Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Board index Malware Removal ForumsInfected? Virus, malware, adware, ransomware, oh my!

Hijackthis Log

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.
Topic locked

Hijackthis Log

Unread postby mdemes » May 8th, 2005, 11:05 am

Hi

I've been having some trouble with spyware on my computer for the past few weeks. The programs that appear to be giving me problems are desktopsearch.exe and ffisearch.exe. I have run several scanning tools (Spybot Search & Destroy, Microsoft AntiSpyWare Beta and Ad-Aware) and still can't erase the files from my PC. I also cannot launch system restore and when I try to restart the PC in diagnostic mode I cannot clear the startup environment in order to prevent the programs from running on startup. After finding this website, I downloaded Trojanhunter as per the instructions and cannot remove the spyware with this program either. In fact, every time I run it, the taskbar disappears after the scan runs and no programs are removed.

I ran Hijack this in normal mode and in diagnostic mode. I'll post the log from normal mode here. Any help would be appreciated.

Thanks!

Mike

Here's my log file

Logfile of HijackThis v1.99.1
Scan saved at 10:57:30 AM, on 5/8/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\aol\ACS\AOLacsd.exe
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\McAfee\McAfee AntiSpyware\Msssrv.exe
C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\System32\svchost.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\McAfee\McAfee AntiSpyware\MssCli.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\n20050308.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [Desktop Search] C:\WINDOWS\isrvs\desktop.exe
O4 - HKLM\..\Run: [ffis] C:\WINDOWS\isrvs\ffisearch.exe
O4 - HKLM\..\Run: [_AntiSpyware] C:\Program Files\McAfee\McAfee AntiSpyware\MssCli.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKCU\..\RunOnce: [Web Offer] C:\WINDOWS\system32\ezStub.exe
O4 - Global Startup: APC UPS Status.lnk = ?
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra button: Support - {0EAC9390-BE6B-45C1-A995-B8F7491419B8} - http://www.comcastsupport.com (file missing) (HKCU)
O9 - Extra button: Help - {6710862E-8F4A-4CC2-AEF1-4CA99D9666ED} - http://www.comcast.net/memberservices/ (file missing) (HKCU)
O9 - Extra button: ComcastHSI - {729015F8-C638-436B-A7E9-F3C45E0F256D} - http://www.comcast.net (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.comcast.net
O15 - Trusted Zone: *.musicmatch.com
O15 - Trusted Zone: *.musicmatch.com (HKLM)
O18 - Filter: text/html - {950238FB-C706-4791-8674-4D429F85897E} - C:\WINDOWS\isrvs\mfiltis.dll
O20 - Winlogon Notify: policies - C:\WINDOWS\system32\t8r80i9ue8.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\aol\ACS\AOLacsd.exe
O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee AntiSpyware Real-Time Scanner (McAfeeAntiSpyware) - Network Associates, Inc. - C:\Program Files\McAfee\McAfee AntiSpyware\Msssrv.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - McAfee, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe
User avatar
mdemes
Active Member
 
Posts: 7
Joined: May 2nd, 2005, 12:50 pm
Location: West Mifflin, Pennsylvania
Top
Advertisement
Register to Remove

Unread postby LDTate » May 9th, 2005, 10:44 am

Hello mdemes, welcome to the forum.

Lets try this. Click the link:
http://www.microsoft.com/downloads/deta ... laylang=en

Be SURE to get the latest updates for the program (just open the program and Click on the *Spyware Definitions* to update the program before scanning)

After the above:

Empty Recycle Bin

Reboot and "copy/paste" a new log file into this thread.
Also please describe how your computer behaves at the moment.
User avatar
LDTate
WTT Teacher
WTT Teacher
 
Posts: 3920
Joined: February 18th, 2005, 8:38 pm
Location: Missouri, USA
Top

new HiJackthis log

Unread postby mdemes » May 9th, 2005, 9:08 pm

Hi LDTate

I downloaded the upgrade of Microsoft Antispyware and ran the scanner, then rebooted successfully (this is the first time my PC has rebooted following a scan since the problem began about 3 weeks ago). After the PC had compeletely restarted and all the programs came up, I noticed that the desktop search is still in the lower right hand corner of my screen, which is what's been happening since I got the problem. Also, internet explorer is still opening up every few minutes and taking me to pages I haven't requested (usually something containing the phrase "loadingwebsite" at the top of my screen.

One thing that hasn't been happening: I'm not getting notices from my MacAfee Antivirus about Trojans being found. Usually I get about six of those every time I turn on my machine.

Here is my HiJackthis logfile that I ran after I rebooted:

Logfile of HijackThis v1.99.1
Scan saved at 8:57:43 PM, on 5/9/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\aol\ACS\AOLacsd.exe
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\McAfee\McAfee AntiSpyware\Msssrv.exe
C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\System32\svchost.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\WINDOWS\isrvs\desktop.exe
C:\Program Files\McAfee\McAfee AntiSpyware\MssCli.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [Desktop Search] C:\WINDOWS\isrvs\desktop.exe
O4 - HKLM\..\Run: [ffis] C:\WINDOWS\isrvs\ffisearch.exe
O4 - HKLM\..\Run: [_AntiSpyware] C:\Program Files\McAfee\McAfee AntiSpyware\MssCli.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [tsvcin] C:\WINDOWS\system32\n20050308.EXE
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - Global Startup: APC UPS Status.lnk = ?
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra button: Support - {0EAC9390-BE6B-45C1-A995-B8F7491419B8} - http://www.comcastsupport.com (file missing) (HKCU)
O9 - Extra button: Help - {6710862E-8F4A-4CC2-AEF1-4CA99D9666ED} - http://www.comcast.net/memberservices/ (file missing) (HKCU)
O9 - Extra button: ComcastHSI - {729015F8-C638-436B-A7E9-F3C45E0F256D} - http://www.comcast.net (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.comcast.net
O15 - Trusted Zone: *.musicmatch.com
O15 - Trusted Zone: *.musicmatch.com (HKLM)
O18 - Filter: text/html - {950238FB-C706-4791-8674-4D429F85897E} - C:\WINDOWS\isrvs\mfiltis.dll
O20 - Winlogon Notify: Syncmgr - C:\WINDOWS\system32\gprul3991.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\aol\ACS\AOLacsd.exe
O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee AntiSpyware Real-Time Scanner (McAfeeAntiSpyware) - Network Associates, Inc. - C:\Program Files\McAfee\McAfee AntiSpyware\Msssrv.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - McAfee, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe

Thanks again for all your help!

Mike
User avatar
mdemes
Active Member
 
Posts: 7
Joined: May 2nd, 2005, 12:50 pm
Location: West Mifflin, Pennsylvania
Top

Unread postby LDTate » May 10th, 2005, 2:25 pm

Click the link below and download the trial version of Solo. Make sure you update and scan after downloading.
http://www.srnmicro.com/downloads/


Empty Recycle Bin

Reboot and "copy/paste" a new log file into this thread.
Also please describe how your computer behaves at the moment.
User avatar
LDTate
WTT Teacher
WTT Teacher
 
Posts: 3920
Joined: February 18th, 2005, 8:38 pm
Location: Missouri, USA
Top

Unread postby mdemes » May 11th, 2005, 12:56 am

I downloaded the solo trial version, checked for updates, and performed the scan in normal mode, then rebooted as per the instructions. Some items couldn't be removed, so I rebooted in safe mode as per the instructions and ran the scan again. After rebooting the second time in safe mode, the desktop search bar came up again in the bottom right hand corner of the screen but was quickly shut down by the solo program. Solo then prompted me with messages that Trojan.adware.onclick and c:\windows\isrvs\desktop.exe could not be removed or renamed. When I opened up Internet Explorer, there were a few more notifications from Solo that Trojans had been detected and removed. Other than that my computer is operating fine

Here's my new logfile, thanks again for all your help!

Logfile of HijackThis v1.99.1
Scan saved at 12:47:56 AM, on 5/11/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
C:\PROGRA~1\SRNMIC~1\SOLOSENT.EXE
C:\PROGRA~1\SRNMIC~1\SOLOCFG.EXE
C:\Program Files\McAfee\McAfee AntiSpyware\MssCli.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\COMMON~1\aol\ACS\AOLacsd.exe
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\McAfee\McAfee AntiSpyware\Msssrv.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Dell\EUSW\DSLog.exe
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O2 - BHO: IE Update Class - {5B4AB8E2-6DC5-477A-B637-BF3C1A2E5993} - C:\WINDOWS\isrvs\sysupd.dll
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [Desktop Search] C:\WINDOWS\isrvs\desktop.exe
O4 - HKLM\..\Run: [ffis] C:\WINDOWS\isrvs\ffisearch.exe
O4 - HKLM\..\Run: [SoloSentry] C:\PROGRA~1\SRNMIC~1\SOLOSENT.EXE
O4 - HKLM\..\Run: [SoloSchedule] C:\PROGRA~1\SRNMIC~1\SOLOCFG.EXE
O4 - HKLM\..\Run: [_AntiSpyware] C:\Program Files\McAfee\McAfee AntiSpyware\MssCli.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - Global Startup: APC UPS Status.lnk = ?
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra button: Support - {0EAC9390-BE6B-45C1-A995-B8F7491419B8} - http://www.comcastsupport.com (file missing) (HKCU)
O9 - Extra button: Help - {6710862E-8F4A-4CC2-AEF1-4CA99D9666ED} - http://www.comcast.net/memberservices/ (file missing) (HKCU)
O9 - Extra button: ComcastHSI - {729015F8-C638-436B-A7E9-F3C45E0F256D} - http://www.comcast.net (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.comcast.net
O15 - Trusted Zone: *.musicmatch.com
O15 - Trusted Zone: *.musicmatch.com (HKLM)
O18 - Filter: text/html - {950238FB-C706-4791-8674-4D429F85897E} - C:\WINDOWS\isrvs\mfiltis.dll
O20 - Winlogon Notify: Unimodem - C:\WINDOWS\system32\ejentlog.dll (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\aol\ACS\AOLacsd.exe
O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee AntiSpyware Real-Time Scanner (McAfeeAntiSpyware) - Network Associates, Inc. - C:\Program Files\McAfee\McAfee AntiSpyware\Msssrv.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - McAfee, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe (file missing)
User avatar
mdemes
Active Member
 
Posts: 7
Joined: May 2nd, 2005, 12:50 pm
Location: West Mifflin, Pennsylvania
Top

Unread postby LDTate » May 11th, 2005, 10:53 am

Please download the trial version of Ewido Security Suite here:
http://www.ewido.net/en/download/
Install it, and update the definitions to the newest files. Do NOT run a scan yet.

Please run Notepad and copy the following text into a new file:
@ECHO OFF
cd %windir%
Nail.exe /FULLREMOVE
sc config SvcProc start= disabled
sc stop SvcProc
sc delete SvcProc
attrib -s -r -h nail.exe
attrib -s -r -h svcproc.exe
del nail.exe
del svcproc.exe
cd %windir%\system32
attrib -s -r -h DrPMon.dll
del DrPMon.dll
exit

Save the file to the desktop as remove.bat and make sure the "Save as type" field says "All files".

Next, please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.

For additional help in booting into Safe Mode, see the following site:
http://www.pchell.com/support/safemode.shtml


Once in Safe Mode, please double-click on remove.bat. A window should open and close very quickly --- this is normal.

Then please run Ewido, and run a full scan. Post the log from the scan here for me.

Then please run HijackThis, click Scan, and check:

F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O4 - HKLM\..\Run: [Desktop Search] C:\WINDOWS\isrvs\desktop.exe
O4 - HKLM\..\Run: [ffis] C:\WINDOWS\isrvs\ffisearch.exe

Close all open windows except for HijackThis and click Fix Checked.

Restart your computer in normal mode and please post a new HijackThis log, as well as the log from the Ewido scan.
User avatar
LDTate
WTT Teacher
WTT Teacher
 
Posts: 3920
Joined: February 18th, 2005, 8:38 pm
Location: Missouri, USA
Top

Unread postby mdemes » May 11th, 2005, 10:37 pm

Hello again

My computer seems to be running a lot better now, but I ran into a few problems. Here's what happened

I downloaded the ewido program, updated it, and restarted in safe mode. I ran the ewido scanner and it got thru 96.8% of the scan, then "encountered a problem and had to close". I ran the scan again with the same results. I followed your instructions regarding Hijack this and restarted in normal mode. Once I restarted, I got a notification from Malicious software removal program that malicious software has been removed, click here to finish. So I did that. I haven't got any pop-ups yet, but when I opened up Internet explorer I was prompted by Solo that some Trojans were encountered.

I was unable to generate a log file for ewido as I did not see that option anywhere on the menu. Here is my new HijackThis log:

Logfile of HijackThis v1.99.1
Scan saved at 10:26:24 PM, on 5/11/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.exe
C:\PROGRA~1\COMMON~1\aol\ACS\AOLacsd.exe
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\PROGRA~1\SRNMIC~1\SOLOSENT.EXE
C:\PROGRA~1\SRNMIC~1\SOLOCFG.EXE
C:\Program Files\McAfee\McAfee AntiSpyware\MssCli.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\McAfee\McAfee AntiSpyware\Msssrv.exe
C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\System32\svchost.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O2 - BHO: IE Update Class - {5B4AB8E2-6DC5-477A-B637-BF3C1A2E5993} - C:\WINDOWS\isrvs\sysupd.dll (file missing)
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [SoloSentry] C:\PROGRA~1\SRNMIC~1\SOLOSENT.EXE
O4 - HKLM\..\Run: [SoloSchedule] C:\PROGRA~1\SRNMIC~1\SOLOCFG.EXE
O4 - HKLM\..\Run: [_AntiSpyware] C:\Program Files\McAfee\McAfee AntiSpyware\MssCli.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [ixhrjx] c:\windows\system32\rczeuz.exe
O4 - Global Startup: APC UPS Status.lnk = ?
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra button: Support - {0EAC9390-BE6B-45C1-A995-B8F7491419B8} - http://www.comcastsupport.com (file missing) (HKCU)
O9 - Extra button: Help - {6710862E-8F4A-4CC2-AEF1-4CA99D9666ED} - http://www.comcast.net/memberservices/ (file missing) (HKCU)
O9 - Extra button: ComcastHSI - {729015F8-C638-436B-A7E9-F3C45E0F256D} - http://www.comcast.net (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.comcast.net
O15 - Trusted Zone: *.musicmatch.com
O15 - Trusted Zone: *.musicmatch.com (HKLM)
O18 - Filter: text/html - {950238FB-C706-4791-8674-4D429F85897E} - C:\WINDOWS\isrvs\mfiltis.dll
O20 - Winlogon Notify: Unimodem - C:\WINDOWS\system32\ejentlog.dll (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\aol\ACS\AOLacsd.exe
O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee AntiSpyware Real-Time Scanner (McAfeeAntiSpyware) - Network Associates, Inc. - C:\Program Files\McAfee\McAfee AntiSpyware\Msssrv.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - McAfee, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

Thanks again for your help! My PC is running better every day and I wouldn't be able to do it on my own!
User avatar
mdemes
Active Member
 
Posts: 7
Joined: May 2nd, 2005, 12:50 pm
Location: West Mifflin, Pennsylvania
Top

Unread postby LDTate » May 11th, 2005, 10:55 pm

Download Pocket Killbox version 2.0.0.175
http://www.atribune.org/downloads/KillBox.exe
If you already have Killbox first ensure it is this version !.

Start Killbox, Use standard file kill.(default settings).
Copy this whole list into the windows clipboard, all the Bolded below.


C:\WINDOWS\Nail.exe
c:\windows\system32\rczeuz.exe
C:\WINDOWS\isrvs\mfiltis.dll

Back in Killbox go > file > paste from clipboard, now click the red X
that looks like a stop sign, wait until a success message appears.
Repeat those same step's until each file has been deleted.


Note: if a file cannot be deleted [x] check delete on reboot, then go back to standard file kill for the next file in the list.

When finished exit Killbox



Run hijackthis. Hit None of the above, Click Do a System Scan Only. Put a Check in the box on the left side on these:

F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe

O2 - BHO: IE Update Class - {5B4AB8E2-6DC5-477A-B637-BF3C1A2E5993} - C:\WINDOWS\isrvs\sysupd.dll (file missing)

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll

O15 - Trusted Zone: *.musicmatch.com

O15 - Trusted Zone: *.musicmatch.com (HKLM)

O18 - Filter: text/html - {950238FB-C706-4791-8674-4D429F85897E} - C:\WINDOWS\isrvs\mfiltis.dll

O20 - Winlogon Notify: Unimodem - C:\WINDOWS\system32\ejentlog.dll (file missing)

Close ALL windows and browsers except HijackThis and click "Fix checked"


Empty Recycle Bin

Reboot and "copy/paste" a new log file into this thread.
Also please describe how your computer behaves at the moment.
User avatar
LDTate
WTT Teacher
WTT Teacher
 
Posts: 3920
Joined: February 18th, 2005, 8:38 pm
Location: Missouri, USA
Top

Unread postby mdemes » May 14th, 2005, 7:50 pm

Hello there

Sorry it took me so long to reply, I haven't been online for a few days. My computer is now working better than it ever has and I am seeing no spyware or virus-related effects at this time.

I did, however, try that killbox thing you recommended, and when I typed in each of the three following files:

C:\WINDOWS\Nail.exe
c:\windows\system32\rczeuz.exe
C:\WINDOWS\isrvs\mfiltis.dll

it told me "file does not seem to exist"

So I ran HiJack this again, and checked the files you had in your last post, but one did not appear on the scan:

F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe

All others I checked and repaired. Here's my new logfile:

Logfile of HijackThis v1.99.1
Scan saved at 6:34:06 PM, on 5/14/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\aol\ACS\AOLacsd.exe
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\McAfee\McAfee AntiSpyware\Msssrv.exe
C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\System32\svchost.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\PROGRA~1\SRNMIC~1\SOLOSENT.EXE
C:\PROGRA~1\SRNMIC~1\SOLOCFG.EXE
C:\Program Files\McAfee\McAfee AntiSpyware\MssCli.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
c:\program files\mcafee.com\agent\mcagent.exe
C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [SoloSentry] C:\PROGRA~1\SRNMIC~1\SOLOSENT.EXE
O4 - HKLM\..\Run: [SoloSchedule] C:\PROGRA~1\SRNMIC~1\SOLOCFG.EXE
O4 - HKLM\..\Run: [_AntiSpyware] C:\Program Files\McAfee\McAfee AntiSpyware\MssCli.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - Global Startup: APC UPS Status.lnk = ?
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra button: Support - {0EAC9390-BE6B-45C1-A995-B8F7491419B8} - http://www.comcastsupport.com (file missing) (HKCU)
O9 - Extra button: Help - {6710862E-8F4A-4CC2-AEF1-4CA99D9666ED} - http://www.comcast.net/memberservices/ (file missing) (HKCU)
O9 - Extra button: ComcastHSI - {729015F8-C638-436B-A7E9-F3C45E0F256D} - http://www.comcast.net (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.comcast.net
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\aol\ACS\AOLacsd.exe
O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee AntiSpyware Real-Time Scanner (McAfeeAntiSpyware) - Network Associates, Inc. - C:\Program Files\McAfee\McAfee AntiSpyware\Msssrv.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - McAfee, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
User avatar
mdemes
Active Member
 
Posts: 7
Joined: May 2nd, 2005, 12:50 pm
Location: West Mifflin, Pennsylvania
Top

Unread postby LDTate » May 14th, 2005, 7:53 pm

Good Job :D


Log looks good :D

Note: This will remove all previous Restore Points

Turn off System Restore:

On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

Restart your computer, turn it back on.

On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Remove the Check Turn off System Restore.
Click Apply, and then click OK.

Click Start> My Computer, select the Tools menu and then Folder Options, after the new window appears select the View tab…]
This time select the: Restore Defaults
Select: Apply, and click OK




If you dont have these three programs I would recommend that you get them. [color=red]Spywareblaster[/color], [color=red]Spywareguard[/color] and [color=red]IESPY AD[/color]. They will add 1000's of sites to your resticted zone and block some hijacks from happening. I also have a FREE FIREWALL and FREE ANTI VIRUS if you need one.

It is critical to have both a firewall and anti virus to protect your system.

Keep your system up to date and run Adaware & Spybot, once a week works, and hopefully you will be ok from here on. Both are available below.

Safe Surfing. :D
User avatar
LDTate
WTT Teacher
WTT Teacher
 
Posts: 3920
Joined: February 18th, 2005, 8:38 pm
Location: Missouri, USA
Top

Unread postby mdemes » May 14th, 2005, 10:55 pm

I did the system restore thing and I also downloaded spyware blaster and IESPY AD. I did not download Spyware guard yet, I just have a few questions and need some advice on what programs to keep.

Currently I have several AntiVirus and Antispyware programs on my computer:

MacAfee AntiVirus
MacAfee AntiSpyware
Microsoft Antispyware Beta
Ad-Aware
Spybot Search and Destroy
Solo (trial version)
Ewido (trial version)

Would you reccommend getting rid of any of these and running the Spyware Guard in their place?

Also, I am using the Windows Security Center Firewall. Do you think this is sufficient? Or should I download the one you recommend just to be extra-safe?

Thanks again for all your help, my system is running better now than ever before!
:D

Mike
User avatar
mdemes
Active Member
 
Posts: 7
Joined: May 2nd, 2005, 12:50 pm
Location: West Mifflin, Pennsylvania
Top

Unread postby LDTate » May 14th, 2005, 11:04 pm

Solo (trial version)
Ewido (trial version)
Being these are both trail, I'd remove both and use the free SpywareGuard

Would you reccommend getting rid of any of these and running the Spyware Guard in their place?

Also, I am using the Windows Security Center Firewall. Do you think this is sufficient? Or should I download the one you recommend just to be extra-safe?
I would use Zone Alarm, myself.

These are all up-to-you though.

Great job ;)

You're more then welcome.
Glad we were able to help :D
User avatar
LDTate
WTT Teacher
WTT Teacher
 
Posts: 3920
Joined: February 18th, 2005, 8:38 pm
Location: Missouri, USA
Top

Unread postby mdemes » May 14th, 2005, 11:11 pm

Cool. Thanks for the advice, I'll take you up on it

I've recommended this site to several of my friends who are having spyware problems, you may hear from them too!
User avatar
mdemes
Active Member
 
Posts: 7
Joined: May 2nd, 2005, 12:50 pm
Location: West Mifflin, Pennsylvania
Top
Advertisement
Register to Remove
Topic locked

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 140 guests

The teamDelete all board cookiesAll times are UTC - 5 hours [ DST ]

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware

Board index