PDA

View Full Version : Malware removal result [LOGS]


joey_md
2006-03-28, 17:33
Hello there, Well Tashi hope this is right.
These are the resultas i got:

1.- HijackThis1: :scratch:

Logfile of HijackThis v1.99.1
Scan saved at 7:16:19, on 28/03/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\ARCHIV~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\WINDOWS\Explorer.EXE
C:\ARCHIV~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Archivos de programa\ewido anti-malware\ewidoctrl.exe
C:\Archivos de programa\ewido anti-malware\ewidoguard.exe
C:\Archivos de programa\Archivos comunes\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\ARCHIV~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Archivos de programa\MSN Apps\Updater\01.03.0000.1005\es-us\msnappau.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Archivos de programa\Messenger\msmsgs.exe
C:\Archivos de programa\MSN Messenger\MsnMsgr.Exe
C:\Archivos de programa\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Archivos de programa\Palm\HotSync.exe
C:\Archivos de programa\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Archivos de programa\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll (file missing)
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Archivos de programa\MSN Apps\MSN Toolbar\01.02.5000.1021\es-us\msntb.dll (file missing)
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Archivos de programa\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\ARCHIV~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [msnappau] "C:\Archivos de programa\MSN Apps\Updater\01.03.0000.1005\es-us\msnappau.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Archivos de programa\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Archivos de programa\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [RoboForm] "C:\Archivos de programa\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Archivos de programa\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HotSync Manager.lnk = C:\Archivos de programa\Palm\HotSync.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Archivos de programa\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Customize Menu - file://C:\Archivos de programa\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:\Archivos de programa\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Archivos de programa\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Archivos de programa\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Archivos de programa\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Archivos de programa\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Archivos de programa\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Archivos de programa\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Archivos de programa\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Archivos de programa\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\MSMSGS.EXE
O16 - DPF: {53A1630A-DB38-4316-B18F-911719E1F66E} (MSN Money Ticker) - http://fdl.msn.com/public/investor/v10/ticker.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1138942866826
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1138945075293
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by111fd.bay111.hotmail.msn.com/activex/HMAtchmt.ocx
O16 - DPF: {FE1A240F-B247-4E06-A600-30E28F5AF3A0} - http://toolbar2.globalwebsearch.com/winenc32.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{296445FF-6827-498D-8BA3-8AB6E7392F02}: NameServer = 200.105.133.70 200.105.133.71
O17 - HKLM\System\CCS\Services\Tcpip\..\{851DA4C1-65FF-4F09-AD91-3A7BE6248B38}: NameServer = 166.114.10.10
O17 - HKLM\System\CS1\Services\Tcpip\..\{296445FF-6827-498D-8BA3-8AB6E7392F02}: NameServer = 200.105.133.70 200.105.133.71
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\ARCHIV~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARCHIV~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARCHIV~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Archivos de programa\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Archivos de programa\ewido anti-malware\ewidoguard.exe

2.- HijackThis2: :scratch:

Logfile of HijackThis v1.99.1
Scan saved at 7:16:19, on 28/03/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\ARCHIV~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\WINDOWS\Explorer.EXE
C:\ARCHIV~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Archivos de programa\ewido anti-malware\ewidoctrl.exe
C:\Archivos de programa\ewido anti-malware\ewidoguard.exe
C:\Archivos de programa\Archivos comunes\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\ARCHIV~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Archivos de programa\MSN Apps\Updater\01.03.0000.1005\es-us\msnappau.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Archivos de programa\Messenger\msmsgs.exe
C:\Archivos de programa\MSN Messenger\MsnMsgr.Exe
C:\Archivos de programa\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Archivos de programa\Palm\HotSync.exe
C:\Archivos de programa\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Archivos de programa\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll (file missing)
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Archivos de programa\MSN Apps\MSN Toolbar\01.02.5000.1021\es-us\msntb.dll (file missing)
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Archivos de programa\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\ARCHIV~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [msnappau] "C:\Archivos de programa\MSN Apps\Updater\01.03.0000.1005\es-us\msnappau.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Archivos de programa\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Archivos de programa\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [RoboForm] "C:\Archivos de programa\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Archivos de programa\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HotSync Manager.lnk = C:\Archivos de programa\Palm\HotSync.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Archivos de programa\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Customize Menu - file://C:\Archivos de programa\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:\Archivos de programa\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Archivos de programa\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Archivos de programa\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Archivos de programa\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Archivos de programa\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Archivos de programa\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Archivos de programa\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Archivos de programa\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Archivos de programa\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\MSMSGS.EXE
O16 - DPF: {53A1630A-DB38-4316-B18F-911719E1F66E} (MSN Money Ticker) - http://fdl.msn.com/public/investor/v10/ticker.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1138942866826
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1138945075293
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by111fd.bay111.hotmail.msn.com/activex/HMAtchmt.ocx
O16 - DPF: {FE1A240F-B247-4E06-A600-30E28F5AF3A0} - http://toolbar2.globalwebsearch.com/winenc32.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{296445FF-6827-498D-8BA3-8AB6E7392F02}: NameServer = 200.105.133.70 200.105.133.71
O17 - HKLM\System\CCS\Services\Tcpip\..\{851DA4C1-65FF-4F09-AD91-3A7BE6248B38}: NameServer = 166.114.10.10
O17 - HKLM\System\CS1\Services\Tcpip\..\{296445FF-6827-498D-8BA3-8AB6E7392F02}: NameServer = 200.105.133.70 200.105.133.71
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\ARCHIV~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARCHIV~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARCHIV~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Archivos de programa\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Archivos de programa\ewido anti-malware\ewidoguard.exe

4.- Panda: :scratch:
Adware/emediacodec Not disinfected C:\WINDOWS\SYSTEM32dfrgsrv.exe
Adware:adware/ilookup Not disinfected
C:\WINDOWS\SYSTEM32winenc32.dll
Adware:Adware/Sqwire Not disinfected
C:\Archivosdeprograma\commonfiles\fimk\fimkd\fimkc.dll
Potentially unwanted tool:Application/Processor Not disinfected C:\WINDOWS\DownloadedInstallations\smitRem\Process.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\WINDOWS\DownloadedInstallations\smitRem.exeProcess.exe]
Adware:Adware/ILookup Not disinfected
C:\WINDOWS\DownloadedProgramFiles\winenc32.inf
Adware:Adware/ILookup Not disinfected
C:\WINDOWS\system32winenc32.dll
_________________________________________________________________

I got a total of more then 25 infected files, and all the junk that was poping up is gone!!!!!!!!!!!!!!!!!!!!!
Panda stated there was some more.
Any way thanks Tashi, u just made it in my top 5 Prayer List:angel:
Hope this is the right place and way to do this. did i miss or omit some thing, what suggestions do u guys have.
Thx for your time and help
CalamityJane
2006-03-30, 23:53
Hi joey,

Could you also post the log from Ewido scan and the Smitfile.txt (located on your hard drive)

Did you happen to delete the infected files that Panda found? The SmitRem tool should have deleted some of those (which is why I need to see the Smitfiles.txt log)
joey_md
2006-03-31, 08:07
Yes here u go, sorry to make u come and go and come back, thanks
Joey

Smit file:

smitRem © log file
version 2.8

by noahdfear


Microsoft Windows XP [Versi¢n 5.1.2600]

Running from
C:\WINDOWS\Downloaded Installations\smitRem

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Pre-run SharedTask Export

(GetSTS.exe) SharedTaskScheduler exporter by Lawrence Abrams (Grinler)
Copyright(C) 2006 BleepingComputer.com

Registry Pseudo-Format Mode (Not a valid reg file):

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Precargador Browseui"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Demonio de caché de las categorías de componente"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InProcServer32]
@="%SystemRoot%\System32\browseui.dll"


[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InProcServer32]
@="%SystemRoot%\System32\browseui.dll"


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

checking for ShudderLTD key

ShudderLTD key not present!

checking for PSGuard.com key


PSGuard.com key not present!


checking for WinHound.com key


WinHound.com key not present!

spyaxe uninstaller NOT present
Winhound uninstaller NOT present
SpywareStrike uninstaller NOT present

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Existing Pre-run Files


~~~ Program Files ~~~



~~~ Shortcuts ~~~



~~~ Favorites ~~~



~~~ system32 folder ~~~

1024 dir
ld****.tmp
ncompat.tlb
hp***.tmp


~~~ Icons in System32 ~~~



~~~ Windows directory ~~~



~~~ Drive root ~~~


~~~ Miscellaneous Files/folders ~~~




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 1336 'explorer.exe'
Killing PID 1336 'explorer.exe'

Starting registry repairs

Registry repairs complete

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

SharedTask Export after registry fix

(GetSTS.exe) SharedTaskScheduler exporter by Lawrence Abrams (Grinler)
Copyright(C) 2006 BleepingComputer.com

Registry Pseudo-Format Mode (Not a valid reg file):

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Precargador Browseui"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Demonio de caché de las categorías de componente"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InProcServer32]
@="%SystemRoot%\System32\browseui.dll"


[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InProcServer32]
@="%SystemRoot%\System32\browseui.dll"


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Deleting files

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Remaining Post-run Files


~~~ Program Files ~~~



~~~ Shortcuts ~~~



~~~ Favorites ~~~



~~~ system32 folder ~~~

ld****.tmp
ncompat.tlb


~~~ Icons in System32 ~~~



~~~ Windows directory ~~~



~~~ Drive root ~~~


~~~ Miscellaneous Files/folders ~~~


~~~ Wininet.dll ~~~

CLEAN! :)


Ewido file:

---------------------------------------------------------
ewido anti-malware - Report de exploración
---------------------------------------------------------

+ Creado en: 5:25:41, 28/03/2006
+ Report-Checksum: 89C7AC02

+ Scan result:

HKU\S-1-5-21-1715567821-1275210071-1801674531-1003\Software\CashFiesta -> Adware.CashFiesta : Limpio con backup
HKU\S-1-5-21-1715567821-1275210071-1801674531-1003\Software\CashFiesta\Cashfiesta -> Adware.CashFiesta : Limpio con backup
HKU\S-1-5-21-1715567821-1275210071-1801674531-1003\Software\CashFiesta\Cashfiesta\Config -> Adware.CashFiesta : Limpio con backup
HKU\S-1-5-21-1715567821-1275210071-1801674531-1003\Software\CashFiesta\Cashfiesta\Install -> Adware.CashFiesta : Limpio con backup
HKU\S-1-5-21-1715567821-1275210071-1801674531-1003\Software\CashFiesta\Cashfiesta\Update -> Adware.CashFiesta : Limpio con backup
C:\Archivos de programa\common files\fimk\fimkp.exe -> Adware.Xupiter : Limpio con backup
C:\Documents and Settings\USUARIO\Cookies\usuario@2o7[2].txt -> TrackingCookie.2o7 : Limpio con backup
C:\Documents and Settings\USUARIO\Cookies\usuario@ads.addynamix[1].txt -> TrackingCookie.Addynamix : Limpio con backup
C:\Documents and Settings\USUARIO\Cookies\usuario@ads.pointroll[1].txt -> TrackingCookie.Pointroll : Limpio con backup
C:\Documents and Settings\USUARIO\Cookies\usuario@e-2dj6wfkyald5sao.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Limpio con backup
C:\Documents and Settings\USUARIO\Cookies\usuario@e-2dj6wfmiahczcfo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Limpio con backup
C:\Documents and Settings\USUARIO\Cookies\usuario@e-2dj6wjlygodjceo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Limpio con backup
C:\Documents and Settings\USUARIO\Cookies\usuario@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Limpio con backup
C:\Documents and Settings\USUARIO\Cookies\usuario@questionmarket[1].txt -> TrackingCookie.Questionmarket : Limpio con backup
C:\Documents and Settings\USUARIO\Cookies\usuario@z1.adserver[1].txt -> TrackingCookie.Adserver : Limpio con backup
C:\WINDOWS\Downloaded Installations\cfshtie.dll -> Adware.CashFiesta : Limpio con backup
C:\WINDOWS\Downloaded Installations\Impcfw.dll -> Adware.CashFiesta : Limpio con backup
C:\WINDOWS\Downloaded Installations\ProcMod.dll -> Adware.CashFiesta : Limpio con backup


::Fin Report


ewido file 2

--------------------------------------------------------
ewido anti-malware - Report de exploración
---------------------------------------------------------

+ Creado en: 12:29:47, 28/03/2006
+ Report-Checksum: C8E0429

+ Scan result:

C:\Documents and Settings\USUARIO\Cookies\usuario@2o7[1].txt -> TrackingCookie.2o7 : Limpio con backup
C:\Documents and Settings\USUARIO\Cookies\usuario@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Limpio con backup
C:\Documents and Settings\USUARIO\Cookies\usuario@ads.pointroll[2].txt -> TrackingCookie.Pointroll : Limpio con backup
C:\Documents and Settings\USUARIO\Cookies\usuario@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Limpio con backup


::Fin Report
CalamityJane
2006-03-31, 16:04
SmitRem could not delete these two files:
ld****.tmp
ncompat.tlb

Did you run SmitRem in Safe Mode? If not, please try that. and post a fresh log from Smitfiles.txt back here.
joey_md
2006-03-31, 18:37
SmitRem could not delete these two files:
ld****.tmp
ncompat.tlb

Did you run SmitRem in Safe Mode? If not, please try that. and post a fresh log from Smitfiles.txt back here.



Here you go smitfile of today in safe mode. were the other things okay??? or should i do every thing one more time and post results?? Any way thank Calamity

smitRem © log file
version 2.8

by noahdfear


Microsoft Windows XP [Versi¢n 5.1.2600]

Running from
C:\WINDOWS\Downloaded Installations\smitRem

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Pre-run SharedTask Export

(GetSTS.exe) SharedTaskScheduler exporter by Lawrence Abrams (Grinler)
Copyright(C) 2006 BleepingComputer.com

Registry Pseudo-Format Mode (Not a valid reg file):

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Precargador Browseui"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Demonio de caché de las categorías de componente"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InProcServer32]
@="%SystemRoot%\System32\browseui.dll"


[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InProcServer32]
@="%SystemRoot%\System32\browseui.dll"


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

checking for ShudderLTD key

ShudderLTD key not present!

checking for PSGuard.com key


PSGuard.com key not present!


checking for WinHound.com key


WinHound.com key not present!

spyaxe uninstaller NOT present
Winhound uninstaller NOT present
SpywareStrike uninstaller NOT present

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Existing Pre-run Files


~~~ Program Files ~~~



~~~ Shortcuts ~~~



~~~ Favorites ~~~



~~~ system32 folder ~~~

ld****.tmp


~~~ Icons in System32 ~~~



~~~ Windows directory ~~~



~~~ Drive root ~~~


~~~ Miscellaneous Files/folders ~~~




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 1320 'explorer.exe'
Killing PID 1320 'explorer.exe'

Starting registry repairs

Registry repairs complete

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

SharedTask Export after registry fix

(GetSTS.exe) SharedTaskScheduler exporter by Lawrence Abrams (Grinler)
Copyright(C) 2006 BleepingComputer.com

Registry Pseudo-Format Mode (Not a valid reg file):

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Precargador Browseui"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Demonio de caché de las categorías de componente"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InProcServer32]
@="%SystemRoot%\System32\browseui.dll"


[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InProcServer32]
@="%SystemRoot%\System32\browseui.dll"


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Deleting files

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Remaining Post-run Files


~~~ Program Files ~~~



~~~ Shortcuts ~~~



~~~ Favorites ~~~



~~~ system32 folder ~~~



~~~ Icons in System32 ~~~



~~~ Windows directory ~~~



~~~ Drive root ~~~


~~~ Miscellaneous Files/folders ~~~


~~~ Wininet.dll ~~~

CLEAN! :)




Very gratefully :bigthumb:
Joey_md
CalamityJane
2006-03-31, 18:50
That got it :bigthumb:

Yes the rest looked ok, but I would recommend a Panda Scan as it may find some remnants (it may not be able to remove them, but save the scan log and post the results back here)

Can you post a fresh HijackThis log as well please? Just want to double check.
joey_md
2006-04-01, 06:10
That got it :bigthumb:

Yes the rest looked ok, but I would recommend a Panda Scan as it may find some remnants (it may not be able to remove them, but save the scan log and post the results back here)

Can you post a fresh HijackThis log as well please? Just want to double check.



Panda file 31/03/06 23:00
Incident Status Location

Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\USUARIO\Cookies\usuario@apmebf[2].txt
Spyware:Cookie/did-it Not disinfected C:\Documents and Settings\USUARIO\Cookies\usuario@did-it[1].txt
Spyware:Cookie/DomainSponsor Not disinfected C:\Documents and Settings\USUARIO\Cookies\usuario@landing.domainsponsor[1].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\USUARIO\Cookies\usuario@realmedia[1].txt
Spyware:Cookie/WebPower Not disinfected C:\Documents and Settings\USUARIO\Cookies\usuario@webpower[2].txt
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\USUARIO\Cookies\usuario@apmebf[2].txt
Spyware:Cookie/did-it Not disinfected C:\Documents and Settings\USUARIO\Cookies\usuario@did-it[1].txt
Spyware:Cookie/DomainSponsor Not disinfected C:\Documents and Settings\USUARIO\Cookies\usuario@landing.domainsponsor[1].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\USUARIO\Cookies\usuario@realmedia[1].txt
Spyware:Cookie/WebPower Not disinfected C:\Documents and Settings\USUARIO\Cookies\usuario@webpower[2].txt
Potentially unwanted tool:Application/Processor Not disinfected C:\WINDOWS\Downloaded Installations\smitRem\Process.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\WINDOWS\Downloaded Installations\smitRem.exe[Process.exe]
Hijack file 31/03/06 22:57

Logfile of HijackThis v1.99.1
Scan saved at 22:57:54, on 31/03/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\ARCHIV~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\ARCHIV~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Archivos de programa\ewido anti-malware\ewidoctrl.exe
C:\Archivos de programa\ewido anti-malware\ewidoguard.exe
C:\Archivos de programa\Archivos comunes\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\ARCHIV~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Archivos de programa\MSN Apps\Updater\01.03.0000.1005\es-us\msnappau.exe
C:\Archivos de programa\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Archivos de programa\Messenger\msmsgs.exe
C:\Archivos de programa\MSN Messenger\MsnMsgr.Exe
C:\Archivos de programa\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Archivos de programa\Spybot - Search & Destroy\TeaTimer.exe
C:\Archivos de programa\Palm\HotSync.exe
C:\WINDOWS\System32\svchost.exe
C:\Archivos de programa\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Archivos de programa\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll (file missing)
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Archivos de programa\MSN Apps\MSN Toolbar\01.02.5000.1021\es-us\msntb.dll (file missing)
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Archivos de programa\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\ARCHIV~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [msnappau] "C:\Archivos de programa\MSN Apps\Updater\01.03.0000.1005\es-us\msnappau.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Archivos de programa\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Archivos de programa\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Archivos de programa\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [RoboForm] "C:\Archivos de programa\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Archivos de programa\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Archivos de programa\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HotSync Manager.lnk = C:\Archivos de programa\Palm\HotSync.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Archivos de programa\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Customize Menu - file://C:\Archivos de programa\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:\Archivos de programa\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Archivos de programa\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Archivos de programa\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Archivos de programa\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Archivos de programa\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Archivos de programa\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Archivos de programa\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Archivos de programa\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Archivos de programa\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\MSMSGS.EXE
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {53A1630A-DB38-4316-B18F-911719E1F66E} (MSN Money Ticker) - http://fdl.msn.com/public/investor/v10/ticker.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1138942866826
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1138945075293
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by111fd.bay111.hotmail.msn.com/activex/HMAtchmt.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{296445FF-6827-498D-8BA3-8AB6E7392F02}: NameServer = 200.105.133.70 200.105.133.71
O17 - HKLM\System\CCS\Services\Tcpip\..\{851DA4C1-65FF-4F09-AD91-3A7BE6248B38}: NameServer = 166.114.10.10
O17 - HKLM\System\CS1\Services\Tcpip\..\{296445FF-6827-498D-8BA3-8AB6E7392F02}: NameServer = 200.105.133.70 200.105.133.71
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\ARCHIV~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARCHIV~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARCHIV~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Archivos de programa\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Archivos de programa\ewido anti-malware\ewidoguard.exe

Once again thank u!!!!!! your my Angel :angel:

so what do u suggest, repeat this every so often, or just log on and look for what is new????
CalamityJane
2006-04-01, 16:04
No, you do not need to repeat this again - your logs look clean.

Panda only found some minor cookies (they can't infect) but you can delete those manually if you wish. You can delete the SmitRem folder too, we're done with that now.

Now that your PC is clean, make sure all programs are running properly and then you'll need to reset your restore point in Windows XP.......why?

One of the best features of Windows ME or XP is the System Restore option, however if a malware infects a computer with this operating system it can be backed up in the System Restore folder. Therefore, clearing the restore points is necessary after malware removal.

To reset your restore points, please note that you will need to log into your computer with an account which has full administrator access. You will know if the account has administrator access because you will be able to see the System Restore tab. If the tab is missing, you are logged in under a limited account.

(winXP)

1. Turn off System Restore.
Go to Start > Run, click on *My Computer*.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

2. Reboot.

3. Turn ON System Restore.
Go to Start > Run, click on *My Computer*.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK.

How to Turn On and Turn Off System Restore in Windows XP
http://support.microsoft.com/default.aspx?scid=kb;en-us;310405

Next, I highly recommend you get some extra protection to prevent future infections. Here are some things you can do and some free programs to help :).

"So, how did I get infected in the first place?" (by Tony Klein)
http://forums.spybot.info/showthread.php?t=279

Important!You need to get service pack 2 for XP and IE Please be sure to visit Windows Update - get ALL the critical security updates recommended for your operating system and IE. The first defense against infection is a properly patched OS.
http://v4.windowsupdate.microsoft.com/en/default.asp

Make sure that you keep your Operating System and IE updated with the latest Critical Security Updates from Microsoft...they usually come out once a month, on the 2nd Tuesday of each month. This is the first step in malware prevention, as many nasties now take advantage of new exploits and if not patched, you are vulnerable!

And see this link for instructions on how to configure the enhanced security features in SP2:
http://www.microsoft.com/technet/security/smallbusiness/prodtech/windowsxp/iesecxp.mspx

I also highly recommend to get the free tool, Microsoft Baseline Security Analyzer (MBSA) from Microsoft to analyze your PC security for prevention purposes.

MBSA Version 2.0 will scan for common system misconfigurations on Windows 2000, Windows XP, and Windows Server 2003 systems. This program will identify the system security weaknesses in your browser and operating system and provides easy instructions to correct them. This includes any missing critical Windows security updates, system vulnerabilities and your IE Browser security settings. Get the download here:
Microsoft Baseline Security Analyzer
http://www.microsoft.com/technet/security/tools/mbsahome.mspx
Choose MBSAsetup-EN.msi = (English Version) or the language appropriate for you.
joey_md
2006-04-02, 10:36
God bless u Calamity, thank u very much. it is refreshing to know that it is okay to not be comp. savy after all, and that are people out there that i can help. I felt very inept with comp & technology in general after last year that i couldn't set up my sister home entertaiment center and i forget what computer program....:scratch: . then my 11 year old nephew set up both in less then 15 min before dinner,:eek: after this mother told him that i was most of the afternoon playing around with both equipment..... i became my father that night.... technology passed me by. Thanks for making this process less painfull.
I now that this may sound a bit melodramatic but u si i used to be like my nephew, could open and take apart a Tv or radio and put it back together... u name it. but i guess it will happen to all of us one day.:D
Thanks
joey_md
LonnyRJones
2006-04-05, 13:27
Im Glad we could help
Since the problems are solved Im going to close the topic now, this keeps others with similar problems from posting there logs/question here, they should start a new topic.
If you should need to post another log for the same PC let Me, CalamityJane or Tashi know.