'about:blank and Quick Web Search' Hijack

Status
Not open for further replies.
I was able to complete the second set of suggested clean-up steps late yesterday afternoon. Started with Ad-Aware and VX2 add-on, CWShredder, and Spybot - allowed these applications to clean-up whatever they could. Next followed the HiJackThis clean-up steps and addressed the items that still remained. There were a number of differences in the current HiJackThis elements, probably due to the previous clean-up steps that had been completed. Ran About Buster again and then verified that the next set of identified files were no longer present on the system. Lastly performed the requested system scans. Following are logs from About Buster, HiJackThis, Ewido, and Panda Scan.

Current About Buster log ---

AboutBuster 5.0 reference file 30
Scan started on [7/14/2005] at [3:43:27 PM]
------------------------------------------------
Removed Stream! C:\WINNT\KB890046.log:nzcttu
Removed Stream! C:\WINNT\KB891781.log:fauyne
Removed Stream! C:\WINNT\ockodak.log:laygbm
Removed Stream! C:\WINNT\Prairie Wind.bmp:wodhnc
Removed Stream! C:\WINNT\QDQICK.ini:ppvvpm
Removed Stream! C:\WINNT\QFNONL.ini:jndwhs
Removed Stream! C:\WINNT\setupact.log:gdizdf
Removed Stream! C:\WINNT\wcshd.log:jvixxr
Removed Stream! C:\WINNT\Windows Update.log:bnblrc
------------------------------------------------
No Files Found!
------------------------------------------------
Scan was COMPLETED SUCCESSFULLY at 3:43:29 PM


Current HijackThis log ---

Logfile of HijackThis v1.99.1
Scan saved at 4:20:05 PM, on 7/14/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINNT\system32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\PROGRA~1\NORTON~2\navapw32.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINNT\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINNT\system32\RUNDLL32.EXE
C:\PROGRA~1\Comcast\COMCAS~1\data\Xtras\mssysmgr.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Norton CleanSweep\csinsmNT.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpomau08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINNT\system32\wuauclt.exe
C:\WINNT\system32\ntvdm.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoFXM08.exe
C:\Windows Virus Spyware Software\CastleCops\HJT V1.99.1\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~2\navapw32.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINNT\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe"
O4 - HKLM\..\Run: [SpyFighterMonitor] "C:\Program Files\SpyFighter\SpyFighter.exe" monitor
O4 - HKLM\..\Run: [SpyFighterUpdate] "C:\Program Files\SpyFighter\AutoUpdate.exe" silent
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\system32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Comcast\COMCAS~1\data\Xtras\mssysmgr.exe
O4 - Startup: Billminder.lnk = C:\QUICKENW\billmind.exe
O4 - Global Startup: CleanSweep Smart Sweep-Internet Sweep.LNK = C:\Program Files\Norton CleanSweep\csinsmNT.exe
O4 - Global Startup: hp officejet 4100 series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpomau08.exe
O4 - Global Startup: hpoddt01.exe.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O16 - DPF: {90051A81-3018-4826-8B38-DD60B6B53F9C} (Snapfish File Upload ActiveX Control) - http://www.snapfish.com/SnapfishUpload.cab
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\system32\HPZipm12.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe


Current Ewido Scan log ---

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 4:14:59 PM, 7/14/2005
+ Report-Checksum: 28586CD0

+ Scan result:

HKLM\SOFTWARE\Classes\CLSID\{76F18F16-733A-0846-76E8-539AF77E1477} -> Spyware.CoolWebSearch : Cleaned with backup
C:\Documents and Settings\Jennings\Cookies\jennings@112.2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Jennings\Cookies\jennings@247realmedia[1].txt -> Spyware.Cookie.247realmedia : Cleaned with backup
C:\Documents and Settings\Jennings\Cookies\jennings@2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Jennings\Cookies\jennings@ads.addynamix[1].txt -> Spyware.Cookie.Addynamix : Cleaned with backup
C:\Documents and Settings\Jennings\Cookies\jennings@ads.pointroll[2].txt -> Spyware.Cookie.Pointroll : Cleaned with backup
C:\Documents and Settings\Jennings\Cookies\jennings@adtech[2].txt -> Spyware.Cookie.Adtech : Cleaned with backup
C:\Documents and Settings\Jennings\Cookies\jennings@advertising[1].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\Jennings\Cookies\jennings@atdmt[2].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\Documents and Settings\Jennings\Cookies\jennings@bfast[2].txt -> Spyware.Cookie.Bfast : Cleaned with backup
C:\Documents and Settings\Jennings\Cookies\jennings@bluestreak[1].txt -> Spyware.Cookie.Bluestreak : Cleaned with backup
C:\Documents and Settings\Jennings\Cookies\jennings@bs.serving-sys[1].txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
C:\Documents and Settings\Jennings\Cookies\jennings@centrport[2].txt -> Spyware.Cookie.Centrport : Cleaned with backup
C:\Documents and Settings\Jennings\Cookies\jennings@commission-junction[2].txt -> Spyware.Cookie.Commission-junction : Cleaned with backup
C:\Documents and Settings\Jennings\Cookies\jennings@counter1.sextracker[1].txt -> Spyware.Cookie.Sextracker : Cleaned with backup
C:\Documents and Settings\Jennings\Cookies\jennings@counter10.sextracker[1].txt -> Spyware.Cookie.Sextracker : Cleaned with backup
C:\Documents and Settings\Jennings\Cookies\jennings@counter11.sextracker[1].txt -> Spyware.Cookie.Sextracker : Cleaned with backup
C:\Documents and Settings\Jennings\Cookies\jennings@counter12.sextracker[2].txt -> Spyware.Cookie.Sextracker : Cleaned with backup
C:\Documents and Settings\Jennings\Cookies\jennings@counter13.sextracker[2].txt -> Spyware.Cookie.Sextracker : Cleaned with backup
C:\Documents and Settings\Jennings\Cookies\jennings@counter14.sextracker[2].txt -> Spyware.Cookie.Sextracker : Cleaned with backup
C:\Documents and Settings\Jennings\Cookies\jennings@counter15.sextracker[1].txt -> Spyware.Cookie.Sextracker : Cleaned with backup
C:\Documents and Settings\Jennings\Cookies\jennings@counter16.sextracker[2].txt -> Spyware.Cookie.Sextracker : Cleaned with backup
C:\Documents and Settings\Jennings\Cookies\jennings@counter2.sextracker[1].txt -> Spyware.Cookie.Sextracker : Cleaned with backup
C:\Documents and Settings\Jennings\Cookies\jennings@counter3.sextracker[2].txt -> Spyware.Cookie.Sextracker : Cleaned with backup
C:\Documents and Settings\Jennings\Cookies\jennings@counter6.sextracker[2].txt -> Spyware.Cookie.Sextracker : Cleaned with backup
C:\Documents and Settings\Jennings\Cookies\jennings@counter7.sextracker[1].txt -> Spyware.Cookie.Sextracker : Cleaned with backup
C:\Documents and Settings\Jennings\Cookies\jennings@counter8.sextracker[1].txt -> Spyware.Cookie.Sextracker : Cleaned with backup
C:\Documents and Settings\Jennings\Cookies\jennings@data.coremetrics[1].txt -> Spyware.Cookie.Coremetrics : Cleaned with backup
C:\Documents and Settings\Jennings\Cookies\jennings@doubleclick[2].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\Jennings\Cookies\jennings@edge.ru4[2].txt -> Spyware.Cookie.Ru4 : Cleaned with backup
C:\Documents and Settings\Jennings\Cookies\jennings@ehg-bskyb.hitbox[2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Jennings\Cookies\jennings@ehg-comcast.hitbox[1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Jennings\Cookies\jennings@ehg-dig.hitbox[2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Jennings\Cookies\jennings@ehg-foxsports.hitbox[2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Jennings\Cookies\jennings@ehg-lowermybills.hitbox[1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Jennings\Cookies\jennings@ehg-mccormick.hitbox[2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Jennings\Cookies\jennings@fastclick[1].txt -> Spyware.Cookie.Fastclick : Cleaned with backup
C:\Documents and Settings\Jennings\Cookies\jennings@hg1.hitbox[1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Jennings\Cookies\jennings@hitbox[2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Jennings\Cookies\jennings@mediaplex[1].txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
C:\Documents and Settings\Jennings\Cookies\jennings@overture[2].txt -> Spyware.Cookie.Overture : Cleaned with backup
C:\Documents and Settings\Jennings\Cookies\jennings@paycounter[2].txt -> Spyware.Cookie.Paycounter : Cleaned with backup
C:\Documents and Settings\Jennings\Cookies\jennings@perf.overture[1].txt -> Spyware.Cookie.Overture : Cleaned with backup
C:\Documents and Settings\Jennings\Cookies\jennings@qksrv[1].txt -> Spyware.Cookie.Qksrv : Cleaned with backup
C:\Documents and Settings\Jennings\Cookies\jennings@questionmarket[1].txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
C:\Documents and Settings\Jennings\Cookies\jennings@servedby.advertising[1].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\Jennings\Cookies\jennings@serving-sys[2].txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
C:\Documents and Settings\Jennings\Cookies\jennings@sexlist[2].txt -> Spyware.Cookie.Sexlist : Cleaned with backup
C:\Documents and Settings\Jennings\Cookies\jennings@sextracker[1].txt -> Spyware.Cookie.Sextracker : Cleaned with backup
C:\Documents and Settings\Jennings\Cookies\jennings@statse.webtrendslive[2].txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
C:\Documents and Settings\Jennings\Cookies\jennings@trafficmp[1].txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\Documents and Settings\Jennings\Cookies\jennings@tribalfusion[1].txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
C:\Documents and Settings\Jennings\Cookies\jennings@twci.coremetrics[1].txt -> Spyware.Cookie.Coremetrics : Cleaned with backup
C:\Documents and Settings\Jennings\Cookies\jennings@xxxcounter[2].txt -> Spyware.Cookie.Xxxcounter : Cleaned with backup
C:\Documents and Settings\Jennings\Cookies\jennings@z1.adserver[1].txt -> Spyware.Cookie.Adserver : Cleaned with backup
C:\Documents and Settings\Jennings\Local Settings\Temp\bneb.exe -> Trojan.TopAntiSpyware : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\ABE3C0A5-795D-406B-B34C-9B66D3\36C7AD3D-9B50-4365-8639-EB998C -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINNT\2:mvzxby -> Trojan.Agent.bi : Cleaned with backup
C:\WINNT\2:ruatqb -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINNT\Active Setup Log.txt:gfzyth -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINNT\addby32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINNT\addfp.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINNT\addjg32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINNT\addmm.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINNT\addvc.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINNT\apikn.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINNT\apilf.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINNT\apilk32.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINNT\apirf.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINNT\appml32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINNT\appor.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINNT\appsm32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINNT\atlfo.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINNT\atlmq.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINNT\control.ini:iqnatg -> Trojan.Agent.bi : Cleaned with backup
C:\WINNT\control.ini:iwtlkp -> Trojan.Agent.bi : Cleaned with backup
C:\WINNT\crgr.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINNT\crhq.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINNT\crzs.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINNT\csoai.txt:aqynni -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINNT\d3eg.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINNT\d3gi.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINNT\d3jc.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINNT\d3nn32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINNT\d3pg.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINNT\d3qe32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINNT\d3qo.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINNT\d3yl32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINNT\ICOA.INI:hrjqni -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINNT\iemn32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINNT\ienf32.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINNT\ienq32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINNT\iepu.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINNT\ieyq32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINNT\ipnq32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINNT\ippa32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINNT\ippe.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINNT\ipua.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINNT\javaaj.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINNT\javakz.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINNT\javaud32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINNT\javavr32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINNT\mfcbb32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINNT\mfckk.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINNT\ModemDet.txt:dsvvih -> Trojan.Agent.bi : Cleaned with backup
C:\WINNT\ModemDet.txt:hzyjao -> Trojan.Agent.bi : Cleaned with backup
C:\WINNT\netlo.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINNT\netpa32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINNT\netvh.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINNT\netvo32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINNT\netwu.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINNT\ntql32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINNT\nttv.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINNT\ODBCINST.INI:ahjqqn -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINNT\OEWABLog.txt:dbrmvp -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINNT\OEWABLog.txt:gmqlye -> Trojan.Agent.bi : Cleaned with backup
C:\WINNT\QFN.ini:ndwsny -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINNT\SchedLgU.Txt:nhjnse -> Trojan.Agent.bi : Cleaned with backup
C:\WINNT\sdkmf.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINNT\setuplog.txt:mtczlx -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINNT\sysav32.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINNT\system32:cmaa.dll -> TrojanDownloader.Small.azk : Cleaned with backup
C:\WINNT\system32\addbq.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINNT\system32\addhl.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINNT\system32\addpb.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINNT\system32\addtq.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINNT\system32\apibr32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINNT\system32\appel32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINNT\system32\appgq32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINNT\system32\appjs32.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINNT\system32\appnn.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINNT\system32\atlet.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINNT\system32\atlim32.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINNT\system32\atljt32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINNT\system32\atlwj32.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINNT\system32\crck32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINNT\system32\cric32.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINNT\system32\crlo.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINNT\system32\crpq32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINNT\system32\crqp.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINNT\system32\d3aw32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINNT\system32\d3gv32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINNT\system32\d3vd.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINNT\system32\iecd.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINNT\system32\ieel32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINNT\system32\ieen32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINNT\system32\iekk32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINNT\system32\iphz.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINNT\system32\ipmk.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINNT\system32\ipml32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINNT\system32\ipzl32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINNT\system32\javabm.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINNT\system32\javafx32.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINNT\system32\javagm.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINNT\system32\javagx.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINNT\system32\javass32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINNT\system32\javayg.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINNT\system32\mfcbm.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINNT\system32\mfcfo.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINNT\system32\mfcga.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINNT\system32\mfcgc.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINNT\system32\mfcnv.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINNT\system32\mfcxp.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINNT\system32\mfczc32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINNT\system32\msdl32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINNT\system32\msfp.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINNT\system32\msqb.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINNT\system32\msrn.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINNT\system32\netgg32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINNT\system32\netgt.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINNT\system32\netxs32.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINNT\system32\netyh.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINNT\system32\ntam32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINNT\system32\nthw.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINNT\system32\ntvu.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINNT\system32\ntyk.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINNT\system32\sdkbg32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINNT\system32\sdkdo32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINNT\system32\sdkks.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINNT\system32\sdktr32.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINNT\system32\sdkum.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINNT\system32\sdkzh.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINNT\system32\sysex.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINNT\system32\sysgt32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINNT\system32\winam.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINNT\system32\winne32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINNT\vbaddin.ini:yzofbu -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINNT\win.ini:kclll -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINNT\win.ini:pitgot -> Trojan.Agent.bi : Cleaned with backup
C:\WINNT\winjo.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINNT\winnv.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINNT\winsn.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINNT\_default.pif:uzcqlt -> Trojan.Agent.bi : Cleaned with backup

::Report End


Current Panda Scan log ---

Incident Status Location

Adware:Adware/Antivirus-gold No disinfected C:\Documents and Settings\Jennings\Local Settings\Temp\fcoc.exe
Virus:Trj/Agent.ACH Disinfected C:\WINNT\iesr32.exx
 
Download smitRem.zip and save the file to your desktop.
Right click on the file and extract it to it's own folder on the desktop.

Place a shortcut to Panda ActiveScan on your desktop.


Please read Ewido Setup Instructions
Install it, and update the definitions to the newest files. Do NOT run a scan yet.

If you have not already installed Ad-Aware SE 1.06, follow these download and setup instructions, otherwise, check for updates:
Ad-Aware SE Setup
Don't run it yet!

Next, please reboot your computer in SafeMode by doing the following:
  1. Restart your computer
  2. After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
  3. Instead of Windows loading as normal, a menu should appear
  4. Select the first option, to run Windows in Safe Mode.

Open add/remove programs and remove SpyFighter

This program is consider rouge and suspect in the way it scans for spyware. It can not be trusted to remove anything from the system as it often displays false positives.

Now scan with HJT and place a checkmark next to each of the following items:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
O4 - HKLM\..\Run: [SpyFighterMonitor] "C:\Program Files\SpyFighter\SpyFighter.exe" monitor
O4 - HKLM\..\Run: [SpyFighterUpdate] "C:\Program Files\SpyFighter\AutoUpdate.exe" silent

C:\Program Files\SpyFighter <--delete that folder

Open the smitRem folder, then double click the RunThis.bat file to start the tool. Follow the prompts on screen.
Wait for the tool to complete and disk cleanup to finish.

The tool will create a log named smitfiles.txt in the root of your drive, eg; Local Disk C: or partition where your operating system is installed. Please post that log along with all others requested in your next reply


Open Ad-aware and do a full scan. Remove all it finds.


Run Ewido:
  • Click [Scanner]
  • Click [Complete System Scan] to begin scanning.
  • Click [OK] when prompted to clean files
  • With the first file it prompts to clean, select the option - "Perform action on all infections" - & choose clean and click [OK].
  • Once finished, click the [Save report] button
  • Save the report to your desktop
Close Ewido

Next go to Control Panel click Display > Desktop > Customize Desktop > Website > Uncheck "Security Info" if present.

Reboot back into Windows and click the Panda ActiveScan shortcut, then do a full system scan. Make sure the autoclean box is checked!
Save the scan log and post it along with a new HijackThis Log and the Ewido Log by using Add Reply.
 
To MicroBell --

I finally had a chance to get over to my friends to perform your latest set of clean-up procedures on his system. Everything looks pretty good on his sytem at this point. I have included the latest logs from HijackThis, Ewido, and smitfiles. The Panda ActiveScan did not produce a log this time and all of its scan statistics did not indicate that any questionable elements had been found.

HijackThis Log ---

Logfile of HijackThis v1.99.1
Scan saved at 1:30:30 PM, on 7/22/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINNT\system32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\PROGRA~1\NORTON~2\navapw32.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\WINNT\system32\LVCOMSX.EXE
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINNT\system32\RUNDLL32.EXE
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\PROGRA~1\Comcast\COMCAS~1\data\Xtras\mssysmgr.exe
C:\Program Files\Norton CleanSweep\csinsmNT.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpomau08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\WINNT\system32\ntvdm.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoFXM08.exe
C:\Program Files\Logitech\Video\AlbumDB2.exe
C:\Windows Virus Spyware Software\CastleCops\HJT V1.99.1\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~2\navapw32.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINNT\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe"
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\system32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Comcast\COMCAS~1\data\Xtras\mssysmgr.exe
O4 - Startup: Billminder.lnk = C:\QUICKENW\billmind.exe
O4 - Global Startup: CleanSweep Smart Sweep-Internet Sweep.LNK = C:\Program Files\Norton CleanSweep\csinsmNT.exe
O4 - Global Startup: hp officejet 4100 series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpomau08.exe
O4 - Global Startup: hpoddt01.exe.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O16 - DPF: {90051A81-3018-4826-8B38-DD60B6B53F9C} (Snapfish File Upload ActiveX Control) - http://www.snapfish.com/SnapfishUpload.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\system32\HPZipm12.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe


Ewido Log ---

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 12:41:12 PM, 7/22/2005
+ Report-Checksum: 6FCD1B50

+ Scan result:

C:\Documents and Settings\Jennings\Cookies\jennings@2o7[2].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Jennings\Cookies\jennings@ads.pointroll[2].txt -> Spyware.Cookie.Pointroll : Cleaned with backup
C:\Documents and Settings\Jennings\Cookies\jennings@perf.overture[1].txt -> Spyware.Cookie.Overture : Cleaned with backup

::Report End


Smitfiles Log ---


Pre-run Files Present


~~~ Program Files ~~~



~~~ Shortcuts ~~~



~~~ Favorites ~~~



~~~ system32 folder ~~~



~~~ Windows directory ~~~



~~~ Drive root ~~~

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Post-run Files Present


~~~ Program Files ~~~



~~~ Shortcuts ~~~



~~~ Favorites ~~~



~~~ system32 folder ~~~



~~~ Windows directory ~~~



~~~ Drive root ~~~



~~~ Wininet.dll ~~~

CLEAN!
 
Well done Eric. Your logs are clean. Any more issues? If not you should be good to go. We still have a few more items to address so please follow the instructions below.


Reset hidden/system files and folders

Windows XP
===============
  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View tab.
  • Deselect the Show hidden files and folders option.
  • Select the Hide file extensions for known types option.
  • Select the Hide protected operating system files option.
  • Click Yes to confirm.
  • Click OK.

Windows 2000
===============
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View tab.
  • Select the Advanced settings box option.
  • Select the Hidden files Folders.
  • Deselect the Show all files option.
  • Click Yes to confirm.
  • Click OK.

Windows ME
===============
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View tab.
  • Deselect the Show hidden files and folders option.
  • Select the Hide protected operating system files option.
  • Click Yes to confirm.
  • Click OK.

Windows 95/98/98SE
===============
  • Open My Computer.
  • Select the View
  • Select the Folder Options option.
  • Select the View tab. option.
  • Select the Advance Advanced settings box option.
  • Select the Hidden files folder.
  • Deselect the Show all files option
  • Click Apply to confirm.
  • Click OK.



Create a new System Restore point

Windows XP
===============
  • Click Start >> Run - type SYSDM.CPL & press Enter
  • Select the System Restore Tab
  • Tick on the checkbox - "Turn off System Restore on all drives"
  • Click Apply
  • Then untick the same checkbox & click OK

Windows ME
===============
  • Click the Start tab.
  • Select the Settings option.
  • Select the Control Panel option.
  • Double Click the System icon Performance tab option.
  • Select File System
  • Select the Troubleshooting tab
  • Check the Disable System Restore box
  • Click Apply to confirm.
  • Click OK.

Reboot the PC and repeat the above procedure again
When you get to this option
  • Uncheck the Disable System Restore box

For Windows ME..we MUST create a new restore point now as Windows ME will not create one automatically until the computer has been on for 10 hours or 24 hours has passed. To create a new restore point follow the procedure below.

  • Click the Start button.
  • Point to Programs, point to Accessories, point to System Tools, and then click System Restore.
  • Choose Create a restore point, and then click Next.
  • In the Restore point description box, type a name for your restore point, and then click Next.
    Click OK



Enable Windows Auto Update
  • Go to Start>Run - type wuaucpl.cpl
  • Tick on the checkbox - "Keep my computer up to date"
  • Under settings, choose "Automatically download the updates, and install them on the schedule that I specify".
  • Click on "OK".

Please visit Microsoft's Window's Update Page and install the latest service packs, patchÂ’s and security updates for your system.


Recommended Protection Programs

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programs:
  • SpywareBlaster to help prevent spyware from installing in the first place.
  • SpywareGuard to catch and block spyware before it can execute.
  • IESpy-Ad to block access to malicious websites so you cannot be redirected to them from an infected site or email.
  • WinPatrol to monitor any changes that programs make to the registry.

If you do not have a firewall, here are 3 free ones available for personal use:

In light of your recent issue, I'm sure you'll like to avoid any future infections. Please take a look at these well written articles
Please stay safe out there and take the helpful advice thatÂ’s been given. The goal here is to prevent the adware/spyware/virus/worms from getting on the system in the first place.

Please respond to this thread one more time so we can mark this thread as resolved.
 
I was back over at my friend's house and performed some final clean-up steps as applicable to his system environment. Everything looks good at this point and I don't feel that there are any remaining issues at this point. I had previously explained to him the need to use the Windows Update facility to keep his system up to date and he now has a number of scanners on his system associated with the previous clean-up steps to monitor his environment.

My thanks, and those of my friend Ray, go to MicroBell, Warez Monster, and Lobos for their guidance and suggestions in getting all of this cleaned up. I believe this incident can ber closed and marked as resolved.
 
Status
Not open for further replies.

Similar threads

XWrench3
hijack this scan
Replies
6
Views
2K
XWrench3
XWrench3
N
Laptop slowing down in function (internet and general apps)
Replies
1
Views
3K
Trotter
Trotter
G
Computer slow and work in background
Replies
0
Views
2K
grecycle99
G
M
computer suddenly slowed down.
Replies
0
Views
3K
mike3dp
M
N
Your computer appears to be correctly configured, but the device or resource (DNS server) is not responding"
Replies
0
Views
4K
nev
N
Back
Top Bottom