bluecoal, I realize that you are trying to help, but you are not authorized to do so until you have been cleared by the staff here. Please send a message to the Moderator. Include your qualifications and your request to analyze logs in this forum. Thanks.
First, please disable TrojanHunter Guard by right clicking on the icon in your System Tray.
It is a light blue icon with a magnifying glass that can be difficult to see but the handle is red. Right click it and select settings. Uncheck "Load at startup" and "Enabled
Make sure that the program, TrojanHunter itself, is also closed/not running.
Please download
VundoFix.exe to your desktop.
Do not run it yet. We will do that after your next post.
Go to your Hijackthis folder here: C:\Documents and Settings\GaNDHiJi\My Documents\hijackthis\
HijackThis.exe and rename Hijackthis.exe to
analyzer.exe Reboot.
After reboot, run analyzer.exe (which is actually your renamed hijackthis) and post the log it creates in your next reply.
heyy thanks for your contributionss i did as you asked and here is my second hijack this log
Logfile of HijackThis v1.99.1
Scan saved at 00:28:34, on 30/08/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Next, please go to Add/Remove and remove SysProtectFree if it is listed. Whether it is or not, please continue.
Double-click
VundoFix.exe to run it.
Click the Scan for Vundo button.
Once it's done scanning, click the Remove Vundo button.
You will receive a prompt asking if you want to remove the files,
click YES
Once you click yes, your desktop will go blank as it starts removing
Vundo.
When completed, it will prompt that it will shutdown your computer,
click OK.
Turn your computer back on.
Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.
Please launch HijackThis (renamed analyzer) and place a checkmark next to these items if they still exist: O2 - BHO: (no name) - {A4F94C0C-54A7-4DB1-9AF3-B22E63D00309} - C:\WINDOWS\g2667687.dll (file missing) O2 - BHO: (no name) - {D5E50F38-3365-4B25-96E4-6490F0201A92} - C:\WINDOWS\System32\ddabc.dll O4 - HKCU\..\Run: [SysProtect] C:\Program Files\SysProtect Free\USYP.exe /scan O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O15 - Trusted Zone: http://locator.cdn.imageservr.com O15 - Trusted Zone: http://locator1.cdn.imageservr.com O16 - DPF: {2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} - http://www.drivecleaner.com/.freeware/installdrivecleanerstart.cab O20 - Winlogon Notify: ddabc - C:\WINDOWS\System32\ddabc.dll O20 - Winlogon Notify: winkve32 - winkve32.dll (file missing)
Close all windows except HijackThis and click "Fix Checked".
Run Disk Cleanup in each user's profile: Click "Start > Programs > Accessories > System Tools > Disk Cleanup" Please make sure the following are checked: -- Downloaded Program Files -- Temporary Internet Files -- Recycle Bin -- Temporary Files Click "OK" and Disk Cleanup will delete those files for you.
Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.
Attempting to delete C:\WINDOWS\system32\byxyvuv.dll C:\WINDOWS\system32\byxyvuv.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\ddabc.dll C:\WINDOWS\system32\ddabc.dll Could not be deleted.
Attempting to delete C:\WINDOWS\system32\cbadd.ini C:\WINDOWS\system32\cbadd.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\cbadd.bak1 C:\WINDOWS\system32\cbadd.bak1 Has been deleted!
Attempting to delete C:\WINDOWS\system32\cbadd.bak2 C:\WINDOWS\system32\cbadd.bak2 Has been deleted!
Attempting to delete C:\WINDOWS\system32\cbadd.ini2 C:\WINDOWS\system32\cbadd.ini2 Has been deleted!
Attempting to delete C:\WINDOWS\system32\cbadd.tmp C:\WINDOWS\system32\cbadd.tmp Has been deleted!
Attempting to delete C:\WINDOWS\system32\auiyxkin.exe C:\WINDOWS\system32\auiyxkin.exe Has been deleted!
Attempting to delete C:\WINDOWS\system32\aweyqsqw.exe C:\WINDOWS\system32\aweyqsqw.exe Has been deleted!
Attempting to delete C:\WINDOWS\system32\cjxaowqv.exe C:\WINDOWS\system32\cjxaowqv.exe Has been deleted!
Attempting to delete C:\WINDOWS\system32\dkaehxfy.exe C:\WINDOWS\system32\dkaehxfy.exe Has been deleted!
Attempting to delete C:\WINDOWS\system32\ejlwpbax.exe C:\WINDOWS\system32\ejlwpbax.exe Has been deleted!
Attempting to delete C:\WINDOWS\system32\emftxlvl.exe C:\WINDOWS\system32\emftxlvl.exe Has been deleted!
Attempting to delete C:\WINDOWS\system32\fqdujirh.exe C:\WINDOWS\system32\fqdujirh.exe Has been deleted!
Attempting to delete C:\WINDOWS\system32\hwebjrtt.exe C:\WINDOWS\system32\hwebjrtt.exe Has been deleted!
Attempting to delete C:\WINDOWS\system32\jaafuocf.exe C:\WINDOWS\system32\jaafuocf.exe Has been deleted!
Attempting to delete C:\WINDOWS\system32\kaigxjgh.exe C:\WINDOWS\system32\kaigxjgh.exe Has been deleted!
Attempting to delete C:\WINDOWS\system32\kdgawbbi.exe C:\WINDOWS\system32\kdgawbbi.exe Has been deleted!
Attempting to delete C:\WINDOWS\system32\opgbhkty.exe C:\WINDOWS\system32\opgbhkty.exe Has been deleted!
Attempting to delete C:\WINDOWS\system32\qewtmmkm.exe C:\WINDOWS\system32\qewtmmkm.exe Has been deleted!
Attempting to delete C:\WINDOWS\system32\qvredohm.exe C:\WINDOWS\system32\qvredohm.exe Has been deleted!
Attempting to delete C:\WINDOWS\system32\raqjpuil.exe C:\WINDOWS\system32\raqjpuil.exe Has been deleted!
Attempting to delete C:\WINDOWS\system32\rbdarpin.exe C:\WINDOWS\system32\rbdarpin.exe Has been deleted!
Attempting to delete C:\WINDOWS\system32\swruqgck.exe C:\WINDOWS\system32\swruqgck.exe Has been deleted!
Attempting to delete C:\WINDOWS\system32\ugnijlsg.exe C:\WINDOWS\system32\ugnijlsg.exe Has been deleted!
Attempting to delete C:\WINDOWS\system32\xajdudai.exe C:\WINDOWS\system32\xajdudai.exe Has been deleted!
Attempting to delete C:\WINDOWS\system32\xurjaypj.exe C:\WINDOWS\system32\xurjaypj.exe Has been deleted!
Attempting to delete C:\WINDOWS\system32\yoextqwk.exe C:\WINDOWS\system32\yoextqwk.exe Has been deleted!
Attempting to delete C:\WINDOWS\System32\Drivers\DP.sys C:\WINDOWS\System32\Drivers\DP.sys Has been deleted!
Performing Repairs to the registry. Done!
VundoFix V6.1.2
Checking Java version...
Java version is 1.5.0.3
Java version is 1.5.0.6
Scan started at 23:39:45 31/08/2006
Listing files found while scanning....
C:\WINDOWS\system32\ddabc.dll
Beginning removal...
Attempting to delete C:\WINDOWS\system32\ddabc.dll C:\WINDOWS\system32\ddabc.dll Has been deleted!
Performing Repairs to the registry. Done!
HERE IS THE HIJACK THIS LOG FILE:
Logfile of HijackThis v1.99.1 Scan saved at 00:28:27, on 03/09/2006 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Good job! You had one whopper if a Vundo infection there!
Please launch HijackThis and place a checkmark next to this one:
O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} - http://download.cdn.winsoftware.com/files/installers/cab/WinAntiVirusPro2006FreeInstall.cab
Close all windows and click "Fix Checked".
REBOOT.
Run another scan with HijackThis to be sure that 016 line for WinAntiVirusPro is gone.
Then if everything is running well, it would be a good idea to flush System Restore so you have a clean Restore Point.
Only if everything is running well.... To flush the XP System Restore Points:
(Using XP, you must be logged in as Administrator to do this.)
Go to Start>Run and type msconfig Press enter.
When msconfig opens, click the Launch System Restore Button.
On the next page, click the System Restore Settings Link on the left.
Check the box labeled Turn Off System Restore.
Reboot.
Go back in and turn System Restore ON. A new Restore Point will be created.
Here is my standard list of simple steps that you can take to reduce the chance of infection in the future.
You may have already taken some of these steps: 1. Visit Windows Update:
Make sure that you have all the Critical Updates recommended for your operating system and IE. The first defense against infection is a properly patched OS.
Windows Update:
http://v4.windowsupdate.microsoft.com/en/default.asp
2. Adjust your security settings for ActiveX:
Go to Internet Options/Security/Internet, press 'default level', then OK.
Now press "Custom Level."
In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to 'prompt', and 'Initialize and Script ActiveX controls not marked as safe" to 'disable'.
6. Install spyware detection and removal programs:
You may also want to consider installing either or both of AdAware (free version) and Spybot S&D (freeware). Use these programs to regularly scan your system for and remove many forms of spyware/malware.
I would check for updates in SpyBot once a week or so.
Check for updates in Ad-aware frequently.
If you have recently installed Ewido, it is a free trial product for 30 days. After that you can purchase it for full features OR you can also keep the free version to use as an on-demand scanner (recommended).
You will still be able to manually update Ewido using the *update* button
7. Before using or purchasing any Spyware/Malware protection/removal program, always check the
Rogue/Suspect Spyware List.
Here is the link:
http://www.spywarewarrior.com/rogue_anti-spyware.htm If you want to know just how effective your anti-spyware program is, or how well any of the "rogue" programs listed at the above link work, check this for an independent comparison of several anti-spyware programs:
http://www.spywarewarrior.com/asw-test-guide.htm
8. If you have not already done so, you might want to install
CCleaner and run it in each user's profile:
http://www.ccleaner.com/ ** UNcheck the option to install the Yahoo toolbr.
If you need to update, remove all prior versions using Add/Remove Programs, and delete the Java folder in Program Files.
You can go here to download the latest version:
Sun Java and click the link to download the
Windows (Offline Installation) package: Save it, do
not run it. When the download is complete, close the browser.
Proceed with reinstalling Java. Reboot.
Dell Analysts are enrolled in training or have graduated from training. If you desire to be trained so you can help at Dell as well as other forums, please contact one of the following schools.
bluecoal
134 Posts
0
August 29th, 2006 12:00
Edited for conflict resolution.
Message Edited by bluecoal on 09-04-200607:20 PM
Bugbatter
3 Apprentice
•
20.5K Posts
0
August 29th, 2006 14:00
Bugbatter
3 Apprentice
•
20.5K Posts
0
August 29th, 2006 15:00
First, please disable TrojanHunter Guard by right clicking on the icon in your System Tray.
It is a light blue icon with a magnifying glass that can be difficult to see but the handle is red. Right click it and select settings. Uncheck "Load at startup" and "Enabled
Make sure that the program, TrojanHunter itself, is also closed/not running.
Please download VundoFix.exe to your desktop.
Do not run it yet. We will do that after your next post.
Go to your Hijackthis folder here: C:\Documents and Settings\GaNDHiJi\My Documents\hijackthis\ HijackThis.exe and rename Hijackthis.exe to analyzer.exe
Reboot.
After reboot, run analyzer.exe (which is actually your renamed hijackthis) and post the log it creates in your next reply.
mink da monkee
7 Posts
0
August 29th, 2006 22:00
Scan saved at 00:28:34, on 30/08/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\PROGRA~1\Avast4\ashDisp.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterConfig.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\Program Files\Common Files\AOL\1154105874\ee\AOLHostManager.exe
C:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe
C:\Program Files\Avast4\aswUpdSv.exe
C:\Program Files\Common Files\AOL\1154105874\ee\AOLServiceHost.exe
C:\Program Files\Avast4\ashServ.exe
c:\program files\common files\aol\1154105874\ee\services\antiSpywareApp\ver2_0_12\AOLSP Scheduler.exe
C:\Program Files\Common Files\AOL\1154105874\ee\AOLServiceHost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Avast4\ashMaiSv.exe
C:\Program Files\Avast4\ashWebSv.exe
C:\WINDOWS\System32\WgaTray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\GaNDHiJi\My Documents\hijackthis\analyzer.exe.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {A4F94C0C-54A7-4DB1-9AF3-B22E63D00309} - C:\WINDOWS\g2667687.dll (file missing)
O2 - BHO: (no name) - {D5E50F38-3365-4B25-96E4-6490F0201A92} - C:\WINDOWS\System32\ddabc.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1154105874\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SysProtect] C:\Program Files\SysProtect Free\USYP.exe /scan
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Motorola Desktop Suite mRouter Config.lnk = C:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterConfig.exe
O4 - Global Startup: Motorola Desktop Suite.lnk = C:\Program Files\Motorola\Motorola Desktop Suite\DesktopSuite.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O15 - Trusted Zone: http://locator.cdn.imageservr.com
O15 - Trusted Zone: http://locator1.cdn.imageservr.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} - http://www.drivecleaner.com/.freeware/installdrivecleanerstart.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.snapfish.co.uk/SnapfishUKActivia.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gandhijiii.spaces.msn.com//PhotoUpload/MsnPUpld.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: ddabc - C:\WINDOWS\System32\ddabc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winkve32 - winkve32.dll (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: spkrmon - Unknown owner - C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
Bugbatter
3 Apprentice
•
20.5K Posts
0
August 30th, 2006 01:00
Next, please go to Add/Remove and remove SysProtectFree if it is listed. Whether it is or not, please continue.
Double-click VundoFix.exe to run it.
Note: It is possible that VundoFix encountered a file it could not
remove.
In this case, VundoFix will run on reboot, simply follow the above
instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.
Please launch HijackThis (renamed analyzer) and place a checkmark next to these items if they still exist:
O2 - BHO: (no name) - {A4F94C0C-54A7-4DB1-9AF3-B22E63D00309} - C:\WINDOWS\g2667687.dll (file missing)
O2 - BHO: (no name) - {D5E50F38-3365-4B25-96E4-6490F0201A92} - C:\WINDOWS\System32\ddabc.dll
O4 - HKCU\..\Run: [SysProtect] C:\Program Files\SysProtect Free\USYP.exe /scan
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O15 - Trusted Zone: http://locator.cdn.imageservr.com
O15 - Trusted Zone: http://locator1.cdn.imageservr.com
O16 - DPF: {2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} - http://www.drivecleaner.com/.freeware/installdrivecleanerstart.cab
O20 - Winlogon Notify: ddabc - C:\WINDOWS\System32\ddabc.dll
O20 - Winlogon Notify: winkve32 - winkve32.dll (file missing)
Close all windows except HijackThis and click "Fix Checked".
Please delete the specified folder here:
C:\Program Files\ SysProtect Free --FOLDER
Reboot.
Run Disk Cleanup in each user's profile:
Click "Start > Programs > Accessories > System Tools > Disk Cleanup"
Please make sure the following are checked:
-- Downloaded Program Files
-- Temporary Internet Files
-- Recycle Bin
-- Temporary Files
Click "OK" and Disk Cleanup will delete those files for you.
Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.
Updating Java:
Official JAVA Installation Instructions if needed.
* Please post the contents of C:\vundofix.txt and a new (Analyzer)HiJackThis log.
Message Edited by Bugbatter on 09-04-200608:21 PM
mink da monkee
7 Posts
0
September 4th, 2006 23:00
HIIII SOO SORRY FOR THE LATE REPLYY JUST BEEN REALLY BUSY IN THE PAST FEW DAYS BUT DID AS YOU SAID AND THESE ARE A FEW COMMENTS
1) VUNDO FIX REBOOTED A SECOND TIME AS YOU SAID MAY HAPPEN
2) ONE OF THOSE 10 FILES YOU SAID TO DELETE WAS NOT PRESENT CANNOT REMEMBER WHICH ONE SORRY
3) THERE WAS NO SPECIFIED FOLDER SYSPROTECTFREE (EVEN AFTER VIEWING HIDDEN FILES)
4) DISK CLEANUP RAN OK ON MAIN USER ACCOUNT BUT FROZE ON ALL OTHER USER ACCOUNTS
5) JAVA UPDATED SUCCESSFULLY
FIRSTLY I WILL PASTE THE VUNDOFIX LOGFILE:
VundoFix V6.1.2
Checking Java version...
Java version is 1.5.0.3
Java version is 1.5.0.6
Scan started at 23:34:15 31/08/2006
Listing files found while scanning....
C:\WINDOWS\system32\byxyvuv.dll
C:\WINDOWS\system32\ddabc.dll
C:\WINDOWS\system32\cbadd.ini
C:\WINDOWS\system32\cbadd.bak1
C:\WINDOWS\system32\cbadd.bak2
C:\WINDOWS\system32\cbadd.ini2
C:\WINDOWS\system32\cbadd.tmp
C:\WINDOWS\system32\auiyxkin.exe
C:\WINDOWS\system32\aweyqsqw.exe
C:\WINDOWS\system32\cjxaowqv.exe
C:\WINDOWS\system32\dkaehxfy.exe
C:\WINDOWS\system32\ejlwpbax.exe
C:\WINDOWS\system32\emftxlvl.exe
C:\WINDOWS\system32\fqdujirh.exe
C:\WINDOWS\system32\hwebjrtt.exe
C:\WINDOWS\system32\jaafuocf.exe
C:\WINDOWS\system32\kaigxjgh.exe
C:\WINDOWS\system32\kdgawbbi.exe
C:\WINDOWS\system32\opgbhkty.exe
C:\WINDOWS\system32\qewtmmkm.exe
C:\WINDOWS\system32\qvredohm.exe
C:\WINDOWS\system32\raqjpuil.exe
C:\WINDOWS\system32\rbdarpin.exe
C:\WINDOWS\system32\swruqgck.exe
C:\WINDOWS\system32\ugnijlsg.exe
C:\WINDOWS\system32\xajdudai.exe
C:\WINDOWS\system32\xurjaypj.exe
C:\WINDOWS\system32\yoextqwk.exe
C:\WINDOWS\System32\Drivers\DP.sys
Beginning removal...
Attempting to delete C:\WINDOWS\system32\byxyvuv.dll
C:\WINDOWS\system32\byxyvuv.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\ddabc.dll
C:\WINDOWS\system32\ddabc.dll Could not be deleted.
Attempting to delete C:\WINDOWS\system32\cbadd.ini
C:\WINDOWS\system32\cbadd.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\cbadd.bak1
C:\WINDOWS\system32\cbadd.bak1 Has been deleted!
Attempting to delete C:\WINDOWS\system32\cbadd.bak2
C:\WINDOWS\system32\cbadd.bak2 Has been deleted!
Attempting to delete C:\WINDOWS\system32\cbadd.ini2
C:\WINDOWS\system32\cbadd.ini2 Has been deleted!
Attempting to delete C:\WINDOWS\system32\cbadd.tmp
C:\WINDOWS\system32\cbadd.tmp Has been deleted!
Attempting to delete C:\WINDOWS\system32\auiyxkin.exe
C:\WINDOWS\system32\auiyxkin.exe Has been deleted!
Attempting to delete C:\WINDOWS\system32\aweyqsqw.exe
C:\WINDOWS\system32\aweyqsqw.exe Has been deleted!
Attempting to delete C:\WINDOWS\system32\cjxaowqv.exe
C:\WINDOWS\system32\cjxaowqv.exe Has been deleted!
Attempting to delete C:\WINDOWS\system32\dkaehxfy.exe
C:\WINDOWS\system32\dkaehxfy.exe Has been deleted!
Attempting to delete C:\WINDOWS\system32\ejlwpbax.exe
C:\WINDOWS\system32\ejlwpbax.exe Has been deleted!
Attempting to delete C:\WINDOWS\system32\emftxlvl.exe
C:\WINDOWS\system32\emftxlvl.exe Has been deleted!
Attempting to delete C:\WINDOWS\system32\fqdujirh.exe
C:\WINDOWS\system32\fqdujirh.exe Has been deleted!
Attempting to delete C:\WINDOWS\system32\hwebjrtt.exe
C:\WINDOWS\system32\hwebjrtt.exe Has been deleted!
Attempting to delete C:\WINDOWS\system32\jaafuocf.exe
C:\WINDOWS\system32\jaafuocf.exe Has been deleted!
Attempting to delete C:\WINDOWS\system32\kaigxjgh.exe
C:\WINDOWS\system32\kaigxjgh.exe Has been deleted!
Attempting to delete C:\WINDOWS\system32\kdgawbbi.exe
C:\WINDOWS\system32\kdgawbbi.exe Has been deleted!
Attempting to delete C:\WINDOWS\system32\opgbhkty.exe
C:\WINDOWS\system32\opgbhkty.exe Has been deleted!
Attempting to delete C:\WINDOWS\system32\qewtmmkm.exe
C:\WINDOWS\system32\qewtmmkm.exe Has been deleted!
Attempting to delete C:\WINDOWS\system32\qvredohm.exe
C:\WINDOWS\system32\qvredohm.exe Has been deleted!
Attempting to delete C:\WINDOWS\system32\raqjpuil.exe
C:\WINDOWS\system32\raqjpuil.exe Has been deleted!
Attempting to delete C:\WINDOWS\system32\rbdarpin.exe
C:\WINDOWS\system32\rbdarpin.exe Has been deleted!
Attempting to delete C:\WINDOWS\system32\swruqgck.exe
C:\WINDOWS\system32\swruqgck.exe Has been deleted!
Attempting to delete C:\WINDOWS\system32\ugnijlsg.exe
C:\WINDOWS\system32\ugnijlsg.exe Has been deleted!
Attempting to delete C:\WINDOWS\system32\xajdudai.exe
C:\WINDOWS\system32\xajdudai.exe Has been deleted!
Attempting to delete C:\WINDOWS\system32\xurjaypj.exe
C:\WINDOWS\system32\xurjaypj.exe Has been deleted!
Attempting to delete C:\WINDOWS\system32\yoextqwk.exe
C:\WINDOWS\system32\yoextqwk.exe Has been deleted!
Attempting to delete C:\WINDOWS\System32\Drivers\DP.sys
C:\WINDOWS\System32\Drivers\DP.sys Has been deleted!
Performing Repairs to the registry.
Done!
VundoFix V6.1.2
Checking Java version...
Java version is 1.5.0.3
Java version is 1.5.0.6
Scan started at 23:39:45 31/08/2006
Listing files found while scanning....
C:\WINDOWS\system32\ddabc.dll
Beginning removal...
Attempting to delete C:\WINDOWS\system32\ddabc.dll
C:\WINDOWS\system32\ddabc.dll Has been deleted!
Performing Repairs to the registry.
Done!
HERE IS THE HIJACK THIS LOG FILE:
Logfile of HijackThis v1.99.1
Scan saved at 00:28:27, on 03/09/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Avast4\aswUpdSv.exe
C:\Program Files\Avast4\ashServ.exe
C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Avast4\ashMaiSv.exe
C:\Program Files\Avast4\ashWebSv.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\PROGRA~1\Avast4\ashDisp.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterConfig.exe
C:\Program Files\Common Files\AOL\1154105874\ee\AOLHostManager.exe
C:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\Program Files\Common Files\AOL\1154105874\ee\AOLServiceHost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
c:\program files\common files\aol\1154105874\ee\services\antiSpywareApp\ver2_0_12\AOLSP Scheduler.exe
C:\Program Files\Common Files\AOL\1154105874\ee\AOLServiceHost.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\GaNDHiJi\My Documents\hijackthis\analyzer.exe.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bbc.co.uk/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1154105874\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Motorola Desktop Suite mRouter Config.lnk = C:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterConfig.exe
O4 - Global Startup: Motorola Desktop Suite.lnk = C:\Program Files\Motorola\Motorola Desktop Suite\DesktopSuite.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.snapfish.co.uk/SnapfishUKActivia.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gandhijiii.spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} - http://download.cdn.winsoftware.com/files/installers/cab/WinAntiVirusPro2006FreeInstall.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: spkrmon - Unknown owner - C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
PLEASE LET ME KNOW IF THERE IS STILL ANYTHING LURKING ABOUTT THANK YOU VERY MUCH APPRECIATE YOUR HELP AND SORRY FOR THE DELAY :D
P.S. THIS MESSAGE EDITOR REMOVED INVALID HTML INCASE YOU FIND ANYTHING MISSING
Bugbatter
3 Apprentice
•
20.5K Posts
0
September 5th, 2006 00:00
Please launch HijackThis and place a checkmark next to this one:
O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} - http://download.cdn.winsoftware.com/files/installers/cab/WinAntiVirusPro2006FreeInstall.cab
Close all windows and click "Fix Checked".
REBOOT.
Run another scan with HijackThis to be sure that 016 line for WinAntiVirusPro is gone.
Then if everything is running well, it would be a good idea to flush System Restore so you have a clean Restore Point.
Only if everything is running well....
To flush the XP System Restore Points:
(Using XP, you must be logged in as Administrator to do this.)
Go to Start>Run and type msconfig Press enter.
When msconfig opens, click the Launch System Restore Button.
On the next page, click the System Restore Settings Link on the left.
Check the box labeled Turn Off System Restore.
Reboot. Go back in and turn System Restore ON. A new Restore Point will be created.
Here is my standard list of simple steps that you can take to reduce the chance of infection in the future.
You may have already taken some of these steps:
1. Visit Windows Update:
Make sure that you have all the Critical Updates recommended for your operating system and IE. The first defense against infection is a properly patched OS.
Windows Update: http://v4.windowsupdate.microsoft.com/en/default.asp
2. Adjust your security settings for ActiveX:
Go to Internet Options/Security/Internet, press 'default level', then OK.
Now press "Custom Level."
In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to 'prompt', and 'Initialize and Script ActiveX controls not marked as safe" to 'disable'.
3. Download and install the following free programs:
a. SpywareBlaster:
http://www.javacoolsoftware.com/spywareblaster.html
Tutorial here: http://www.bleepingcomputer.com/forums/tutorial49.html
b. SpywareGuard:
http://www.javacoolsoftware.com/spywareguard.html
Tutorial here: http://www.bleepingcomputer.com/tutorials/tutorial50.html
Periodically check for updates in both programs.
4. Please use a firewall and realtime anti-virus. Keep the anti-virus software and firewall software up to date.
Note: Zone Alarm Firewall (Zone Labs) http://www.zonelabs.com/store/content/company/products/trial_zaFamily/trial_zaFamily.jsp?lid=home_freedownloads
Sunbelt Kerio has a free version: http://www.kerio.com/kpf_download.html
5. You might consider installing Mozilla / Firefox.
http://www.mozilla.org/
6. Install spyware detection and removal programs:
You may also want to consider installing either or both of AdAware (free version) and Spybot S&D (freeware). Use these programs to regularly scan your system for and remove many forms of spyware/malware.
a. Ad-aware: http://www.lavasoft.de/software/adaware/
b. SpyBot S&D: http://safer-networking.org/en/news/2005-05-31.html
I would check for updates in SpyBot once a week or so.
Check for updates in Ad-aware frequently.
If you have recently installed Ewido, it is a free trial product for 30 days. After that you can purchase it for full features OR you can also keep the free version to use as an on-demand scanner (recommended).
You will still be able to manually update Ewido using the *update* button
7. Before using or purchasing any Spyware/Malware protection/removal program, always check the Rogue/Suspect Spyware List.
Here is the link:
http://www.spywarewarrior.com/rogue_anti-spyware.htm
If you want to know just how effective your anti-spyware program is, or how well any of the "rogue" programs listed at the above link work, check this for an independent comparison of several anti-spyware programs: http://www.spywarewarrior.com/asw-test-guide.htm
8. If you have not already done so, you might want to install CCleaner and run it in each user's profile: http://www.ccleaner.com/
** UNcheck the option to install the Yahoo toolbr.
9. If you use Adobe Reader it may need to be updated to be sure that you have a more secure version. If you are using a version prior to v. 6.05, you should update to 6.05, preferably version 7.08. It would be best to remove prior versions before updating to a new version.
Info here: http://www.adobe.com/support/downloads/product.jsp?product=10&platform=Windows
If you need additional assistance, the Adobe forums are here: http://www.adobe.com/support/forums/main.html
10. Make sure you are using the most udpated version of Java. To verify your Java version go here:
http://www.java.com/en/download/installed.jsp
If you need to update, remove all prior versions using Add/Remove Programs, and delete the Java folder in Program Files.
You can go here to download the latest version: Sun Java and click the link to download the Windows (Offline Installation) package: Save it, do not run it. When the download is complete, close the browser.
Proceed with reinstalling Java. Reboot.
11. Here are some helpful articles:
"So how did I get infected in the first place?"
http://computercops.biz/postlite7736-.html
"I'm not pulling your leg, honest"
by Sandi Hardmeier
http://www.microsoft.com/windows/IE/community/columns/pulling.mspx
Let us know if we have not resolved your problem. Otherwise, you are good to go.
Happy and Safe Surfing! :)
mink da monkee
7 Posts
0
September 5th, 2006 16:00
wowwww great jobbbb bugbatter thanks for all your helpp appreciate itt pcs runnin soo much healthier now
jus wonderin if i wanted to learn how to read hijack this logs where could i find outt how to read and analyse them?
thanks alot m8
mink da monkee
7 Posts
0
September 5th, 2006 17:00
Bugbatter
3 Apprentice
•
20.5K Posts
0
September 5th, 2006 17:00
(See the note at the top of the forum regarding training.)
bluecoal
134 Posts
0
September 5th, 2006 23:00
Bugbatter
3 Apprentice
•
20.5K Posts
0
September 6th, 2006 01:00
Cheers! :)