Another CoolWebSearch...

[jeff1000]

Hi guys,
I have the Coolwebsearch Trojan 100% postive. I've used All updated Adaware, MS Antispyware and Spybot SD.
They've all found something related to CWS, and it deletes it all, but after reboot, its all back... I think its
due to a file called se.dll in local settings/temp/. Ive also used two other scanners specifically made for
CWS. Called CWSshredder, and HS Remove. They both find files to do with CWS. I remove all the stuff it finds then, I open IE explorer to see if that stupid search page is still there, my google is back but MS Antispyware says that se.dll is trying to change my homepage to the about:blank garbage. I know someone will say boot into safe mode and do something or other, but sorry I can't lol, My ps/2 ports are broken NO CLUE WHY!! lmfao. And so anyways, just because I love all you Techies so much heres my HJT log

Logfile of HijackThis v1.99.1
Scan saved at 3:10:04 PM, on 05/27/2005
Platform: Windows XP  (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
D:\WINDOWS\System32\nvsvc32.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
D:\WINDOWS\SYSTEM32\ZONELABS\vsmon.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
D:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
D:\WINDOWS\SYSTEM32\notepad.exe
C:\Program Files\Xfire\Xfire.exe
D:\WINDOWS\System32\rundll32.exe
D:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\Documents and Settings\Jeff\Local Settings\Temporary Internet Files\Content.IE5\E5HYRU1G\avg70free_322a531[1].exe
D:\DOCUME~1\Jeff\LOCALS~1\Temp\RarSFX1\avgsetup.exe
D:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Microsoft AntiSpyware\gcasServAlert.exe
D:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
D:\Program Files\Grisoft\AVG Free\avgemc.exe
C:\Program Files\Microsoft AntiSpyware\gcasServAlert.exe
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://D:\DOCUME~1\Jeff\LOCALS~1\Temp\se.dll/spage.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://D:\DOCUME~1\Jeff\LOCALS~1\Temp\se.dll/spage.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O1 - Hosts: 64.91.255.87 [url]www.dcsresearch.com[/url]
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {71595DB4-139A-41FA-BFBA-24AEF16BA504} - D:\WINDOWS\System32\enef.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\program files\google\googletoolbar1.dll
O2 - BHO: CoTGT_BHO Class - {C333CF63-767F-4831-94AC-E683D962C63C} - D:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Zone Labs Client] D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [sp] rundll32 D:\DOCUME~1\Jeff\LOCALS~1\Temp\se.dll,DllInstall
O4 - HKLM\..\Run: [AVG7_CC] D:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] D:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKCU\..\Run: [STYLEXP] D:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [AVG7_Run] D:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE
O8 - Extra context menu item: &Google Search - res://D:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://D:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://D:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://D:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://D:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://D:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\WINDOWS\System32\msjava.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\WINDOWS\System32\shdocvw.dll
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - [url]http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB[/url]
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - [url]http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab[/url]
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - [url]http://www.symantec.com/techsupp/asa/LSSupCtl.cab[/url]
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - [url]http://ppupdates.ca.com/downloads/scanner/axscanner.cab[/url]
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - [url]http://by102fd.bay102.hotmail.msn.com/resources/MsnPUpld.cab[/url]
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - [url]http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab[/url]
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - [url]http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab[/url]
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - [url]http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab[/url]
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - [url]http://www.pandasoftware.com/activescan/as5/asinst.cab[/url]
O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} (Anonymizer Anti-Spyware Scanner) - [url]http://download.zonelabs.com/bin/promotions/spywaredetector/WebAAS.cab[/url]
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - [url]http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab[/url]
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - [url]http://zone.msn.com/binFramework/v10/ZIntro.cab27513.cab[/url]
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - [url]http://www.symantec.com/techsupp/asa/SymAData.cab[/url]
O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) - [url]http://messenger.zone.msn.com/binary/WoF.cab31267.cab[/url]
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - [url]http://chat.msn.com/bin/msnchat45.cab[/url]
O18 - Filter: text/html - {F278EB08-1269-4E3F-918C-8E4D75393E24} - D:\WINDOWS\System32\enef.dll
O18 - Filter: text/plain - {F278EB08-1269-4E3F-918C-8E4D75393E24} - D:\WINDOWS\System32\enef.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Macromedia - D:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\System32\nvsvc32.exe
O23 - Service: StyleXPService - Unknown owner - D:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - D:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - D:\WINDOWS\SYSTEM32\ZONELABS\vsmon.exe

So yeah, I've had this lil bugger for bout 5 days now, and i absolutley hate it, lol. SO i await you're suggestions Thanks guys

BTW!
I had just installed AVG before I scanned with AVG so...
DOUBLE BTW!
AVG found Trojan startpage.19.j in the first 20 files..... i better close IE lol

 

[Lobos]

Hi jeff1000


When we're done cleaning off your system, i'd recommend that you install all the critical windows updates available from Microsoft, upto service pack 1. This will help to make your system more secure and prevent many 'problems' from reoccuring in the future.

===============

Download SpSeHJfix to your desktop; be sure to download the one that's appropriate for your operating system.

1) Click "Start Disinfection".

-

Be sure to post the log created by the SpSeHjfix cleanup tool, and another hjt log. there will be more to do not much tho

Lobos

 

[Blitze105]

Yay..
Before we all start breaking apart your little log, i want to suggest free online scans and a few other things.

Spybot
adware personal
updates
a different browser
- all of which can be found here:
http://www.techist.com/showthread.php?threadid=53623&highlight=simple

After doing what that article says post another log and a list of viruses and trojans and i will help more.

 

[jeff1000]

The SpSeHJfix thigny worked after a few tries. It disinfected my comp lol 5 days of continuous scanning, deleteing downloading surfing lookin for solutions , have finally come to an end BUT the sad part is that in my little battle with CWS it kinda screwed up everything... seriously it wiped out my lan card... its not even in network connections folder, so i shut down pulled out and re seated the card, booted up, no good. then to my suprise when i went to device manager.... there was ABSOLUTLEY NOTHING THERE!!! I clicked on add hardware, the little sandglass thing showed up for a second, gone nothing happened... lol wow JUST WOW!

I do plan to try firefox...AGAIN. I just realized how overrated windows is.... really. Im sure some of you guys must agree (PLZ DONT FLAME ME!!! IM A NUBLET!!) so ya anyways... please help, and thanks for SpSeHJfix that saved my ass.

btw im on a friends comp.

NM NM NM NM after 13 hours of screwing with settings a drivers, im back on line, and here is my hjt log.

Logfile of HijackThis v1.99.1
Scan saved at 10:20:26 AM, on 05/28/2005
Platform: Windows XP  (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
D:\WINDOWS\system32\spoolsv.exe
D:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
D:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
D:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
D:\WINDOWS\System32\nvsvc32.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
D:\WINDOWS\explorer.exe
D:\WINDOWS\System32\ctfmon.exe
D:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Xfire\Xfire.exe
D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
D:\WINDOWS\SYSTEM32\ZONELABS\vsmon.exe
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [url]http://www.google.ca[/url]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [url]http://www.google.ca[/url]
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\program files\google\googletoolbar1.dll
O2 - BHO: CoTGT_BHO Class - {C333CF63-767F-4831-94AC-E683D962C63C} - D:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Zone Labs Client] D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [AVG7_EMC] D:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [AVG7_CC] D:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\System32\ctfmon.exe
O8 - Extra context menu item: &Google Search - res://D:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://D:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://D:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://D:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://D:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://D:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\WINDOWS\System32\msjava.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\WINDOWS\System32\shdocvw.dll
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - [url]http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB[/url]
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - [url]http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab[/url]
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - [url]http://www.symantec.com/techsupp/asa/LSSupCtl.cab[/url]
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - [url]http://ppupdates.ca.com/downloads/scanner/axscanner.cab[/url]
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - [url]http://by102fd.bay102.hotmail.msn.com/resources/MsnPUpld.cab[/url]
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - [url]http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab[/url]
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - [url]http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab[/url]
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - [url]http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab[/url]
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - [url]http://www.pandasoftware.com/activescan/as5/asinst.cab[/url]
O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} (Anonymizer Anti-Spyware Scanner) - [url]http://download.zonelabs.com/bin/promotions/spywaredetector/WebAAS.cab[/url]
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - [url]http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab[/url]
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - [url]http://zone.msn.com/binFramework/v10/ZIntro.cab27513.cab[/url]
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - [url]http://www.symantec.com/techsupp/asa/SymAData.cab[/url]
O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) - [url]http://messenger.zone.msn.com/binary/WoF.cab31267.cab[/url]
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - [url]http://chat.msn.com/bin/msnchat45.cab[/url]
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Macromedia - D:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\System32\nvsvc32.exe
O23 - Service: StyleXPService - Unknown owner - D:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - D:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - D:\WINDOWS\SYSTEM32\ZONELABS\vsmon.exe

I managed to get into safe mode thru msconfig, i scanned with a few programs... adaware got most of the trojan and then i ran SpSeHJfix and it was over for the virus, then after that i spent many hours trying to get my internet back. so yeah lotsa fun. im going to download mozilla ...right......now

 

[Blitze105]

Good job!

For you hijack this log...

Fix these entries:
O2 - BHO: CoTGT_BHO Class - {C333CF63-767F-4831-94AC-E683D962C63C} - D:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll

If you have "styleXP" and its a legit program keep that entry, I did not find it on the safe or unsafe side.
Log looks good besides that iffy one


Other than that, your log looks fine to me.

 

[Lobos]

Get your service pack for your OS you are still very vulnerable

Make sure to update Windows and Internet Explorer at http://v5.windowsupdate.microsoft.com/v5consumer/default.aspx?ln=en-us.

 

[jeff1000]

i dont really want to upgrade to sp2, reasons being a) i heard its more trouble to install than it does keeping you safe . B) i have too much stuff to back up, and i have no burner to do it anyways (kia) c)My computer is a wreck already, no point in trying to keep it alive lol. and a while back i did try to install it, and i got some odd error messages.... and btw my friend had a dell (yes dell) 3.2 ghz and it takes him forever to load maps in COD b/c of sp2... and my 450 mhz has enough trouble w/o sp2 lol

EDIT
--------

O2 - BHO: CoTGT_BHO Class - {C333CF63-767F-4831-94AC-E683D962C63C} - D:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll

Why would Style XP need a BHO anyways?

 

[Lobos]

no i don't want you to update to sp2 but your OS needs to have it's sp1 patch

Your OS is not showing that it is patched your ie borwser is but not your OS

if you don't want to then thats your choice

 

[jeff1000]

ok, ill go to windows update now...