Hello,
There are some problems with my computer, I think there is several spyware on my computer, including: DeluxeCommunication, DoubleClick, Atdmt and Mediaplex.
I tried several options like Antyspyware sweap from Spybot, Trojan Remover, Anti Virus from several suppliers...
Stil I have pop-ups and my computer is very slow. Can you help me?
Thank you!
Logfile of HijackThis v1.99.1
Scan saved at 16:41:45, on 2-11-2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\Program Files\Comodo\common\CAVASpy\cavasm.exe
C:\WINDOWS\system32\o2flash.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\Program Files\Comodo\Comodo AntiVirus\CMain.exe
C:\Program Files\Comodo\LaunchPad\CLPTray.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Comodo\Comodo AntiVirus\Cavaud.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Comodo\Comodo AntiVirus\CavSn.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe
C:\DOCUME~1\Jur\LOCALS~1\Temp\Tijdelijke map 1 voor hijackthis_199.zip\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://login.live.com/login.srf?id=2&svc=mail&cbid=24325&msppjph=1&tw=0&fs=1&fsa=1&fsat=1296000&lc=1043&_lang=NL
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
R3 - URLSearchHook: (no name) - {A8BD6820-6ED7-423E-9558-2D1486B0FEEA} - C:\Program Files\DeluxeCommunications\DxcBho.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [rrn89e39] RUNDLL32.EXE w14fdac2.dll,n 00689e330000000a14fdac2
O4 - HKLM\..\Run: [DeluxeCommunications] C:\Program Files\DeluxeCommunications\Dxc.exe
O4 - HKLM\..\Run: [IpWins] C:\Program Files\ipwins\ipwins.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Comodo Firewall] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [cnfgCav] "C:\Program Files\Comodo\Comodo AntiVirus\CMain.exe" " /login"
O4 - HKLM\..\Run: [Comodo Launch Pad Tray] C:\Program Files\Comodo\LaunchPad\CLPTray.exe
O4 - HKLM\..\Run: [SpyHunter] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe
O4 - HKCU\..\Run: [DeluxeCommunications] C:\Program Files\DeluxeCommunications\Dxc.exe
O4 - HKCU\..\Run: [Dvvp] C:\Documents and Settings\Jur\Application Data\s?stem\w?crtupd.exe
O4 - HKCU\..\Run: [Rnoo] "C:\WINDOWS\system32\SSTEM~1\arpa.exe" -vt ndrv
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\cavemlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\cavemlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\cavemlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\cavemlsp.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: Comodo Anti-Virus and Anti-Spyware Service - Comodo Inc. - C:\Program Files\Comodo\common\CAVASpy\cavasm.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: O2Micro Flash Memory (O2Flash) - Unknown owner - C:\WINDOWS\system32\o2flash.exe
Hi jurgen and welcome to Safer Networking Forums :)
You got some infections there...
Please download HijackThis to your desktop from here -> HijackThis 1.99.1 (http://downloads.malwareremoval.com/HijackThis.exe)
Create a new folder named HijackThis to your desktop. Move Hijackthis.exe into that folder.
1. Download this file - combofix.exe (http://download.bleepingcomputer.com/sUBs/combofix.exe)
2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log in your next reply along with a fresh HijackThis log.
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall
Hey Mr Jak3!
Thanks for the advise!
I followed your steps and this are the logfiles:
Combofix:
Jur - 06-11-03 9:36:24,37 Service Pack 2
ComboFix 06.10.19 - Running from: "C:\Documents and Settings\Jur\Bureaublad\HijachThis"
((((((((((((((((((((((((((((((((((((((((((( E-Give / Ssk's Log )))))))))))))))))))))))))))))))))))))))))))))))))
C:\Documents and Settings\Jur\Application Data\Dxcknwrd.dll
C:\Documents and Settings\Jur\Application Data\Dxcuknwrd.dll
* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\Program Files\Common Files\Yazzle1122OinAdmin.exe
C:\Program Files\Common Files\Yazzle1122OinUninstaller.exe
C:\Program Files\outlook
C:\Program Files\Common Files\{303552BF-063C-1043-0704-06060411001f}
C:\Program Files\Common Files\{603552BF-063C-1043-0704-06060411001f}
~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
Folders Quarantined:
C:\QooBox\Purity\Documents and Settings\Jur\Application Data\SSTEM~1
C:\QooBox\Purity\Documents and Settings\Jur\Application Data\SSTEM~1\w?crtupd.exe
C:\QooBox\Purity\WINDOWS\system32\SSTEM~1
C:\QooBox\Purity\WINDOWS\system32\SSTEM~1\SSTEM~1
((((((((((((((((((((((((((((((( Files Created from 2006-10-03 to 2006-11-03 ))))))))))))))))))))))))))))))))))
2006-11-02 11:53 73,728 --a------ C:\WINDOWS\system32\CavEmLSP.dll
2006-11-02 11:53 55,424 --a------ C:\WINDOWS\system32\drivers\cavasm.sys
2006-11-02 10:08 69,120 --a------ C:\WINDOWS\system32\drivers\inspect.sys
2006-11-02 10:08 61,056 --a------ C:\WINDOWS\system32\drivers\cmdmon.sys
2006-11-01 15:33 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2006-11-01 15:14 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll
2006-11-01 15:14 13,312 --a------ C:\WINDOWS\system32\irclass.dll
2006-10-31 21:35 75,264 --a------ C:\WINDOWS\system32\unacev2.dll
2006-10-31 21:35 3,440 --a------ C:\WINDOWS\undo.reg
2006-10-31 21:35 153,088 --a------ C:\WINDOWS\system32\UNRAR3.dll
2006-10-31 14:55 2 --a------ C:\WINDOWS\system32\wapicc.exe
2006-10-31 14:52 8,464 --a------ C:\WINDOWS\system32\sporder.dll
2006-10-31 14:52 1,259 --a------ C:\WINDOWS\system32\rrn89e39.sys
2006-10-26 19:42 5,504 --a------ C:\WINDOWS\system32\drivers\MSTEE.sys
2006-10-26 19:41 85,376 --a------ C:\WINDOWS\system32\drivers\NABTSFEC.sys
2006-10-26 19:41 54,272 --a------ C:\WINDOWS\system32\vfwwdm32.dll
2006-10-26 19:41 19,328 --a------ C:\WINDOWS\system32\drivers\WSTCODEC.SYS
2006-10-26 19:41 17,024 --a------ C:\WINDOWS\system32\drivers\CCDECODE.sys
2006-10-26 19:38 913,280 --a------ C:\WINDOWS\system32\drivers\LV302AV.SYS
2006-10-26 19:38 7,136 --a------ C:\WINDOWS\system32\drivers\lv302af.sys
2006-10-26 19:38 53,248 -ra------ C:\WINDOWS\system32\InstMed.exe
2006-10-26 19:38 372,736 --a------ C:\WINDOWS\system32\LVUI2RC.dll
2006-10-26 19:38 22,016 --a------ C:\WINDOWS\system32\drivers\LVUSBSta.sys
2006-10-26 19:38 204,800 --a------ C:\WINDOWS\system32\LVUI2.dll
2006-10-26 19:38 204,800 --a------ C:\WINDOWS\system32\lvcodec2.dll
2006-10-26 19:38 2,180,096 --a------ C:\WINDOWS\system32\drivers\LVSVF2.sys
2006-10-26 19:38 106,496 --a------ C:\WINDOWS\system32\lvcoinst.dll
2006-10-26 19:35 59,264 --a------ C:\WINDOWS\system32\drivers\USBAUDIO.sys
2006-10-26 16:59 778,656 --a------ C:\WINDOWS\system32\drivers\avg7core.sys
2006-10-26 16:59 4,288 --a------ C:\WINDOWS\system32\drivers\avg7rsw.sys
2006-10-26 16:59 27,904 --a------ C:\WINDOWS\system32\drivers\avg7rsxp.sys
2006-10-26 15:59 4,992 --a------ C:\WINDOWS\system32\drivers\avgtdi.sys
2006-10-26 14:34 24,816 --a------ C:\WINDOWS\system32\mdimon.dll
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2006-11-03 09:36 -------- d-------- C:\Program Files\Common Files
2006-11-02 16:59 -------- d-------- C:\Program Files\Enigma Software Group
2006-11-02 16:32 -------- d-------- C:\Program Files\SpywareBlaster
2006-11-02 12:18 -------- d-------- C:\Documents and Settings\Jur\Application Data\Skype
2006-11-02 11:54 -------- d-------- C:\Program Files\Comodo
2006-11-02 11:53 -------- d-------- C:\Program Files\Trustix
2006-11-02 10:10 -------- d-------- C:\Documents and Settings\Jur\Application Data\Comodo
2006-11-02 09:50 -------- d-------- C:\Program Files\Trojan Remover
2006-11-01 15:38 -------- d-------- C:\Program Files\Windows Media Player
2006-11-01 15:34 -------- d-------- C:\Program Files\Internet Explorer
2006-11-01 15:31 -------- d-------- C:\Program Files\Outlook Express
2006-11-01 15:31 -------- d-------- C:\Program Files\Common Files\System
2006-11-01 15:30 -------- d-------- C:\Program Files\ComPlus Applications
2006-11-01 15:29 -------- d-------- C:\Program Files\Messenger
2006-11-01 14:41 -------- d-------- C:\Program Files\Common Files\Symantec Shared
2006-11-01 12:02 -------- d-------- C:\Program Files\Google
2006-11-01 11:59 -------- d-------- C:\Program Files\LimeWire
2006-11-01 11:08 -------- d---s---- C:\Documents and Settings\Jur\Application Data\Microsoft
2006-10-31 21:35 -------- d-------- C:\Documents and Settings\Jur\Application Data\Simply Super Software
2006-10-31 21:28 -------- d-------- C:\Documents and Settings\Jur\Application Data\Sun
2006-10-31 19:48 -------- d-------- C:\Documents and Settings\Jur\Application Data\Lavasoft
2006-10-31 19:47 -------- d-------- C:\Program Files\Common Files\Adobe
2006-10-31 19:43 -------- d-------- C:\Program Files\Lavasoft
2006-10-31 19:42 -------- d-------- C:\Program Files\Picasa2
2006-10-31 18:58 -------- d-------- C:\Program Files\Online Services
2006-10-31 18:58 -------- d-------- C:\Program Files\MSN Gaming Zone
2006-10-31 16:31 -------- d-------- C:\Documents and Settings\Jur\Application Data\AVG7
2006-10-31 15:39 -------- d-------- C:\Program Files\Incomplete
2006-10-31 08:54 -------- d-------- C:\Documents and Settings\Jur\Application Data\Adobe
2006-10-31 08:53 -------- d-------- C:\Documents and Settings\Jur\Application Data\AdobeUM
2006-10-31 08:52 -------- d-------- C:\Program Files\Adobe
2006-10-28 17:19 -------- d-------- C:\Program Files\Java
2006-10-28 17:18 -------- d-------- C:\Program Files\Common Files\Java
2006-10-26 19:38 -------- d-------- C:\Program Files\Common Files\Logitech
2006-10-26 17:15 -------- d-------- C:\Program Files\MSN Messenger
2006-10-26 15:01 -------- d-------- C:\Program Files\Common Files\Microsoft Shared
2006-10-26 14:55 -------- d-------- C:\Program Files\OfficeUpdate11
2006-10-26 14:33 -------- d-------- C:\Program Files\Microsoft Office
2006-10-26 14:33 -------- d-------- C:\Program Files\Common Files\DESIGNER
2006-10-26 14:32 -------- d-------- C:\Program Files\Microsoft.NET
2006-10-26 14:24 -------- d-------- C:\Documents and Settings\Jur\Application Data\Google
2006-10-26 14:12 -------- d-------- C:\Program Files\Skype
2006-10-26 14:02 -------- d-------- C:\Documents and Settings\Jur\Application Data\Macromedia
2006-10-26 13:58 -------- d-------- C:\Program Files\Grisoft
2006-10-26 13:54 -------- d-a------ C:\Program Files\Norton Virusscanner (Nis2006)
2006-10-26 13:54 -------- d-a------ C:\Program Files\FirstSteps
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries are not shown
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"Dvvp"="C:\\Documents and Settings\\Jur\\Application Data\\s?stem\\w?crtupd.exe"
"Rnoo"="\"C:\\WINDOWS\\system32\\SSTEM~1\\arpa.exe\" -vt ndrv"
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"ATICCC"="\"C:\\Program Files\\ATI Technologies\\ATI.ACE\\cli.exe\" runtime -Delay"
"SMSERIAL"="sm56hlpr.exe"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"RemoteControl"="\"C:\\Program Files\\CyberLink\\PowerDVD\\PDVDServ.exe\""
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP"
"LVCOMSX"="C:\\WINDOWS\\system32\\LVCOMSX.EXE"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_09\\bin\\jusched.exe\""
"Adobe Photo Downloader"="\"C:\\Program Files\\Adobe\\Photoshop Album Starter Edition\\3.0\\Apps\\apdproxy.exe\""
"rrn89e39"="RUNDLL32.EXE w14fdac2.dll,n 00689e330000000a14fdac2"
"RTHDCPL"="RTHDCPL.EXE"
"Alcmtr"="ALCMTR.EXE"
"Comodo Firewall"="\"C:\\Program Files\\Comodo\\Firewall\\CPF.exe\" /background"
"cnfgCav"="\"C:\\Program Files\\Comodo\\Comodo AntiVirus\\CMain.exe\" \" /login\""
"Comodo Launch Pad Tray"="C:\\Program Files\\Comodo\\LaunchPad\\CLPTray.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000000
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Mijn huidige introductiepagina"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,00,01,00,00,00,00,00,00,00,04,00,00,02,03,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=dword:40000004
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Preloader van browseui"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Cache-daemon voor onderdeelcategorieën"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
Completion time: 06-11-03 9:38:46.48
C:\ComboFix.txt ... 06-11-03 09:38
HijackThis:
Logfile of HijackThis v1.99.1
Scan saved at 9:42:01, on 3-11-2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\Program Files\Comodo\common\CAVASpy\cavasm.exe
C:\WINDOWS\system32\o2flash.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Comodo\Firewall\CPF.exe
C:\Program Files\Comodo\Comodo AntiVirus\CMain.exe
C:\Program Files\Comodo\LaunchPad\CLPTray.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\DOCUME~1\Jur\LOCALS~1\Temp\Tijdelijke map 2 voor hijackthis_199.zip\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://login.live.com/login.srf?id=2&svc=mail&cbid=24325&msppjph=1&tw=0&fs=1&fsa=1&fsat=1296000&lc=1043&_lang=NL
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [rrn89e39] RUNDLL32.EXE w14fdac2.dll,n 00689e330000000a14fdac2
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Comodo Firewall] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [cnfgCav] "C:\Program Files\Comodo\Comodo AntiVirus\CMain.exe" " /login"
O4 - HKLM\..\Run: [Comodo Launch Pad Tray] C:\Program Files\Comodo\LaunchPad\CLPTray.exe
O4 - HKCU\..\Run: [Dvvp] C:\Documents and Settings\Jur\Application Data\s?stem\w?crtupd.exe
O4 - HKCU\..\Run: [Rnoo] "C:\WINDOWS\system32\SSTEM~1\arpa.exe" -vt ndrv
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\cavemlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\cavemlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\cavemlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\cavemlsp.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: Comodo Anti-Virus and Anti-Spyware Service - Comodo Inc. - C:\Program Files\Comodo\common\CAVASpy\cavasm.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: O2Micro Flash Memory (O2Flash) - Unknown owner - C:\WINDOWS\system32\o2flash.exe
I have no idea what it means. Does this mean that the problems are fixed?
By the way, after I posted the first thread I succesfully removed DeluxeCommunication from my computer by the menu Ad/Remove software.
What I didn't mension the first time, I get always a nitification by starting WIndows. This is the following:
'There has been found a problem by starting w14fdac2.dll. Can not find the module.' (Translated from Dutch)
Do you maybe know how to fix this problem?
Thanks for all the help so far!:)
greetz Jurgen
Hi again, we'll continue :)
You have some Enigma Software Group's programs installed. it has a suspicious reputation and I recommend that you remove all of it's programs via Control Panel, Add/Remove Programs
If you remove those, please remove the following folder too, C:\Program Files\Enigma Software Group More info here -> Link (http://www.spywarewarrior.com/rogue_anti-spyware.htm#sh_note)
Do you know anything about the following folders ?
C:\Program Files\Incomplete
C:\Program Files\FirstSteps
You should print these instructions or save these to a text file. Follow these instructions carefully.
Please download AVG Anti-Spyware to your Desktop or to your usual Download Folder.
http://www.ewido.net/en/download/
Install AVG Anti-Spyware by double clicking the installer.
Follow the prompts. Make sure that Launch AVG Anti-Spyware is checked.
On the main screen under Your Computer's security.
Click on Change state next to Resident shield. It should now change to inactive.
Click on Change state next to Automatic updates. It should now change to inactive.
Next to Last Update, click on Update now. (You will need an active internet connection to perform this)
Wait until you see the Update succesfull message.
Right-click the AVG Anti-Spyware Tray Icon and uncheck Start with Windows.
Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.
If you are having problems with the updater, you can use this link to manually update ewido.
AVG Anti-Spyware manual updates (http://www.ewido.net/en/download/updates/).
Download the Full database to your Desktop or to your usual Download Folder and install it by double clicking the file. Make sure that AVG Anti-Spyware is closed before installing the update.
Download ATF Cleaner (http://www.atribune.org/ccount/click.php?id=1) by Atribune to your desktop.
Do NOT run yet.
Please download HijackThis to your desktop from here -> HijackThis 1.99.1 (http://downloads.malwareremoval.com/HijackThis.exe)
Create a new folder named HijackThis to your desktop. Move Hijackthis.exe into that folder.
Then, make your hidden files visible:
Go to My Computer
Select the Tools menu and click Folder Options
Click the View tab.
Checkmark the "Display the contents of system folders"
Under the Hidden files and folders select "Show hidden files and folders"
Uncheck "Hide protected operating system files"
Click Apply and then the OK and close My Computer.
==================
Open Notepad (NOT WORDPAD!) and copy the following lines from the quote box below into a new document, leaving a blank line at the end. (don't forget to copy and paste the word REGEDIT4) :
REGEDIT4
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"Dvvp"="-
"Rnoo"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"rrn89e39"=-
"Alcmtr"=-
Make sure there are NO blank lines before REGEDIT4
Make sure there IS one blank line at the end of the file.
Save the document to your desktop as Fix.reg and filetype: All Files
Go to your desktop and double click on the file to run Fix.reg and when it asks you if you want to merge the contents to the registry, click yes/ok.
Run HijackThis, click Do a system scan only, and check the box next to each of these entries if still present. Close all other windows and press Fix checked. If something isn't there, please continue with the next entry in the list.
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
O4 - HKLM\..\Run: [rrn89e39] RUNDLL32.EXE w14fdac2.dll,n 00689e330000000a14fdac2
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKCU\..\Run: [Dvvp] C:\Documents and Settings\Jur\Application Data\s?stem\w?crtupd.exe
O4 - HKCU\..\Run: [Rnoo] "C:\WINDOWS\system32\SSTEM~1\arpa.exe" -vt ndrv
Restart your computer to the safe mode:
Restart your computer
Start tapping the F8 key when the computer restarts.
When the start menu opens, choose Safe mode
Press Enter. The computer then begins to start in Safe mode.
Go to the My Computer and delete the following files (if present):
C:\WINDOWS\system32\wmpns.dll
C:\WINDOWS\system32\rrn89e39.sys
Use the Windows search Start
Search
All files and folders
More advanced options Checkmark these options: "Search system folders"
"Search hidden files and folders"
"Search subfolders"
Search for this and delete if found: w14fdac2.dll
Run ATF Cleaner Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
Close ALL open Windows / Programs / Folders. Please start AVG Anti-Spyware and run a full scan.
Click on Scanner on the toolbar.
Click on the Settings tab.
Under How to act?
Click on Recommended Action and choose Quarantine from the popup menu.
Under How to scan?
All checkboxes should be ticked.
Under Possibly unwanted software:
All checkboxes should be ticked.
Under Reports:
Select Automatically generate report after every scan and uncheck Only if threats were found.
Under What to scan?
Select Scan every file.
Click on the Scan tab.
Click on Complete System Scan to start the scan process.
Let the program scan the machine.
When the scan has finished, follow the instructions below.
IMPORTANT : Don't click on the "Save Scan Report" button before you did hit the "Apply all Actions" button.
Make sure that Set all elements to: shows Quarantine (1), if not click on the link and choose Quarantine from the popup menu. (2)
At the bottom of the window click on the Apply all Actions button. (3)
http://img509.imageshack.us/img509/4851/scanavgjk2.jpg
When done, click the Save Scan Report button. (4)
Click the Save Report as button.
Save the report to your Desktop.
Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.
Reboot in Normal Mode.
================
When you're ready, post the following logs to here:
- AVG's report
- a fresh HijackThis log
Thanks so far! I did what you suggested to do.
The programs
C:\Program Files\Incomplet: these are documents left from Limewire. Incomplete downloads. I deleted those from my Program Files.
C:\Program Files\FirstSteps: there are documents that I received from my computer supplyer. These are guidens documents trough the computer options. I left these folders in place.
After I rebooted my computer in safe mode I didn't find the folder C:\WINDOWS\system32. There where other documents like C:\WINDOWS\1386 and C:\WINDOWS\system.
Also I didn;t found the folder: C:\WINDOWS\system32\rrn89e39.sys
The document wmpns.dll I did found in the folder C:\WINDOWS\1386. (I was not sure so I didn't remove this folder)
Finally I didn't found: w14fdac.dll. After I finished in Save Mode I started Windows again I didn't got the pop-up anymore! Very nice!
For your information: I don't use FireFox and Opera bowsers on my computer.
I run HijackThis and I fixed the three problems you suggested.
I also installed Anty Spyware program from AVG and the following log presented:
---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------
+ Created at: 1:00:16 5-11-2006
+ Scan result:
C:\System Volume Information\_restore{28D617AA-B4F3-4060-9BC2-85D787C0CC48}\RP2\A0000336.dll -> Adware.SurfSide : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{28D617AA-B4F3-4060-9BC2-85D787C0CC48}\RP2\A0000337.dll -> Adware.SurfSide : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{28D617AA-B4F3-4060-9BC2-85D787C0CC48}\RP2\A0000338.exe -> Adware.SurfSide : Cleaned with backup (quarantined).
C:\nwnmff_e44.exe_tobedeleted -> Downloader.Adload.fy : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{28D617AA-B4F3-4060-9BC2-85D787C0CC48}\RP2\A0000361.exe -> Dropper.Small : Cleaned with backup (quarantined).
::Report end
The new HijackThis logfile:
Logfile of HijackThis v1.99.1
Scan saved at 16:35:41, on 5-11-2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\Program Files\Comodo\common\CAVASpy\cavasm.exe
C:\WINDOWS\system32\o2flash.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\Program Files\Comodo\Comodo AntiVirus\CMain.exe
C:\Program Files\Comodo\LaunchPad\CLPTray.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\DOCUME~1\Jur\LOCALS~1\Temp\Tijdelijke map 1 voor hijackthis_199.zip\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://login.live.com/login.srf?id=2&svc=mail&cbid=24325&msppjph=1&tw=0&fs=1&fsa=1&fsat=1296000&lc=1043&_lang=NL
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Comodo Firewall] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [cnfgCav] "C:\Program Files\Comodo\Comodo AntiVirus\CMain.exe" " /login"
O4 - HKLM\..\Run: [Comodo Launch Pad Tray] C:\Program Files\Comodo\LaunchPad\CLPTray.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\cavemlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\cavemlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\cavemlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\cavemlsp.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: Comodo Anti-Virus and Anti-Spyware Service - Comodo Inc. - C:\Program Files\Comodo\common\CAVASpy\cavasm.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: O2Micro Flash Memory (O2Flash) - Unknown owner - C:\WINDOWS\system32\o2flash.exe
Well, for so far. I did entered all your suggestions and there were no problems. And how are my problems doing? Are those fixed or still running on my computer?
Thanks mate!:)
greetz Jurgen
Hi again, it is looking quite good :)
How is the pc running ?
You did the right thing with those folders and files.
Open HijackThis.
Open the Misc Tools section
Delete a file on Reboot
Copy the following line to the filenamebox and press Open; C:\WINDOWS\system32\rrn89e39.sys
Answer Yes and allow to do a reboot.
if the computer doesn't reboot, do it yourself.
Please do an online scan with Kaspersky WebScanner (http://www.kaspersky.com/virusscanner)
Click on Kaspersky Online Scanner
You will be promted to install an ActiveX component from Kaspersky, Click Yes.
The program will launch and then begin downloading the latest definition files:
Once the files have been downloaded click on NEXT
Now click on Scan Settings
In the scan settings make that the following are selected:
Scan using the following Anti-Virus database:
Extended (if available otherwise Standard)
Scan Options:
Scan Archives
Scan Mail Bases
Click OK
Now under select a target to scan:Select My Computer
This will program will start and scan your system.
The scan will take a while so be patient and let it run.
Once the scan is complete it will display if your system has been infected.
Now click on the Save as Text button:
Save the file to your desktop.
Copy and paste that information in your next post along with a fresh HijackThis log.
My computer is working very nice! It is fast and no errors anymore! Tnx for that!:)
I was wondering what I shall do with all those new and old programs like:
AVG Anti Spyware
ATF Cleaner
Karpersky
Comodo Antivirus
SpyBlaster
Combofix
Norton Antivirus
Trojan Remover
etcetera...
What program can I remove and what program is important to use frequently?
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Monday, November 06, 2006 12:24:48 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 6/11/2006
Kaspersky Anti-Virus database records: 238592
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
C:\
D:\
Scan Statistics:
Total number of scanned objects: 39441
Number of viruses found: 7
Number of infected objects: 8 / 0
Number of suspicious objects: 0
Duration of the scan process: 00:46:44
Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Comodo\Comodo AntiVirus\OnAccess\inflist.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5BD67191.dll Infected: not-a-virus:AdWare.Win32.Softomate.r skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5CC81487.dll Infected: not-a-virus:AdWare.Win32.SurfSide.ap skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5EB55868.htm Infected: Trojan-Clicker.Win32.Small.jf skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6FBD4BAB.exe Infected: not-a-virus:AdWare.Win32.CommAd.a skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6FD04795.dll Infected: not-a-virus:AdWare.Win32.PurityScan.ak skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6FE76D7C.dll Infected: not-a-virus:AdWare.Win32.NewDotNet.i skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7015394A.exe Infected: not-a-virus:AdWare.Win32.Softomate.u skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\735261B9.dll Infected: not-a-virus:AdWare.Win32.CommAd.a skipped
C:\Documents and Settings\Jur\Application Data\Microsoft\Sjablonen\Normal.dot Object is locked skipped
C:\Documents and Settings\Jur\Bureaublad\Mr Jak step 3 Hi again.doc Object is locked skipped
C:\Documents and Settings\Jur\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Jur\Local Settings\Application Data\ApplicationHistory\cli.exe.c88dbd71.ini.inuse Object is locked skipped
C:\Documents and Settings\Jur\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Jur\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Jur\Local Settings\Geschiedenis\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Jur\Local Settings\Geschiedenis\History.IE5\MSHist012006110620061107\index.dat Object is locked skipped
C:\Documents and Settings\Jur\Local Settings\Temp\Perflib_Perfdata_5e8.dat Object is locked skipped
C:\Documents and Settings\Jur\Local Settings\Temp\Perflib_Perfdata_da0.dat Object is locked skipped
C:\Documents and Settings\Jur\Local Settings\Temp\Perflib_Perfdata_da8.dat Object is locked skipped
C:\Documents and Settings\Jur\Local Settings\Temp\~DF11F.tmp Object is locked skipped
C:\Documents and Settings\Jur\Local Settings\Temp\~DF5AB8.tmp Object is locked skipped
C:\Documents and Settings\Jur\Local Settings\Temp\~DFA6E9.tmp Object is locked skipped
C:\Documents and Settings\Jur\Local Settings\Temp\~DFA9F1.tmp Object is locked skipped
C:\Documents and Settings\Jur\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Jur\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Jur\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Geschiedenis\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Comodo\common\CAVASpy\cavasm.log Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{28D617AA-B4F3-4060-9BC2-85D787C0CC48}\RP4\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{48A106B9-D093-475F-B947-922C4538EACC}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{840FC880-5028-45BE-BD0D-AD0FFD77400E}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\ACEEvent.evt Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
Scan process completed.
Logfile of HijackThis v1.99.1
Scan saved at 12:30:40, on 6-11-2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\Program Files\Comodo\common\CAVASpy\cavasm.exe
C:\WINDOWS\system32\o2flash.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\Program Files\Comodo\Comodo AntiVirus\CMain.exe
C:\Program Files\Comodo\LaunchPad\CLPTray.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\DOCUME~1\Jur\LOCALS~1\Temp\Tijdelijke map 3 voor hijackthis_199.zip\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://login.live.com/login.srf?id=2&svc=mail&cbid=24325&msppjph=1&tw=0&fs=1&fsa=1&fsat=1296000&lc=1043&_lang=NL
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Comodo Firewall] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [cnfgCav] "C:\Program Files\Comodo\Comodo AntiVirus\CMain.exe" " /login"
O4 - HKLM\..\Run: [Comodo Launch Pad Tray] C:\Program Files\Comodo\LaunchPad\CLPTray.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\cavemlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\cavemlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\cavemlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\cavemlsp.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: Comodo Anti-Virus and Anti-Spyware Service - Comodo Inc. - C:\Program Files\Comodo\common\CAVASpy\cavasm.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: O2Micro Flash Memory (O2Flash) - Unknown owner - C:\WINDOWS\system32\o2flash.exe
Hi again, looks clean now :)
ATF Cleaner is good for housekeeping (it cleans the not required garbage)
AVG Anti Spyware is a good malware scanner.
SpywareBlaster is a good protector and it doesnt use memory.
You have two (2) antiviruses installed and running, AVG Antivirus and Comodo. Running more that one antivirus at the same time may cause all kinds of problems and is NOT recommended.
You should leave only one (1) antivirus running. You should uninstall/disable either AVG Antivirus or Comodo. When you have decided, you can uninstall your choice through Control Panel, Add/Remove Programs..
Please notice that your Comodo includes a firewall and if you decide to remove it, you must install a new firewall too. In that case these are good and free firewalls:Sunbelt-Kerio (http://www.sunbelt-software.com/Kerio.cfm), ZoneAlarm (http://www.zonelabs.com/), Sygate (http://http://www.majorgeeks.com/download.php?det=3356), Outpost (http://www.majorgeeks.com/download.php?det=1056)
You can remove ComboFix and the following quarantine folder, C:\QooBox
Kaspersky is an online scanner, it is not really installed to your computer.
If you have norton installed, you may want to remove it since you should only have 1 antivirus running at the same time. I can't see any components from Norton running in HijackThis log.
Now you can clean AVG's Quarantine:
Open AVG Anti-Spyware
Click Infections
Click Quarantine tab
Click Select all
Click Remove finally
Close the program
Now you can make your hidden files hidden again.
Go to My Computer
Select the Tools menu and click Folder Options
Click the View tab.
Checkmark the "Display the contents of system folders"
Under the Hidden files and folders select "Show hidden files and folders"
Check "Hide protected operating system files"
Click Apply and then the OK and close My Computer.
=============
Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:
Clear your system restore (http://www.microsoft.com/windowsxp/using/helpandsupport/learnmore/tips/mcgill1.mspx)
This will clear the system restore folders from possible malware that was left behind during the cleaning process.
Use ATF Cleaner (http://www.atribune.org/ccount/click.php?id=1)
Download and install ATF Cleaner. Clean your temporary files & folders with it regularly.
Use Ad-Aware (http://www.bleepingcomputer.com/forums/?showtutorial=48)
Download and install Ad-Aware. Update it and scan your computer regularly with it.
Use AVG Anti-Spyware (http://www.ewido.net/en/)
Update it and scan your computer regularly with it.
Use Spybot S&D (http://www.bleepingcomputer.com/forums/?showtutorial=43)
Download and install Spybot S&D. Update it and scan your computer regularly with it.
Install SpywareBlaster (http://www.javacoolsoftware.com/spywareblaster.html)
SpywareBlaster will prevent spyware from being installed.
Install MVPS Hosts file (http://mvps.org/winhelp2002/hosts.htm)
This prevents your computer from connecting to harmful sites.
Use Firefox browser (http://www.mozilla.org)
Firefox is faster, safer and better browser than Internet Explorer.
Keep your systen up-to-date (http://windowsupdate.microsoft.com)
Visit Windows Update regularly.
Keep your antivirus and firewall up-to-date
Scan your computer regularly with your antivirus.
Read this article by TonyKlein (http://castlecops.com/postlite7736-.html)
So how did I get infected in the first place?
Stand Up and Be Counted ! (http://www.malwarecomplaints.info/index.php)
The site offers people who have been (or are) victims of malware the opportunity to document their story and, in that way, launch a complaint against the malware and the makers of the malware.
Stay clean and be safe ;)
As the problem appears to be resolved this topic has been archived.
If you need it re-opened please send me or your helper a private message (pm) and provide a link to the thread; this applies only to the original topic starter.
Cheers