View Full Version : HAXDOOR is making me crazy... need an expert!!
SIgh*
OK so I dowloaded this virus , but this virus ended up being more than one... I have removed most of what I have been able to find, though I still am having problems with a few. Minibug, for one, mostly this haxdoor... when I scan it , it comes up with like 3 or 4 different viruses .... haxdoor E , C. and another. It has hidden all the folders that I needed to delete so I don't know how I can get rid of this. None of my antivirus or spyware removers have done it this far. In fact I think it redirected me to some sights to Download other spyware scanners. THis is such a mess. I have been working on this nonstop for days now. Here is the Hijack this log, I am not a super computer whiz so hopefully this is what is needed.
Logfile of HijackThis v1.99.1
Scan saved at 1:26:42 PM, on 1/9/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Lakyka\Desktop\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.bellsouth.net/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.bellsouth.net/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: (no name) - <default> - (no file)
F2 - REG:system.ini: Shell=
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [WordPerfect Office 1215] C:\Program Files\WordPerfect Office 12\Programs\Registration.exe /title="WordPerfect Office 12" /date=011506 serial=WA12WRX-0000002-HMD lang=EN
O4 - HKLM\..\Run: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\Run: [Alarm Works] C:\Program Files\Clock Works\ClockWorks
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1106094392\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [Tray Temperature] C:\DOCUME~1\Lakyka\LOCALS~1\Temp\MiniBug.exe 1
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [msci] C:\DOCUME~1\Lakyka\LOCALS~1\Temp\200543131711_mcinfo.exe /insfin
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DW4] "C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe"
O4 - HKCU\..\Run: [Spyware Cleaner] "C:\Program Files\Spyware Cleaner\SpywareCleaner.Exe" /boot
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {352797A0-EFD0-4FA6-B229-145120EA4B8A} (Walt Disney Internet Group Hardware Control) - https://disneyblast.go.com/v3/setup/activex/DIGHardwareControl.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://pestpatrol.com/pestscan/pestscan.cab
O16 - DPF: {5D66B431-8A5B-4ECA-AED6-6F4F411E1773} (AOLLaunch Class) - http://www.disneyblast.go.com/setup/activex/AOLLauncher.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1099115635283
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1134608918374
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/radio/ampx/ampx2.6.1.11_en_dl.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: winm32 - C:\WINDOWS\SYSTEM32\winm32.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\Program Files\Common Files\AOL\AOL Spyware Protection\aolserv.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Unknown owner - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe (file missing)
O23 - Service: SpywareCleanerService - Secure Computer, LLC - C:\Program Files\Spyware Cleaner\SCService.exe
I saved the scan from Ewido and wanted to show that as well. I seem to have rid my computer of everything BUT the Haxdoor. I have spent numerous hours playing in the registry editor etc. Still at a loss though. Figured this might help. I just reran 4 different scans and so far the only thing that has come up is the Haxdoor and Fullbiz Trojans. I am sure in a while though I will have a bunch more , as that seems to be the pattern here. I clean out 50 or 60 , and rescan , and have 30 more. Ahh.... sorry I ma so long winded. This is the file that Ewido saved. WHen it says it was cleaned ...is it really gone?? Is there something else I need to do , delete reg keys or something? Thank you.
ewido anti-malware - Scan report
---------------------------------------------------------
+ Created on: 5:01:13 PM, 1/9/2006
+ Report-Checksum: 2A10088A
+ Scan result:
HKLM\SOFTWARE\Classes\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} -> Spyware.MiniBug : Cleaned with backup
HKU\S-1-5-21-717465186-216791721-2768344524-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3643ABC2-21BF-46B9-B230-F247DB0C6FD6} -> Spyware.E2Give : Cleaned with backup
HKU\S-1-5-21-717465186-216791721-2768344524-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4A2AACF3-ADF6-11D5-98A9-00E018981B9E} -> Spyware.NewDotNet : Cleaned with backup
C:\Documents and Settings\Lakyka\Local Settings\Temp\01808300\1464.tmp -> Trojan.Fullbiz : Cleaned with backup
C:\Documents and Settings\Lakyka\Local Settings\Temp\01808300\1628.tmp -> Trojan.Fullbiz : Cleaned with backup
C:\Documents and Settings\Lakyka\Local Settings\Temp\01808300\1776.tmp -> Trojan.Fullbiz : Cleaned with backup
C:\Documents and Settings\Lakyka\Local Settings\Temp\01808300\2732.tmp -> Trojan.Fullbiz : Cleaned with backup
C:\Documents and Settings\Lakyka\Local Settings\Temp\01808300\3904.tmp -> Trojan.Fullbiz : Cleaned with backup
C:\Documents and Settings\Lakyka\Local Settings\Temp\dyxn1.sys -> Trojan.Delf.cf : Cleaned with backup
C:\Documents and Settings\Lakyka\Local Settings\Temp\temp.fr9CE0 -> Trojan.Kolweb.a : Cleaned with backup
C:\System Volume Information\_restore{CF44805D-31AD-44D1-A449-DE4B5EC5E645}\RP454\A0183381.exe -> Spyware.NewDotNet : Cleaned with backup
C:\System Volume Information\_restore{CF44805D-31AD-44D1-A449-DE4B5EC5E645}\RP454\A0183382.exe -> Adware.NewDotNet : Cleaned with backup
C:\System Volume Information\_restore{CF44805D-31AD-44D1-A449-DE4B5EC5E645}\RP455\A0183502.dll -> Spyware.NewDotNet : Cleaned with backup
C:\System Volume Information\_restore{CF44805D-31AD-44D1-A449-DE4B5EC5E645}\RP489\A0203583.dll -> Spyware.WildTangent : Cleaned with backup
C:\System Volume Information\_restore{CF44805D-31AD-44D1-A449-DE4B5EC5E645}\RP499\A0205890.exe -> Downloader.Adload.l : Cleaned with backup
C:\System Volume Information\_restore{CF44805D-31AD-44D1-A449-DE4B5EC5E645}\RP499\A0205891.exe -> Downloader.Qoologic.at : Cleaned with backup
C:\System Volume Information\_restore{CF44805D-31AD-44D1-A449-DE4B5EC5E645}\RP499\A0205892.exe -> Downloader.Small.cam : Cleaned with backup
C:\System Volume Information\_restore{CF44805D-31AD-44D1-A449-DE4B5EC5E645}\RP499\A0205893.exe -> Downloader.Adload.l : Cleaned with backup
C:\System Volume Information\_restore{CF44805D-31AD-44D1-A449-DE4B5EC5E645}\RP499\A0205894.exe -> Not-A-Virus.Hoax.Win32.Renos.al : Cleaned with backup
C:\System Volume Information\_restore{CF44805D-31AD-44D1-A449-DE4B5EC5E645}\RP500\A0206805.exe -> Proxy.Delf.an : Cleaned with backup
C:\System Volume Information\_restore{CF44805D-31AD-44D1-A449-DE4B5EC5E645}\RP500\A0206807.exe -> Worm.Delf.i : Cleaned with backup
C:\System Volume Information\_restore{CF44805D-31AD-44D1-A449-DE4B5EC5E645}\RP500\A0206816.dll -> Logger.Agent.gk : Cleaned with backup
C:\System Volume Information\_restore{CF44805D-31AD-44D1-A449-DE4B5EC5E645}\RP500\A0206817.exe -> Trojan.Fullbiz : Cleaned with backup
C:\System Volume Information\_restore{CF44805D-31AD-44D1-A449-DE4B5EC5E645}\RP500\A0206822.dll -> Adware.SpySheriff : Cleaned with backup
C:\System Volume Information\_restore{CF44805D-31AD-44D1-A449-DE4B5EC5E645}\RP500\A0206824.dll -> Spyware.SpywareNo : Cleaned with backup
C:\System Volume Information\_restore{CF44805D-31AD-44D1-A449-DE4B5EC5E645}\RP500\A0206825.dll -> Adware.SpySheriff : Cleaned with backup
C:\System Volume Information\_restore{CF44805D-31AD-44D1-A449-DE4B5EC5E645}\RP500\A0206827.exe -> Adware.SpySheriff : Cleaned with backup
C:\System Volume Information\_restore{CF44805D-31AD-44D1-A449-DE4B5EC5E645}\RP500\A0206842.exe -> Proxy.Delf.an : Cleaned with backup
C:\System Volume Information\_restore{CF44805D-31AD-44D1-A449-DE4B5EC5E645}\RP500\A0206843.exe -> Worm.Delf.i : Cleaned with backup
C:\System Volume Information\_restore{CF44805D-31AD-44D1-A449-DE4B5EC5E645}\RP500\A0206847.exe -> Worm.Delf.i : Cleaned with backup
C:\System Volume Information\_restore{CF44805D-31AD-44D1-A449-DE4B5EC5E645}\RP500\A0206849.exe -> Proxy.Delf.an : Cleaned with backup
C:\System Volume Information\_restore{CF44805D-31AD-44D1-A449-DE4B5EC5E645}\RP500\A0206854.dll -> Spyware.Ihbo : Cleaned with backup
C:\System Volume Information\_restore{CF44805D-31AD-44D1-A449-DE4B5EC5E645}\RP500\A0206855.exe -> Trojan.Fullbiz : Cleaned with backup
C:\System Volume Information\_restore{CF44805D-31AD-44D1-A449-DE4B5EC5E645}\RP500\A0206859.exe -> Downloader.Adload.j : Cleaned with backup
C:\System Volume Information\_restore{CF44805D-31AD-44D1-A449-DE4B5EC5E645}\RP500\A0206860.exe -> Downloader.Adload.j : Cleaned with backup
C:\System Volume Information\_restore{CF44805D-31AD-44D1-A449-DE4B5EC5E645}\RP500\A0206878.dll -> Spyware.WildTangent : Cleaned with backup
C:\System Volume Information\_restore{CF44805D-31AD-44D1-A449-DE4B5EC5E645}\RP500\A0206893.dll -> Spyware.WildTangent : Cleaned with backup
C:\System Volume Information\_restore{CF44805D-31AD-44D1-A449-DE4B5EC5E645}\RP500\A0206960.exe -> Trojan.Small : Cleaned with backup
C:\System Volume Information\_restore{CF44805D-31AD-44D1-A449-DE4B5EC5E645}\RP500\A0206961.exe -> Trojan.Small : Cleaned with backup
C:\System Volume Information\_restore{CF44805D-31AD-44D1-A449-DE4B5EC5E645}\RP500\A0206962.exe -> Trojan.Small : Cleaned with backup
C:\System Volume Information\_restore{CF44805D-31AD-44D1-A449-DE4B5EC5E645}\RP500\A0206963.exe -> Not-A-Virus.Hoax.Win32.Renos.al : Cleaned with backup
C:\System Volume Information\_restore{CF44805D-31AD-44D1-A449-DE4B5EC5E645}\RP500\A0206964.exe -> Downloader.Tiny.al : Cleaned with backup
C:\System Volume Information\_restore{CF44805D-31AD-44D1-A449-DE4B5EC5E645}\RP500\A0206965.exe -> Logger.Small.dg : Cleaned with backup
C:\System Volume Information\_restore{CF44805D-31AD-44D1-A449-DE4B5EC5E645}\RP500\A0206966.exe -> Hijacker.StartPage.aha : Cleaned with backup
C:\System Volume Information\_restore{CF44805D-31AD-44D1-A449-DE4B5EC5E645}\RP500\A0206967.exe -> Trojan.Small : Cleaned with backup
C:\System Volume Information\_restore{CF44805D-31AD-44D1-A449-DE4B5EC5E645}\RP500\A0206968.exe -> Hijacker.VB.kc : Cleaned with backup
C:\System Volume Information\_restore{CF44805D-31AD-44D1-A449-DE4B5EC5E645}\RP500\A0206970.dll -> Spyware.Ihbo : Cleaned with backup
C:\System Volume Information\_restore{CF44805D-31AD-44D1-A449-DE4B5EC5E645}\RP500\A0206971.exe -> Worm.Delf.i : Cleaned with backup
C:\System Volume Information\_restore{CF44805D-31AD-44D1-A449-DE4B5EC5E645}\RP500\A0206973.exe -> Proxy.Delf.an : Cleaned with backup
C:\System Volume Information\_restore{CF44805D-31AD-44D1-A449-DE4B5EC5E645}\RP500\A0206974.exe -> Downloader.CWS.r : Cleaned with backup
C:\System Volume Information\_restore{CF44805D-31AD-44D1-A449-DE4B5EC5E645}\RP500\A0207016.exe -> Trojan.Crypt.l : Cleaned with backup
C:\System Volume Information\_restore{CF44805D-31AD-44D1-A449-DE4B5EC5E645}\RP500\A0207019.exe -> Hijacker.StartPage.agp : Cleaned with backup
C:\System Volume Information\_restore{CF44805D-31AD-44D1-A449-DE4B5EC5E645}\RP500\A0207021.exe -> Trojan.Crypt.l : Cleaned with backup
C:\System Volume Information\_restore{CF44805D-31AD-44D1-A449-DE4B5EC5E645}\RP502\A0207073.exe -> Trojan.Fullbiz : Cleaned with backup
C:\System Volume Information\_restore{CF44805D-31AD-44D1-A449-DE4B5EC5E645}\RP502\A0207094.exe -> Trojan.Fullbiz : Cleaned with backup
C:\System Volume Information\_restore{CF44805D-31AD-44D1-A449-DE4B5EC5E645}\RP502\A0207122.exe -> Logger.Agent.gk : Cleaned with backup
C:\System Volume Information\_restore{CF44805D-31AD-44D1-A449-DE4B5EC5E645}\RP502\A0207127.exe -> Proxy.Small.di : Cleaned with backup
C:\System Volume Information\_restore{CF44805D-31AD-44D1-A449-DE4B5EC5E645}\RP502\A0207133.exe -> Downloader.Small.bue : Cleaned with backup
C:\System Volume Information\_restore{CF44805D-31AD-44D1-A449-DE4B5EC5E645}\RP502\A0207159.dll -> Adware.Sud : Cleaned with backup
C:\System Volume Information\_restore{CF44805D-31AD-44D1-A449-DE4B5EC5E645}\RP502\A0207163.dll -> Logger.Small.dg : Cleaned with backup
C:\System Volume Information\_restore{CF44805D-31AD-44D1-A449-DE4B5EC5E645}\RP502\A0207164.exe -> Logger.Small.dg : Cleaned with backup
C:\System Volume Information\_restore{CF44805D-31AD-44D1-A449-DE4B5EC5E645}\RP502\A0207165.dll -> Logger.Small.dg : Cleaned with backup
C:\System Volume Information\_restore{CF44805D-31AD-44D1-A449-DE4B5EC5E645}\RP502\A0207166.exe -> Spyware.NewDotNet : Cleaned with backup
C:\System Volume Information\_restore{CF44805D-31AD-44D1-A449-DE4B5EC5E645}\RP502\A0207167.exe -> Adware.NewDotNet : Cleaned with backup
C:\System Volume Information\_restore{CF44805D-31AD-44D1-A449-DE4B5EC5E645}\RP502\A0207178.dll -> Downloader.Small.bug : Cleaned with backup
C:\System Volume Information\_restore{CF44805D-31AD-44D1-A449-DE4B5EC5E645}\RP502\A0207180.dll -> Trojan.Delf.cf : Cleaned with backup
C:\System Volume Information\_restore{CF44805D-31AD-44D1-A449-DE4B5EC5E645}\RP503\A0207211.exe -> Trojan.Fullbiz : Cleaned with backup
::Report End
hi
welcome here :D
thanks for posting that info, lets get rid of the trojan then shall we ;)
be sure to print this so that you can see the instructions in safe mode when this page is not available
Download haxfix.exe (http://users.telenet.be/marcvn/tools/haxfix.exe).
Save it to your desktop.
Double click on haxfix.exe to install haxfix. (standard installation path is c:\program Files)
When the installation is completed, make sure that the checkmark "Launch HaxFix" is placed.
A red "dos window" (dos box) will open.
This message will appear:
Insert the haxdoor notify subkey without the numbers,
and then press enter:
At this point please type the following: winm
Press Enter to continue with the fix.
If an infection is found, you'll get a message to close all other open windows.
Close them, except the red dos window from haxfix and press Enter.
The computer will reboot.
After reboot, a new red dos window will open (HaxFix - cleaningbat).
This message will appear:
Insert the haxdoor notify subkey without the numbers again,
and then press enter:
At this point please type the following: winm
Press Enter to continue with the fix.
When the red dos window closes, the fix is ready.
Post the contents of the logfile c:\haxfix.txt along with a new hijackthislog.
Wow..... talk about an expert... you are awesome and amazing and have saved my life(which IS my computer hehe) . After the first time.... it was gone .... just like that. Here is my current Hijack This Log.... THANK YOU!!!
Logfile of HijackThis v1.99.1
Scan saved at 3:21:43 PM, on 1/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\DOCUME~1\Lakyka\LOCALS~1\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.bellsouth.net/
F2 - REG:system.ini: Shell=
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [Alarm Works] C:\Program Files\Clock Works\ClockWorks
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [Tray Temperature] C:\DOCUME~1\Lakyka\LOCALS~1\Temp\MiniBug.exe 1
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DW4] "C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe"
O4 - HKCU\..\Run: [Spyware Cleaner] "C:\Program Files\Spyware Cleaner\SpywareCleaner.Exe" /boot
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {352797A0-EFD0-4FA6-B229-145120EA4B8A} (Walt Disney Internet Group Hardware Control) - https://disneyblast.go.com/v3/setup/activex/DIGHardwareControl.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {5D66B431-8A5B-4ECA-AED6-6F4F411E1773} (AOLLaunch Class) - http://www.disneyblast.go.com/setup/activex/AOLLauncher.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1099115635283
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1134608918374
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/radio/ampx/ampx2.6.1.11_en_dl.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\Program Files\Common Files\AOL\AOL Spyware Protection\aolserv.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Unknown owner - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe (file missing)
hi
good work
now some other issues:
what kind of antivirus program you have?
also what kind of firewall you have ?
spyware cleaner is a rogue anti spyware program
http://www.spywarewarrior.com/rogue_anti-spyware.htm
uninstall it from control panel>add remove programs
open hijackthis, press do a system scan only
checkmark these lines:
O4 - HKLM\..\Run: [Tray Temperature] C:\DOCUME~1\Lakyka\LOCALS~1\Temp\MiniBug.exe 1
O4 - HKCU\..\Run: [Spyware Cleaner] "C:\Program Files\Spyware Cleaner\SpywareCleaner.Exe" /boot
then with all browsers closed click the button "fix checked"
Download System Security Suite here: System Security Suite Download & Tutorial (http://www.igorshpak.net/). Unzip it to your desktop. Install the program. but dont use it yet ;)
next:
as you seem to have ewido installed, update it, then:
reboot your computer in SafeMode by doing the following:
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
Instead of Windows loading as normal, a menu should appear
Select the first option, to run Windows in Safe Mode.
once in safe mode:
With all windows and browsers closed.
Clean out temporary and Temporary Internet Files.
A. Open System Security Suite.
B. In the Items to Clear tab mark for cleaning:
- Internet Explorer (left pane): Cookies & Temporary files
- My Computer (right pane): Temporary files & Recycle Bin
Press the Clear Selected Items button.
Close the program.
Open Internet Explorer, and click on the Tools menu and then Internet Options. At the General tab, which should be the first tab you are currently on, click on the Delete Files button and put a checkmark in Delete offline content. Then press the OK button.
and finally
fire up ewido, do a full system scan, allow it to clean what it finds
when completed save its report and post here
also post a fresh hjt log thank you ( from normal mode )
OK.... all of the previos steps are complete. Ewido I cannot post , because it found nothing after a full system scan. As far as my firewall, up until this problem , I had the Windows FIrewall. Now, when I try to access it through the control panel,I get the following message.." Due to an unidentifiable problem, Windows cannot display Windows Firewall settings" OK... next big mistake on my part. And as for my antivirus, I cannot get it working either. (McAfee) I quit working as soon as this Haxdoor thing came a long. I am thinking the only way I can fix that is to reinstall the entire program. I cannot even get it to startup. It says it is searching for a missing file or something. I will get on that right away . Following is my HijackThis log, which is from after all the steps were done. Thank you so so much for all the help. This has been relatively easy to do and has been explained very well. I will continue to recommend your expert help!!!!
Logfile of HijackThis v1.99.1
Scan saved at 8:13:30 PM, on 1/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\AOL\1106094392\ee\AOLHostManager.exe
C:\Program Files\Common Files\AOL\1106094392\ee\AOLServiceHost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\All Users\Documents\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.bellsouth.net/
F2 - REG:system.ini: Shell=
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [Alarm Works] C:\Program Files\Clock Works\ClockWorks
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DW4] "C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe"
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {352797A0-EFD0-4FA6-B229-145120EA4B8A} (Walt Disney Internet Group Hardware Control) - https://disneyblast.go.com/v3/setup/activex/DIGHardwareControl.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {5D66B431-8A5B-4ECA-AED6-6F4F411E1773} (AOLLaunch Class) - http://www.disneyblast.go.com/setup/activex/AOLLauncher.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1099115635283
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1134608918374
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/radio/ampx/ampx2.6.1.11_en_dl.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\Program Files\Common Files\AOL\AOL Spyware Protection\aolserv.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Unknown owner - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe (file missing)
I forgot to add, I have run all the spyware/virus programs etc. I have the AOL spyware , ran it, and it comes up with 2 things... WinFix and trojan.evker... I have no pop ups etc, and nothing else has found these but this one scan. I was so hoping this was all over !
hi
ok looks like the haxdoor has "killed" your antivirus, a reinstall may be the best thing to get it back up, which should be your 1st priority
the virus may have kille windows firewall too, but as it is a weak firewal at its best it is probably better to install a more powerful 3rd party firewall, i'll post some suggestions on it
AOL antispyware may have a false positive, if no other scanner picks it up...
anyway the log is clean
here some suggestions on how to keep it that way:
Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:
Disable and Enable System Restore. - If you are using Windows ME or XP then you should disable and re-enable system restore to make sure there are no infected files found in a restore point.
You can find instructions on how to enable and reenable system restore here:
Managing Windows Millenium System Restore (http://www.bleepingcomputer.com/forums/tutorial63.html)
or
Windows XP System Restore Guide (http://www.bleepingcomputer.com/forums/tutorial56.html)
Reenable system restore with instructions from tutorial above
Make your Internet Explorer more secure - This can be done by following these simple instructions:
From within Internet Explorer click on the Tools menu and then click on Options.
Click once on the Security tab
Click once on the Internet icon so it becomes highlighted.
Click once on the Custom Level button.
Change the Download signed ActiveX controls to Prompt
Change the Download unsigned ActiveX controls to Disable
Change the Initialize and script ActiveX controls not marked as safe to Disable
Change the Installation of desktop items to Prompt
Change the Launching programs and files in an IFRAME to Prompt
Change the Navigate sub-frames across different domains to Prompt
When all these settings have been made, click on the OK button.
If it prompts you as to whether or not you want to save the settings, press the Yes button.
Next press the Apply button and then the OK to exit the Internet Properties page.
Use an AntiVirus Software - It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future.
See this link for a listing of some online & their stand-alone antivirus programs:
Virus, Spyware, and Malware Protection and Removal Resources (http://www.bleepingcomputer.com/forums/topict405.html)
Update your AntiVirus Software - It is imperitive that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.
Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is succeptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.
For a tutorial on Firewalls and a listing of some available ones see the link below:
Understanding and Using Firewalls (http://www.bleepingcomputer.com/forums/tutorial60.html)
Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com (http://www.windowsupdate.com) regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
Install Spybot - Search and Destroy - Install and download Spybot - Search and Destroy with its TeaTimer option. This will provide realtime spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with program on a regular basis just as you would an antivirus software.
A tutorial on installing & using this product can be found here:
Using Spybot - Search & Destroy to remove Spyware , Malware, and Hijackers (http://www.bleepingcomputer.com/forums/tutorial43.html)
Install Ad-Aware - Install and download Ad-Aware. ou should also scan your computer with program on a regular basis just as you would an antivirus software in conjunction with Spybot.
A tutorial on installing & using this product can be found here:
Using Ad-aware to remove Spyware, Malware, & Hijackers from Your Computer (http://www.bleepingcomputer.com/forums/tutorial48.html)
Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.
A tutorial on installing & using this product can be found here:
Using SpywareBlaster to protect your computer from Spyware and Malware (http://www.bleepingcomputer.com/forums/tutorial49.html)
Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Follow this list and your potential for being infected again will reduce dramatically.
here are some additional utilities that will enhance your safety
IE/Spyad (https://netfiles.uiuc.edu/ehowes/www/resource.htm) <= IE/Spyad places over 4000 websites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites.
MVPS Hosts file (http://mvps.org/winhelp2002/hosts.htm) <= The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your coputer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer
Google Toolbar (http://toolbar.google.com/) <= Get the free google toolbar to help stop pop up windows.
Winpatrol (http://www.winpatrol.com/) <= Download and install the free version of Winpatrol. a tutorial for this product is located here:
Using Winpatrol to protect your computer from malicious software (http://www.winpatrol.com/features.html)
LonnyRJones
2006-01-15, 14:31
Im Glad we could help
Since the problems are solved Im going to close the topic now, this keeps others with similar problems from posting there logs/question here, they should start a new topic.
If you should need to post another log for the same PC let one of the forum moderators know.