1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Solved: Virus And Annoying Popup Hjt Log

Discussion in 'Virus & Other Malware Removal' started by petiac, Jul 21, 2006.

Thread Status:
Not open for further replies.
Advertisement
  1. petiac

    petiac Thread Starter

    Joined:
    Aug 10, 2005
    Messages:
    54
    OK GETTING A VIRUS NOTICE FROM AVG HOZEMO.DLL TROJAN HORSE DOWNLOADER. GENERIC.ZIE also when computer first started it loads a internet explorer window looking for the site ieupdates.com i think it said then goes to the dns server telling me site cannot be found. when i close that window i get a messege stating active x controls are disabled and page might load properly. i checked my IE settings and reset them all to defaults still getting error. here is my hjt logs

    Logfile of HijackThis v1.99.1
    Scan saved at 2:53:08 PM, on 7/21/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\Program Files\ewido anti-spyware 4.0\guard.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\Program Files\ewido anti-spyware 4.0\ewido.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\DOCUMENTS AND SETTINGS\PAM NEWLAND\DESKTOP\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    O2 - BHO: (no name) - {00172AD1-F4BD-48C0-AEB5-A4CFE4638393} - (no file)
    O2 - BHO: (no name) - {00871DF4-9ADF-4CD5-AEB7-61C6F3641ED2} - (no file)
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {116D6D93-3E38-4BA3-9C84-421ACBAE081D} - (no file)
    O2 - BHO: (no name) - {17D54DF5-ED2A-4BDC-8287-B8F9429EDECC} - (no file)
    O2 - BHO: (no name) - {192917C6-674E-4FC3-8FA5-5906A9D92A21} - (no file)
    O2 - BHO: (no name) - {30460995-2C13-4053-BD04-4739F9EE76A5} - (no file)
    O2 - BHO: (no name) - {3241A5B5-5C15-495D-B44C-86F7A2DB9732} - (no file)
    O2 - BHO: (no name) - {331A1676-19AF-4C8B-9C09-4122CB3C20C0} - (no file)
    O2 - BHO: (no name) - {443C6678-E94B-4894-99C4-32BFE75F315E} - (no file)
    O2 - BHO: (no name) - {45B8306C-DCA2-41F3-B6A7-D0B4D4D2AB7D} - (no file)
    O2 - BHO: (no name) - {502485B8-5A71-4C21-8641-8E02A06EAFDE} - (no file)
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {5B75B38B-D05B-4F82-908E-34B29565088F} - (no file)
    O2 - BHO: (no name) - {6FC0F961-FDFF-4536-AC4C-DDE0B9F23652} - (no file)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: (no name) - {7FF0544F-BD6F-45E1-A7C4-932442EDFF4D} - (no file)
    O2 - BHO: (no name) - {81BEA0C8-0CFD-4A1D-929B-504B257A8417} - (no file)
    O2 - BHO: (no name) - {856FD7E8-CCF3-4A7D-96F8-17113B29D243} - (no file)
    O2 - BHO: (no name) - {85D10AFF-F517-4752-BACE-634AAB78B713} - C:\Program Files\Windows NT\hozemo.dll
    O2 - BHO: (no name) - {930629D9-368F-47FD-ABA1-0EFA36F6818E} - (no file)
    O2 - BHO: (no name) - {996D0114-9DC0-4774-A8C4-2E72F38BD30E} - (no file)
    O2 - BHO: (no name) - {A1B43EBC-73C3-4B78-8EEA-95F835C4D90B} - (no file)
    O2 - BHO: (no name) - {B56283C5-FC2A-4F81-AF0B-D75CC744083C} - (no file)
    O2 - BHO: (no name) - {B6A01D05-5C8A-410A-8055-0FCEDE1A327A} - (no file)
    O2 - BHO: (no name) - {BDCC748B-5FBF-49BC-86C3-49838EBEBE74} - (no file)
    O2 - BHO: (no name) - {C0665941-FB2F-4A59-8876-0AEFB86C5840} - (no file)
    O2 - BHO: (no name) - {C4FE7A31-C891-4297-82E1-0CF5057053DA} - (no file)
    O2 - BHO: (no name) - {C6A84F20-E016-49A4-BA59-0F34C9091779} - (no file)
    O2 - BHO: (no name) - {CBDB2B98-376F-4A23-B8F0-4F70727212F5} - (no file)
    O2 - BHO: (no name) - {D31249CF-78DE-4A4C-96BB-64F38F6C5787} - (no file)
    O2 - BHO: (no name) - {D4F01B94-C3C1-4346-A5C4-E7ACE6E8D93A} - (no file)
    O2 - BHO: (no name) - {D6FB2D6F-E991-41B9-89D6-9E6F098756CF} - (no file)
    O2 - BHO: (no name) - {DCBE4CE5-F0D0-478C-AAD8-A49BA9442183} - (no file)
    O2 - BHO: (no name) - {DE002DCF-017E-4617-9F33-ED1A0255F22D} - (no file)
    O2 - BHO: (no name) - {DFE31378-3C27-4385-8E3E-BEEEF1FE5E23} - C:\Program Files\Windows NT\hozemo.dll
    O2 - BHO: (no name) - {E434D3C7-A673-4100-8140-79C020945017} - (no file)
    O2 - BHO: (no name) - {E683D98D-3C0A-43FA-9741-566965D90EB9} - (no file)
    O2 - BHO: (no name) - {E89B4D1B-07F8-4EA2-976B-FBC5BFFA7DEE} - (no file)
    O2 - BHO: (no name) - {EA2CE042-F39C-4979-A2DD-41AE1D94A330} - (no file)
    O2 - BHO: (no name) - {EB9BD5FB-E984-4043-BDF9-3E829932EFE3} - (no file)
    O2 - BHO: (no name) - {EECAF3A5-661D-4683-9574-0AC1F99F10EC} - (no file)
    O2 - BHO: (no name) - {FB0D6A7E-11F7-44C5-AE9A-96FF1E15001E} - (no file)
    O3 - Toolbar: (no name) - {53829F91-1B06-4DB9-B13E-812A986169F9} - (no file)
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [adstart] iexplore.exe http://iesettingsupdate
    O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [VSL07.exe] C:\WINDOWS\system32\VSL07.exe
    O4 - HKCU\..\Run: [ssqbn.exe] C:\WINDOWS\system32\ssqbn.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O15 - Trusted Zone: *.elitemediagroup.net
    O15 - Trusted Zone: *.media-motor.net
    O15 - Trusted Zone: *.mmohsix.com
    O16 - DPF: CM_AdvancedCAB - https://www.gs.reyrey.com/common/ClientCheck/CM_AdvancedCAB.CAB
    O16 - DPF: PrintTemplateViewerCab - https://www.gs.reyrey.com/clientdll/printtemplateviewer.cab
    O16 - DPF: {31175300-AC0E-11D4-A326-00104B37A903} (VirtualChannel Class) - http://imgsv01/dv/cab/RRE2GSCTSServer.cab
    O16 - DPF: {3C648A72-C49A-48EF-9F90-68EF13293F97} (Cacher Class) - http://www.priv.njmls.xmlsweb.com/XMLSearch/XMLCache.CAB
    O16 - DPF: {4AD73894-A895-4FC2-B233-299867E08753} (Cadwkzctl Object) - http://apps.deskwizz.com/ax/adwerkz.cab
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://bin.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,84/mcinsctl.cab
    O16 - DPF: {5526B4C6-63D6-41A1-9783-0FABF529859A} - http://cabs.elitemediagroup.net/cabs/mediaview.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1096570754015
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {9AC54695-69A4-46F1-BE10-10C74F9520D5} - http://cabs.elitemediagroup.net/cabs/mediaview.cab
    O16 - DPF: {AC6E313D-FE79-11D3-BF9F-00105A9D6E6E} (RRE2GSCFileDownload.FileDownload) - http://imgsv01/dv/cab/RRE2GSCFileDownload.CAB
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
    O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://bin.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,21/mcgdmgr.cab
    O16 - DPF: {BF891E15-BD3F-11D3-9AA1-444553540000} (TVC_HyperView Class) - http://imgsv01/dv/cab/TVC_ViewerCab.CAB
    O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} - http://fdl.msn.com/zone/datafiles/heartbeat.cab
    O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,1,0,4682/mcfscan.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{59BC02A1-823A-4874-B4B4-095C61EA01D3}: NameServer = 216.41.101.17,204.17.65.2
    O17 - HKLM\System\CS1\Services\Tcpip\..\{59BC02A1-823A-4874-B4B4-095C61EA01D3}: NameServer = 216.41.101.17,204.17.65.2
    O18 - Filter: text/html - {0F9A5F09-3BFD-40D3-85FE-36227430A374} - (no file)
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
     
  2. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    Please download Qoofix by RubbeR DuckY from http://www.malwarebytes.org/Qoofix.zip
    Unzip all files to a convenient location such as C:\Qoofix.
    Go to the folder you unzipped all files and run Qoofix.exe.
    Click Begin Removal and wait for the scan to finish.
    If an infection has been found, select yes to restart your computer.

    The logfile is automatically saved to the same location as Qoofix, please post that back into your next reply
     
  3. petiac

    petiac Thread Starter

    Joined:
    Aug 10, 2005
    Messages:
    54
    Qoofix v1.02 by http://www.malwarebytes.org
    Scan started on [7/21/2006] at [3:07:03 PM]
    -------------------------------------------------------------
    No malicious modules found!
    -------------------------------------------------------------
    No Qoologic infected files found!
    -------------------------------------------------------------
    Scan COMPLETED SUCCESSFULLY on [7/21/2006] at [3:08:24 PM]

    Note: Some registry keys may have been removed.


    Logfile of HijackThis v1.99.1
    Scan saved at 3:09:41 PM, on 7/21/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\Program Files\ewido anti-spyware 4.0\guard.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\Program Files\ewido anti-spyware 4.0\ewido.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\QOOS\Qoofix.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Documents and Settings\Pam Newland\Desktop\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    O2 - BHO: (no name) - {00172AD1-F4BD-48C0-AEB5-A4CFE4638393} - (no file)
    O2 - BHO: (no name) - {00871DF4-9ADF-4CD5-AEB7-61C6F3641ED2} - (no file)
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {116D6D93-3E38-4BA3-9C84-421ACBAE081D} - (no file)
    O2 - BHO: (no name) - {17D54DF5-ED2A-4BDC-8287-B8F9429EDECC} - (no file)
    O2 - BHO: (no name) - {192917C6-674E-4FC3-8FA5-5906A9D92A21} - (no file)
    O2 - BHO: (no name) - {30460995-2C13-4053-BD04-4739F9EE76A5} - (no file)
    O2 - BHO: (no name) - {3241A5B5-5C15-495D-B44C-86F7A2DB9732} - (no file)
    O2 - BHO: (no name) - {331A1676-19AF-4C8B-9C09-4122CB3C20C0} - (no file)
    O2 - BHO: (no name) - {443C6678-E94B-4894-99C4-32BFE75F315E} - (no file)
    O2 - BHO: (no name) - {45B8306C-DCA2-41F3-B6A7-D0B4D4D2AB7D} - (no file)
    O2 - BHO: (no name) - {502485B8-5A71-4C21-8641-8E02A06EAFDE} - (no file)
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {5B75B38B-D05B-4F82-908E-34B29565088F} - (no file)
    O2 - BHO: (no name) - {6FC0F961-FDFF-4536-AC4C-DDE0B9F23652} - (no file)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: (no name) - {7FF0544F-BD6F-45E1-A7C4-932442EDFF4D} - (no file)
    O2 - BHO: (no name) - {81BEA0C8-0CFD-4A1D-929B-504B257A8417} - (no file)
    O2 - BHO: (no name) - {856FD7E8-CCF3-4A7D-96F8-17113B29D243} - (no file)
    O2 - BHO: (no name) - {85D10AFF-F517-4752-BACE-634AAB78B713} - C:\Program Files\Windows NT\hozemo.dll
    O2 - BHO: (no name) - {930629D9-368F-47FD-ABA1-0EFA36F6818E} - (no file)
    O2 - BHO: (no name) - {996D0114-9DC0-4774-A8C4-2E72F38BD30E} - (no file)
    O2 - BHO: (no name) - {A1B43EBC-73C3-4B78-8EEA-95F835C4D90B} - (no file)
    O2 - BHO: (no name) - {B56283C5-FC2A-4F81-AF0B-D75CC744083C} - (no file)
    O2 - BHO: (no name) - {B6A01D05-5C8A-410A-8055-0FCEDE1A327A} - (no file)
    O2 - BHO: (no name) - {BDCC748B-5FBF-49BC-86C3-49838EBEBE74} - (no file)
    O2 - BHO: (no name) - {C0665941-FB2F-4A59-8876-0AEFB86C5840} - (no file)
    O2 - BHO: (no name) - {C4FE7A31-C891-4297-82E1-0CF5057053DA} - (no file)
    O2 - BHO: (no name) - {C6A84F20-E016-49A4-BA59-0F34C9091779} - (no file)
    O2 - BHO: (no name) - {CBDB2B98-376F-4A23-B8F0-4F70727212F5} - (no file)
    O2 - BHO: (no name) - {D31249CF-78DE-4A4C-96BB-64F38F6C5787} - (no file)
    O2 - BHO: (no name) - {D4F01B94-C3C1-4346-A5C4-E7ACE6E8D93A} - (no file)
    O2 - BHO: (no name) - {D6FB2D6F-E991-41B9-89D6-9E6F098756CF} - (no file)
    O2 - BHO: (no name) - {DCBE4CE5-F0D0-478C-AAD8-A49BA9442183} - (no file)
    O2 - BHO: (no name) - {DE002DCF-017E-4617-9F33-ED1A0255F22D} - (no file)
    O2 - BHO: (no name) - {DFE31378-3C27-4385-8E3E-BEEEF1FE5E23} - C:\Program Files\Windows NT\hozemo.dll
    O2 - BHO: (no name) - {E434D3C7-A673-4100-8140-79C020945017} - (no file)
    O2 - BHO: (no name) - {E683D98D-3C0A-43FA-9741-566965D90EB9} - (no file)
    O2 - BHO: (no name) - {E89B4D1B-07F8-4EA2-976B-FBC5BFFA7DEE} - (no file)
    O2 - BHO: (no name) - {EA2CE042-F39C-4979-A2DD-41AE1D94A330} - (no file)
    O2 - BHO: (no name) - {EB9BD5FB-E984-4043-BDF9-3E829932EFE3} - (no file)
    O2 - BHO: (no name) - {EECAF3A5-661D-4683-9574-0AC1F99F10EC} - (no file)
    O2 - BHO: (no name) - {FB0D6A7E-11F7-44C5-AE9A-96FF1E15001E} - (no file)
    O3 - Toolbar: (no name) - {53829F91-1B06-4DB9-B13E-812A986169F9} - (no file)
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [adstart] iexplore.exe http://iesettingsupdate
    O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [VSL07.exe] C:\WINDOWS\system32\VSL07.exe
    O4 - HKCU\..\Run: [ssqbn.exe] C:\WINDOWS\system32\ssqbn.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O15 - Trusted Zone: *.elitemediagroup.net
    O15 - Trusted Zone: *.media-motor.net
    O15 - Trusted Zone: *.mmohsix.com
    O16 - DPF: CM_AdvancedCAB - https://www.gs.reyrey.com/common/ClientCheck/CM_AdvancedCAB.CAB
    O16 - DPF: PrintTemplateViewerCab - https://www.gs.reyrey.com/clientdll/printtemplateviewer.cab
    O16 - DPF: {31175300-AC0E-11D4-A326-00104B37A903} (VirtualChannel Class) - http://imgsv01/dv/cab/RRE2GSCTSServer.cab
    O16 - DPF: {3C648A72-C49A-48EF-9F90-68EF13293F97} (Cacher Class) - http://www.priv.njmls.xmlsweb.com/XMLSearch/XMLCache.CAB
    O16 - DPF: {4AD73894-A895-4FC2-B233-299867E08753} (Cadwkzctl Object) - http://apps.deskwizz.com/ax/adwerkz.cab
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://bin.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,84/mcinsctl.cab
    O16 - DPF: {5526B4C6-63D6-41A1-9783-0FABF529859A} - http://cabs.elitemediagroup.net/cabs/mediaview.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1096570754015
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {9AC54695-69A4-46F1-BE10-10C74F9520D5} - http://cabs.elitemediagroup.net/cabs/mediaview.cab
    O16 - DPF: {AC6E313D-FE79-11D3-BF9F-00105A9D6E6E} (RRE2GSCFileDownload.FileDownload) - http://imgsv01/dv/cab/RRE2GSCFileDownload.CAB
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
    O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://bin.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,21/mcgdmgr.cab
    O16 - DPF: {BF891E15-BD3F-11D3-9AA1-444553540000} (TVC_HyperView Class) - http://imgsv01/dv/cab/TVC_ViewerCab.CAB
    O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} - http://fdl.msn.com/zone/datafiles/heartbeat.cab
    O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,1,0,4682/mcfscan.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{59BC02A1-823A-4874-B4B4-095C61EA01D3}: NameServer = 216.41.101.17,204.17.65.2
    O17 - HKLM\System\CS1\Services\Tcpip\..\{59BC02A1-823A-4874-B4B4-095C61EA01D3}: NameServer = 216.41.101.17,204.17.65.2
    O18 - Filter: text/html - {0F9A5F09-3BFD-40D3-85FE-36227430A374} - (no file)
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
     
  4. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    Run HJT again and put a check in the following:

    O2 - BHO: (no name) - {00172AD1-F4BD-48C0-AEB5-A4CFE4638393} - (no file)
    O2 - BHO: (no name) - {00871DF4-9ADF-4CD5-AEB7-61C6F3641ED2} - (no file)
    O2 - BHO: (no name) - {116D6D93-3E38-4BA3-9C84-421ACBAE081D} - (no file)
    O2 - BHO: (no name) - {17D54DF5-ED2A-4BDC-8287-B8F9429EDECC} - (no file)
    O2 - BHO: (no name) - {192917C6-674E-4FC3-8FA5-5906A9D92A21} - (no file)
    O2 - BHO: (no name) - {30460995-2C13-4053-BD04-4739F9EE76A5} - (no file)
    O2 - BHO: (no name) - {3241A5B5-5C15-495D-B44C-86F7A2DB9732} - (no file)
    O2 - BHO: (no name) - {331A1676-19AF-4C8B-9C09-4122CB3C20C0} - (no file)
    O2 - BHO: (no name) - {443C6678-E94B-4894-99C4-32BFE75F315E} - (no file)
    O2 - BHO: (no name) - {45B8306C-DCA2-41F3-B6A7-D0B4D4D2AB7D} - (no file)
    O2 - BHO: (no name) - {502485B8-5A71-4C21-8641-8E02A06EAFDE} - (no file)
    O2 - BHO: (no name) - {5B75B38B-D05B-4F82-908E-34B29565088F} - (no file)
    O2 - BHO: (no name) - {6FC0F961-FDFF-4536-AC4C-DDE0B9F23652} - (no file)
    O2 - BHO: (no name) - {7FF0544F-BD6F-45E1-A7C4-932442EDFF4D} - (no file)
    O2 - BHO: (no name) - {81BEA0C8-0CFD-4A1D-929B-504B257A8417} - (no file)
    O2 - BHO: (no name) - {856FD7E8-CCF3-4A7D-96F8-17113B29D243} - (no file)
    O2 - BHO: (no name) - {930629D9-368F-47FD-ABA1-0EFA36F6818E} - (no file)
    O2 - BHO: (no name) - {996D0114-9DC0-4774-A8C4-2E72F38BD30E} - (no file)
    O2 - BHO: (no name) - {A1B43EBC-73C3-4B78-8EEA-95F835C4D90B} - (no file)
    O2 - BHO: (no name) - {B56283C5-FC2A-4F81-AF0B-D75CC744083C} - (no file)
    O2 - BHO: (no name) - {B6A01D05-5C8A-410A-8055-0FCEDE1A327A} - (no file)
    O2 - BHO: (no name) - {BDCC748B-5FBF-49BC-86C3-49838EBEBE74} - (no file)
    O2 - BHO: (no name) - {C0665941-FB2F-4A59-8876-0AEFB86C5840} - (no file)
    O2 - BHO: (no name) - {C4FE7A31-C891-4297-82E1-0CF5057053DA} - (no file)
    O2 - BHO: (no name) - {C6A84F20-E016-49A4-BA59-0F34C9091779} - (no file)
    O2 - BHO: (no name) - {CBDB2B98-376F-4A23-B8F0-4F70727212F5} - (no file)
    O2 - BHO: (no name) - {D31249CF-78DE-4A4C-96BB-64F38F6C5787} - (no file)
    O2 - BHO: (no name) - {D4F01B94-C3C1-4346-A5C4-E7ACE6E8D93A} - (no file)
    O2 - BHO: (no name) - {D6FB2D6F-E991-41B9-89D6-9E6F098756CF} - (no file)
    O2 - BHO: (no name) - {DCBE4CE5-F0D0-478C-AAD8-A49BA9442183} - (no file)
    O2 - BHO: (no name) - {DE002DCF-017E-4617-9F33-ED1A0255F22D} - (no file)
    O2 - BHO: (no name) - {DFE31378-3C27-4385-8E3E-BEEEF1FE5E23} - C:\Program Files\Windows NT\hozemo.dll
    O2 - BHO: (no name) - {E434D3C7-A673-4100-8140-79C020945017} - (no file)
    O2 - BHO: (no name) - {E683D98D-3C0A-43FA-9741-566965D90EB9} - (no file)
    O2 - BHO: (no name) - {E89B4D1B-07F8-4EA2-976B-FBC5BFFA7DEE} - (no file)
    O2 - BHO: (no name) - {EA2CE042-F39C-4979-A2DD-41AE1D94A330} - (no file)
    O2 - BHO: (no name) - {EB9BD5FB-E984-4043-BDF9-3E829932EFE3} - (no file)
    O2 - BHO: (no name) - {EECAF3A5-661D-4683-9574-0AC1F99F10EC} - (no file)
    O2 - BHO: (no name) - {FB0D6A7E-11F7-44C5-AE9A-96FF1E15001E} - (no file)
    O3 - Toolbar: (no name) - {53829F91-1B06-4DB9-B13E-812A986169F9} - (no file)
    O4 - HKLM\..\Run: [adstart] iexplore.exe http://iesettingsupdate
    O4 - HKCU\..\Run: [VSL07.exe] C:\WINDOWS\system32\VSL07.exe
    O4 - HKCU\..\Run: [ssqbn.exe] C:\WINDOWS\system32\ssqbn.exe
    O15 - Trusted Zone: *.elitemediagroup.net
    O15 - Trusted Zone: *.media-motor.net
    O15 - Trusted Zone: *.mmohsix.com
    O16 - DPF: {5526B4C6-63D6-41A1-9783-0FABF529859A} - http://cabs.elitemediagroup.net/cabs/mediaview.cab
    O16 - DPF: {9AC54695-69A4-46F1-BE10-10C74F9520D5} - http://cabs.elitemediagroup.net/cabs/mediaview.cab
    O18 - Filter: text/html - {0F9A5F09-3BFD-40D3-85FE-36227430A374} - (no file)

    Close all applications and browser windows before you click "fix checked".



    Click Here and download Killbox and save it to your desktop.



    Double-click on Killbox.exe to run it.
    Put a tick by Delete on Reboot.
    Copy the following list of files to clipboard, CTRL+C to copy
    Now in Killbox go to File, Paste from clipboard.
    Click the All Files button.
    Click on the button that has the red circle with the X in the middle.
    It will ask for confimation to delete the file.
    Click Yes.
    It will ask if you want to reboot now,
    Click Yes.




    Run ActiveScan online virus scan here

    When the scan is finished, anything that it cannot clean have it delete it. Make a note of the file location of anything that cannot be deleted so you can delete it yourself.
    - Save the results from the scan!

    Post a new HiJack This log along with the results from ActiveScan.
     
  5. petiac

    petiac Thread Starter

    Joined:
    Aug 10, 2005
    Messages:
    54
    Logfile of HijackThis v1.99.1
    Scan saved at 4:09:46 PM, on 7/21/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\Program Files\ewido anti-spyware 4.0\guard.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\Pam Newland\Desktop\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: (no name) - {85D10AFF-F517-4752-BACE-634AAB78B713} - C:\Program Files\Windows NT\hozemo.dll (file missing)
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: CM_AdvancedCAB - https://www.gs.reyrey.com/common/ClientCheck/CM_AdvancedCAB.CAB
    O16 - DPF: PrintTemplateViewerCab - https://www.gs.reyrey.com/clientdll/printtemplateviewer.cab
    O16 - DPF: {31175300-AC0E-11D4-A326-00104B37A903} (VirtualChannel Class) - http://imgsv01/dv/cab/RRE2GSCTSServer.cab
    O16 - DPF: {3C648A72-C49A-48EF-9F90-68EF13293F97} (Cacher Class) - http://www.priv.njmls.xmlsweb.com/XMLSearch/XMLCache.CAB
    O16 - DPF: {4AD73894-A895-4FC2-B233-299867E08753} (Cadwkzctl Object) - http://apps.deskwizz.com/ax/adwerkz.cab
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://bin.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,84/mcinsctl.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1096570754015
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {AC6E313D-FE79-11D3-BF9F-00105A9D6E6E} (RRE2GSCFileDownload.FileDownload) - http://imgsv01/dv/cab/RRE2GSCFileDownload.CAB
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
    O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://bin.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,21/mcgdmgr.cab
    O16 - DPF: {BF891E15-BD3F-11D3-9AA1-444553540000} (TVC_HyperView Class) - http://imgsv01/dv/cab/TVC_ViewerCab.CAB
    O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} - http://fdl.msn.com/zone/datafiles/heartbeat.cab
    O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,1,0,4682/mcfscan.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{59BC02A1-823A-4874-B4B4-095C61EA01D3}: NameServer = 216.41.101.17,204.17.65.2
    O17 - HKLM\System\CS1\Services\Tcpip\..\{59BC02A1-823A-4874-B4B4-095C61EA01D3}: NameServer = 216.41.101.17,204.17.65.2
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe


    Incident Status Location

    Virus:Trj/Downloader.JKC Disinfected C:\!KillBox\ssqbn.exe
    Adware:Adware/Deskwizz Not disinfected C:\!KillBox\VSL07.exe[VSL.dl_]
    Adware:Adware/Deskwizz Not disinfected C:\!KillBox\VSL07.exe[auxe.exe]
    Adware:Adware/Deskwizz Not disinfected C:\!KillBox\VSL07.exe( 1)[VSL.dl_]
    Adware:Adware/Deskwizz Not disinfected C:\!KillBox\VSL07.exe( 1)[auxe.exe]
    Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Pam Newland\Cookies\Application Data\Mozilla\Firefox\Profiles\8nms860z.default\cookies.txt[.statcounter.com/]
    Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Pam Newland\Cookies\Application Data\Mozilla\Firefox\Profiles\8nms860z.default\cookies.txt[.apmebf.com/]
    Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Pam Newland\Cookies\Application Data\Mozilla\Firefox\Profiles\8nms860z.default\cookies.txt[.belnk.com/]
    Spyware:Cookie/Entrepreneur Not disinfected C:\Documents and Settings\Pam Newland\Cookies\Application Data\Mozilla\Firefox\Profiles\8nms860z.default\cookies.txt[.entrepreneur.com/]
    Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\Pam Newland\Cookies\Application Data\Mozilla\Firefox\Profiles\8nms860z.default\cookies.txt[.maxserving.com/]
    Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Pam Newland\Cookies\Application Data\Mozilla\Firefox\Profiles\8nms860z.default\cookies.txt[.realmedia.com/]
    Spyware:Cookie/DomainSponsor Not disinfected C:\Documents and Settings\Pam Newland\Cookies\Application Data\Mozilla\Firefox\Profiles\8nms860z.default\cookies.txt[landing.domainsponsor.com/]
    Spyware:Spyware/SafeSurf Not disinfected C:\Documents and Settings\Pam Newland\Local Settings\Temp\b2s_iris.exe[irisinst.exe][ExtractDLL.dll]
    Adware:Adware/eZula Not disinfected C:\Documents and Settings\Pam Newland\Local Settings\Temp\b2s_iris.exe[b2search.exe][²èÇ]
    Spyware:Spyware/SafeSurf Not disinfected C:\Documents and Settings\Pam Newland\Local Settings\Temp\ExtractDLL.dll
    Spyware:Spyware/SafeSurf Not disinfected C:\Documents and Settings\Pam Newland\Local Settings\Temp\II120.tmp[ExtractDLL.dll]
    Spyware:Spyware/SafeSurf Not disinfected C:\Documents and Settings\Pam Newland\Local Settings\Temp\II186.tmp[ExtractDLL.dll]
    Spyware:Spyware/SafeSurf Not disinfected C:\Documents and Settings\Pam Newland\Local Settings\Temp\II198.tmp[ExtractDLL.dll]
    Spyware:Spyware/SafeSurf Not disinfected C:\Documents and Settings\Pam Newland\Local Settings\Temp\II1CC.tmp[ExtractDLL.dll]
    Spyware:Spyware/SafeSurf Not disinfected C:\Documents and Settings\Pam Newland\Local Settings\Temp\II1E3.tmp[ExtractDLL.dll]
    Spyware:Spyware/SafeSurf Not disinfected C:\Documents and Settings\Pam Newland\Local Settings\Temp\II1EB.tmp[ExtractDLL.dll]
    Spyware:Spyware/SafeSurf Not disinfected C:\Documents and Settings\Pam Newland\Local Settings\Temp\II1FB.tmp[ExtractDLL.dll]
    Spyware:Spyware/SafeSurf Not disinfected C:\Documents and Settings\Pam Newland\Local Settings\Temp\II251.tmp[ExtractDLL.dll]
    Spyware:Spyware/SafeSurf Not disinfected C:\Documents and Settings\Pam Newland\Local Settings\Temp\II26A.tmp[ExtractDLL.dll]
    Spyware:Spyware/SafeSurf Not disinfected C:\Documents and Settings\Pam Newland\Local Settings\Temp\II281.tmp[ExtractDLL.dll]
    Spyware:Spyware/SafeSurf Not disinfected C:\Documents and Settings\Pam Newland\Local Settings\Temp\II2C.tmp[ExtractDLL.dll]
    Spyware:Spyware/SafeSurf Not disinfected C:\Documents and Settings\Pam Newland\Local Settings\Temp\II2F4.tmp[ExtractDLL.dll]
    Spyware:Spyware/SafeSurf Not disinfected C:\Documents and Settings\Pam Newland\Local Settings\Temp\II32D.tmp[ExtractDLL.dll]
    Spyware:Spyware/SafeSurf Not disinfected C:\Documents and Settings\Pam Newland\Local Settings\Temp\II66.tmp[ExtractDLL.dll]
    Spyware:Spyware/SafeSurf Not disinfected C:\Documents and Settings\Pam Newland\Local Settings\Temp\INV1.tmp
    Spyware:Spyware/SafeSurf Not disinfected C:\Documents and Settings\Pam Newland\Local Settings\Temp\INV3.tmp[ExtractDLL.dll]
    Spyware:Spyware/SafeSurf Not disinfected C:\Documents and Settings\Pam Newland\Local Settings\Temp\irisinst.exe[ExtractDLL.dll]
    Spyware:Spyware/SafeSurf Not disinfected C:\Documents and Settings\Pam Newland\Local Settings\Temp\s39s.i.exe[ExtractDLL.dll]
    Spyware:Spyware/SafeSurf Not disinfected C:\Documents and Settings\Pam Newland\Local Settings\Temp\s5mo.4.exe[ExtractDLL.dll]
    Spyware:Spyware/SafeSurf Not disinfected C:\Documents and Settings\Pam Newland\Local Settings\Temp\sdg.4.exe
    Adware:Adware/Deskwizz Not disinfected C:\Documents and Settings\Pam Newland\Local Settings\Temp\VSL07.exe[VSL.dl_]
    Adware:Adware/Deskwizz Not disinfected C:\Documents and Settings\Pam Newland\Local Settings\Temp\VSL07.exe[auxe.exe]
    Adware:Adware/Deskwizz Not disinfected C:\Documents and Settings\Pam Newland\Local Settings\Temporary Internet Files\Content.IE5\4X67S96N\VSL07[1].exe[VSL.dl_]
    Adware:Adware/Deskwizz Not disinfected C:\Documents and Settings\Pam Newland\Local Settings\Temporary Internet Files\Content.IE5\4X67S96N\VSL07[1].exe[auxe.exe]
    Virus:Trj/Downloader.JKC Disinfected C:\Documents and Settings\Pam Newland\Local Settings\Temporary Internet Files\Content.IE5\RJB7TIT9\ssqbn[1].exe
    Adware:Adware/Deskwizz Not disinfected C:\WINDOWS\system32\adwerkz.dll
    Adware:Adware/DigInk Not disinfected C:\WINDOWS\Tagasuarus2.exe
    Adware:Adware/PurityScan Not disinfected C:\WINDOWS\YazzleBundle-1304.exe
    Adware:Adware/MediaTickets Not disinfected C:\WINDOWS\YOINSI.exe

    just a note it said in your instructions to save the file location of anything that cannot be deleted. i have the log saved but i did not delete anything just ran scans and posted these logs.
     
  6. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    Run HJT again and put a check in the following:

    O2 - BHO: (no name) - {85D10AFF-F517-4752-BACE-634AAB78B713} - C:\Program Files\Windows NT\hozemo.dll (file missing)

    Close all applications and browser windows before you click "fix checked".


    Restart in Safe Mode.
    Click here to see how.


    Open Windows Explorer. Go to Tools, Folder Options and click on the View tab. Make sure that "Show hidden files and folders" is checked. Also uncheck "Hide protected operating system files". Now click "Apply to all folders" Click "Apply" then "OK".


    Navigate to the C:\Windows\Temp folder. Open the Temp folder and go to Edit > Select All then Edit > Delete to delete the entire contents of the Temp folder.

    Next navigate to the C:\Documents and Settings\Pam Newland\ (Repeat for all user names)\Local Settings\Temp folder. Open the Temp folder and go to Edit > Select All then Edit > Delete to delete the entire contents of the Temp folder.

    Finally go to Control Panel > Internet Options. On the General tab under "Temporary Internet Files" Click "Delete Files".

    Put a check by "Delete Offline Content" and click OK.

    Empty your recycle bin.




    Double-click on Killbox.exe to run it.
    Put a tick by Delete on Reboot.
    Copy the following list of files to clipboard, CTRL+C to copy
    Now in Killbox go to File, Paste from clipboard.
    Click the All Files button.
    Click on the button that has the red circle with the X in the middle.
    It will ask for confimation to delete the file.
    Click Yes.
    It will ask if you want to reboot now,
    Click Yes.

    After the reboot post your log again and let me know if you still have problems.
     
  7. petiac

    petiac Thread Starter

    Joined:
    Aug 10, 2005
    Messages:
    54
    Logfile of HijackThis v1.99.1
    Scan saved at 4:54:38 PM, on 7/21/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\Program Files\ewido anti-spyware 4.0\guard.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Documents and Settings\Pam Newland\Desktop\HijackThis.exe
    C:\WINDOWS\system32\WgaTray.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: CM_AdvancedCAB - https://www.gs.reyrey.com/common/ClientCheck/CM_AdvancedCAB.CAB
    O16 - DPF: PrintTemplateViewerCab - https://www.gs.reyrey.com/clientdll/printtemplateviewer.cab
    O16 - DPF: {31175300-AC0E-11D4-A326-00104B37A903} (VirtualChannel Class) - http://imgsv01/dv/cab/RRE2GSCTSServer.cab
    O16 - DPF: {3C648A72-C49A-48EF-9F90-68EF13293F97} (Cacher Class) - http://www.priv.njmls.xmlsweb.com/XMLSearch/XMLCache.CAB
    O16 - DPF: {4AD73894-A895-4FC2-B233-299867E08753} (Cadwkzctl Object) - http://apps.deskwizz.com/ax/adwerkz.cab
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://bin.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,84/mcinsctl.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1096570754015
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {AC6E313D-FE79-11D3-BF9F-00105A9D6E6E} (RRE2GSCFileDownload.FileDownload) - http://imgsv01/dv/cab/RRE2GSCFileDownload.CAB
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
    O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://bin.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,21/mcgdmgr.cab
    O16 - DPF: {BF891E15-BD3F-11D3-9AA1-444553540000} (TVC_HyperView Class) - http://imgsv01/dv/cab/TVC_ViewerCab.CAB
    O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} - http://fdl.msn.com/zone/datafiles/heartbeat.cab
    O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,1,0,4682/mcfscan.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{59BC02A1-823A-4874-B4B4-095C61EA01D3}: NameServer = 216.41.101.17,204.17.65.2
    O17 - HKLM\System\CS1\Services\Tcpip\..\{59BC02A1-823A-4874-B4B4-095C61EA01D3}: NameServer = 216.41.101.17,204.17.65.2
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

    this is my latest log, now most seems okay no popups and avg is not longer telling me i have viruses. but still on initial startup or reboot im getting a warning message still telling me active x controls are disabled pages might not load properly. but all settings in IE seem to be set properly

    just to let u know this is going to be my last post till monday. so if u have any further instructions or if u would like to see a screenshot of the last warning message im getting just let me know i will post it on monday and check for any further instructions from u.
    thanks for everything u have done sofar. but the weekend is here and time to leave computers and virusus behind
     
  8. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    OK, have a good weekend and post again on Monday! :)
     
  9. petiac

    petiac Thread Starter

    Joined:
    Aug 10, 2005
    Messages:
    54
    ok, in my last post i said all looks good except for 1 item, found out what was giving me the message stating active x is disabled i fixed that had to do with some picture that was on this computer as part of the desktop picture i disabled it and now all looks good. posted my hjt log so u can look it over but all seems good.


    Logfile of HijackThis v1.99.1
    Scan saved at 12:34:57 PM, on 7/24/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\Program Files\ewido anti-spyware 4.0\guard.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Documents and Settings\Pam Newland\Desktop\HijackThis.exe
    C:\Program Files\Mozilla Firefox\firefox.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: CM_AdvancedCAB - https://www.gs.reyrey.com/common/ClientCheck/CM_AdvancedCAB.CAB
    O16 - DPF: PrintTemplateViewerCab - https://www.gs.reyrey.com/clientdll/printtemplateviewer.cab
    O16 - DPF: {31175300-AC0E-11D4-A326-00104B37A903} (VirtualChannel Class) - http://imgsv01/dv/cab/RRE2GSCTSServer.cab
    O16 - DPF: {3C648A72-C49A-48EF-9F90-68EF13293F97} (Cacher Class) - http://www.priv.njmls.xmlsweb.com/XMLSearch/XMLCache.CAB
    O16 - DPF: {4AD73894-A895-4FC2-B233-299867E08753} (Cadwkzctl Object) - http://apps.deskwizz.com/ax/adwerkz.cab
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://bin.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,84/mcinsctl.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1096570754015
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {AC6E313D-FE79-11D3-BF9F-00105A9D6E6E} (RRE2GSCFileDownload.FileDownload) - http://imgsv01/dv/cab/RRE2GSCFileDownload.CAB
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
    O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://bin.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,21/mcgdmgr.cab
    O16 - DPF: {BF891E15-BD3F-11D3-9AA1-444553540000} (TVC_HyperView Class) - http://imgsv01/dv/cab/TVC_ViewerCab.CAB
    O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} - http://fdl.msn.com/zone/datafiles/heartbeat.cab
    O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,1,0,4682/mcfscan.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{59BC02A1-823A-4874-B4B4-095C61EA01D3}: NameServer = 216.41.101.17,204.17.65.2
    O17 - HKLM\System\CS1\Services\Tcpip\..\{59BC02A1-823A-4874-B4B4-095C61EA01D3}: NameServer = 216.41.101.17,204.17.65.2
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
     
  10. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    Looks good!

    It's a good idea to Flush your System Restore after removing malware:

    • On the Desktop, right-click My Computer.
    • Click Properties.
    • Click the System Restore tab.
    • Check Turn off System Restore.
    • Click Apply, and then click OK.
    • Restart the computer.

    To create a new restore point:
    • Start go to All Programs
    • Accessories, System Tools and select System Restore.
    • In the System Restore wizard, select "Create a restore point" and click the Next button.
    • Type a description for your new restore point. Something like "After trojan/spyware cleanup".
    • Click Create and you're done.



    :)
     
  11. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/485149

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice