACCAgnt.exe" /startup
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: Yahoo! Poker - http://download.games.yahoo.com/games/c ... /pt3_x.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/kws/ ... nicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540012} - http://www.funnytaf.com/fun/installer/Install.cab
O16 - DPF: {37DF41B2-61DB-4CAC-A755-CFB3C7EE7F40} (AOL Content Update) - http://esupport.aol.com/help/acp2/engin ... core_1.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/ ... 0_0_44.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - https://objects.aol.com/mcafee/molbin/s ... insctl.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Fac ... loader.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 3998590875
O16 - DPF: {75565ED2-1560-4F15-B841-20358DE6A0D1} (ImageControl Class) - http://content.ancestry.com/asfiles/fil ... ImgVwr.cab
O16 - DPF: {861DB4B6-3838-11D2-8E50-002018200E57} - http://images.myfamily.net/isfiles/downloads/MrSIDI.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan ... asinst.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - https://objects.aol.com/mcafee/molbin/s ... cGDMgr.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://zone.msn.com/bingame/shpo/default/shapo.cab
O16 - DPF: {D8F595EF-81B1-47A5-8CC4-F7DA44B5FF64} (ImagePreview Class) - http://images.ancestry.com/asfiles/file ... ImgVwr.cab
O16 - DPF: {DAF5D9A2-D982-4671-83E4-0398706A5F6A} (SCEWebLauncherCtl Object) - http://zone.msn.com/bingame/hsol/defaul ... uncher.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/dim2/defaul ... der_v6.cab
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - c:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Unknown owner - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (file missing)
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe


---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 1:43:32 PM, 12/13/2005
+ Report-Checksum: EC29CAB5

+ Scan result:

HKLM\SOFTWARE\Altnet -> Spyware.Altnet : Error during cleaning
HKLM\SOFTWARE\Altnet\Dashboard -> Spyware.Altnet : Error during cleaning
HKLM\SOFTWARE\Altnet\Dashboard\Settings -> Spyware.Altnet : Error during cleaning
:mozilla.6:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\xuq1hnwl.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.7:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\xuq1hnwl.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.8:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\xuq1hnwl.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.9:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\xuq1hnwl.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.10:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\xuq1hnwl.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.20:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\xuq1hnwl.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.21:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\xuq1hnwl.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.29:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\xuq1hnwl.default\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.30:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\xuq1hnwl.default\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.31:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\xuq1hnwl.default\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.33:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\xuq1hnwl.default\cookies.txt -> Spyware.Cookie.Addynamix : Cleaned with backup
:mozilla.47:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\xuq1hnwl.default\cookies.txt -> Spyware.Cookie.Centrport : Cleaned with backup
:mozilla.48:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\xuq1hnwl.default\cookies.txt -> Spyware.Cookie.Centrport : Cleaned with backup
:mozilla.51:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\xuq1hnwl.default\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.52:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\xuq1hnwl.default\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.62:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\xuq1hnwl.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.63:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\xuq1hnwl.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.64:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\xuq1hnwl.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.125:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\xuq1hnwl.default\cookies.txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
:mozilla.143:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\xuq1hnwl.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.144:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\xuq1hnwl.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.145:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\xuq1hnwl.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.146:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\xuq1hnwl.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.163:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\xuq1hnwl.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.187:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\xuq1hnwl.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.188:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\xuq1hnwl.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.189:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\xuq1hnwl.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.190:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\xuq1hnwl.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.191:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\xuq1hnwl.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.192:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\xuq1hnwl.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.193:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\xuq1hnwl.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.222:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\xuq1hnwl.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.223:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\xuq1hnwl.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.224:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\xuq1hnwl.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.229:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\xuq1hnwl.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.230:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\xuq1hnwl.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.231:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\xuq1hnwl.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.232:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\xuq1hnwl.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.233:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\xuq1hnwl.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.234:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\xuq1hnwl.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.235:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\xuq1hnwl.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.242:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\xuq1hnwl.default\cookies.txt -> Spyware.Cookie.Bridgetrack : Cleaned with backup
:mozilla.252:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\xuq1hnwl.default\cookies.txt -> Spyware.Cookie.Masterstats : Cleaned with backup
C:\Documents and Settings\Eric\Cookies\eric@2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Eric\Cookies\eric@ad.yieldmanager[1].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Eric\Cookies\eric@adopt.specificclick[2].txt -> Spyware.Cookie.Specificclick : Cleaned with backup
C:\Documents and Settings\Eric\Cookies\eric@ads.addynamix[1].txt -> Spyware.Cookie.Addynamix : Cleaned with backup
C:\Documents and Settings\Eric\Cookies\eric@ads.pointroll[1].txt -> Spyware.Cookie.Pointroll : Cleaned with backup
C:\Documents and Settings\Eric\Cookies\eric@centrport[1].txt -> Spyware.Cookie.Centrport : Cleaned with backup
C:\Documents and Settings\Eric\Cookies\eric@questionmarket[1].txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
C:\Documents and Settings\Eric\Cookies\eric@serving-sys[1].txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
C:\Documents and Settings\Eric\Cookies\eric@tradedoubler[1].txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
C:\Documents and Settings\Eric\Cookies\eric@trafficmp[2].txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\Documents and Settings\Eric\Cookies\eric@www.burstbeacon[1].txt -> Spyware.Cookie.Burstbeacon : Cleaned with backup
C:\Documents and Settings\Eric\Cookies\eric@z1.adserver[1].txt -> Spyware.Cookie.Adserver : Cleaned with backup


::Report End

Computer seems to be running a bit faster
Myriddan
Regular Member
 
Posts: 24
Joined: December 5th, 2005, 12:07 am

Unread postby AndyAtHull » December 13th, 2005, 8:58 pm

Hi Myriddan

Let's try and remove Alnet. Download Registrar Lite. It is a free, relatively simple, and easy to use registry editor in order to improve your chances of correctly finding and deleting Altnet.

http://www.majorgeeks.com/download469.html

Download it to your desktop and once downloaded, Install.

Once installed. Run it via the shortcut it creates on the desktop. In the toolbar select Search>Search Registry. In the Text part type in Altnet. And in Search In. drop it down and select Registry. Press enter. From here you can delete Altnet by right clicking and selecting Delete selected reg keys and values. If you can't delete it from there highlight the key and click on the red check mark at the bottom of the window and from there you can change the permissions. Then try and delete.

Once deleted you can uninstall Registrar Lite from Add/Remove.

Report back to me on how this went. :D

A fresh HJT log is not required.
User avatar
AndyAtHull
Visiting Staff
 
Posts: 1636
Joined: October 6th, 2005, 2:03 pm
Location: UK

Unread postby Myriddan » December 13th, 2005, 9:14 pm

No problems removing it
Myriddan
Regular Member
 
Posts: 24
Joined: December 5th, 2005, 12:07 am

Unread postby AndyAtHull » December 13th, 2005, 10:00 pm

This is my post for when you are all clean - which you now are - or seem to be. Please adivise on any problems you may still have.:-

Also I would keep Ewido, update and run it often as it's a great tool. After the 15 day trial you can still update and use the scanner


Hide System Files
1. Click Start.
2. Open My Computer.
3. SelectTools menu
4. Click Folder Options.
5. Select the View Tab.
6. Uncheck Show hidden files and foldersin the Hidden files and folders section.
7. Select Hide protected operating system files (recommended) option.
8. Check the Hide file extensions for known file types option.
9. Click Yes.
10. Click OK.

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:
  1. Turn off System Restore.
    On the Desktop, right-click My Computer.
    Click Properties.
    Click the System Restore tab.
    Check Turn off System Restore.
    Click Apply, and then click OK.

    Restart your computer


    Turn ON System Restore.
    On the Desktop, right-click My Computer.
    Click Properties.
    Click the System Restore tab.
    Un-Check Turn off System Restore.
    Click Apply, and then click OK.

  2. Make your Internet Explorer more secure - This can be done by following these simple instructions:
    1. From within Internet Explorer click on the Tools menu and then click on Options.
    2. Click once on the Security tab
    3. Click once on the Internet icon so it becomes highlighted.
    4. Click once on the Custom Level button.
      1. Change the Download signed ActiveX controls to Prompt
      2. Change the Download unsigned ActiveX controls to Disable
      3. Change the Initialise and script ActiveX controls not marked as safe to Disable
      4. Change the Installation of desktop items to Prompt
      5. Change the Launching programs and files in an IFRAME to Prompt
      6. Change the Navigate sub-frames across different domains to Prompt
      7. When all these settings have been made, click on the OK button.
      8. If it prompts you as to whether or not you want to save the settings, press the Yes button.
    5. Next press the Apply button and then the OK to exit the Internet Properties page.
  3. Use an Anti Virus Software - It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future. See this link for a listing of some on line & their stand-alone anti virus programs:
    Click here for more information on -> Computer Safety On line - Anti-Virus

    I would recommend AVG or AVAST. As these are the more secure and better ones.
  4. Update your Anti Virus Software - It is imperitive that you update your Anti virus software at least once a week (Even more if you wish). If you do not update your anti virus software then it will not be able to catch any of the new variants that may come out.
  5. Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is susceptible to being hacked and taken over. Simply using a Firewall in its default configuration can lower your risk greatly. For an article on Firewalls and a listing of some available ones see the link below:
    Click here for more information on -> Computer Safety On line - Software Firewalls

    I would recommend ZONEALARM as a firewall as it's easy to use. But for a more secure firewall, Kerio is the one.
  6. Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

    Set up system to ensure a regular update of the Operating System.

    Automatically:

    1. On the Desktop, right-click My Computer.
    2. Click Properties.
    3. Click on Automatic Updates
    4. Check the option of choice (I use Automatic (Recommended)). If you use dial-up I would recommend using the
      Notify Me option so that you can download when you can afford the time and bandwidth overheads.
    5. Select the Day/Time of choice
    6. Click Apply
    7. Click OK


    Next, if they're not already present, I would recommend the download and installation of some or all of the following programs (all free), and the updating of them regularly
  7. Install Spybot - Search and Destroy - Install and download Spybot - Search and Destroy with its TeaTimer option.
    This will provide real-time spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with program on a regular basis just as you would an anti virus software. A tutorial on installing & using this product can be found here: Click here -->Instructions for - Spybot S & D and Ad-aware
  8. Install Ad-Aware - Install and download Ad-Aware. You should also scan your computer with the program on a regular basis just as you would an anti virus software in conjunction with Spybot. A tutorial on installing & using this product can be found here: Click here -->Instructions for - Spybot S & D and Ad-aware
  9. Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer and Firefox settings and that will protect you from running and downloading known malicious programs. A article on anti-malware products with links for this program and others can be found here: Click here -->Computer Safety on line - Anti-Malware
  10. Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Follow this list and your potential for being infected again will reduce dramatically.
User avatar
AndyAtHull
Visiting Staff
 
Posts: 1636
Joined: October 6th, 2005, 2:03 pm
Location: UK

Unread postby Myriddan » December 15th, 2005, 2:45 pm

Thanks for all your help Andy, hopefully my system will stay clean for a while
Myriddan
Regular Member
 
Posts: 24
Joined: December 5th, 2005, 12:07 am

Unread postby AndyAtHull » December 15th, 2005, 2:52 pm

If you followed the all clean message you will reduce getting infected

Glad we could be of assistance :D
User avatar
AndyAtHull
Visiting Staff
 
Posts: 1636
Joined: October 6th, 2005, 2:03 pm
Location: UK
Advertisement
Register to Remove

PreviousNext

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 386 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware