Results 1 to 7 of 7

Thread: Strange behavior

  1. #1
    Member
    Join Date
    Nov 2006
    Posts
    40

    Default Strange behavior

    Hello everyone,

    Last night my web browser was acting a bit strange. When I click on a link from a search engine it takes me to an entirely different website. After about three clicks on the link it finally goes to where I want. So far I have been lucky enough that it hasn't taken me to any dubious and distasteful websites. Would you be so kind as to look at these log files and give me some advice ?

    Active Panda Scan
    Incident Status
    Location


    Potentially unwanted tool:application/kill&clean Not disinfected HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\extensions\CmdMapping\{BF69DF00-2734-477F-8257-27CD04F88779}
    Potentially unwanted tool:Application/Processor Not disinfected C:\Battle of Britain II\Process.exe
    Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Paula Debling\Cookies\paula

    (I noticed that the Panda scan said it found a dialler but it dose not appear in the log file ?)

    Logfile of HijackThis v1.99.1
    Scan saved at 21:05:03, on 05/11/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\WINDOWS\System32\inetsrv\inetinfo.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\wdfmgr.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\alg.exe
    C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe
    C:\WINDOWS\system32\carpserv.exe
    C:\WINDOWS\system32\GSICON.EXE
    C:\WINDOWS\system32\dslagent.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\AceGain\LiveUpdate\LiveUpdate.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0F2.EXE
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
    C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\FinePixViewer\QuickDCF.exe
    C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
    C:\Program Files\AceGain\LiveUpdate\aceagent.exe
    C:\Documents and Settings\Dad\My Documents\Unzipped\hijackthis\HijackThis.exe

    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
    O4 - HKLM\..\Run: [PtiuPbmd] Rundll32.exe ptipbm.dll,SetWriteBack
    O4 - HKLM\..\Run: [VOBID] C:\Program Files\Pinnacle\InstantCDDVD\InstantDrive\InstantDrive.exe /remount
    O4 - HKLM\..\Run: [IW ControlCenter] C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe
    O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe
    O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
    O4 - HKLM\..\Run: [CARPService] carpserv.exe
    O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE
    O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
    O4 - HKLM\..\Run: [Ptipbmf] rundll32.exe ptipbmf.dll,SetWriteCacheMode
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [AceGain LiveUpdate] C:\Program Files\AceGain\LiveUpdate\LiveUpdate.exe
    O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
    O4 - HKLM\..\Run: [EPSON Stylus Photo R300 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0F2.EXE /P30 "EPSON Stylus Photo R300 Series" /O6 "USB001" /M "Stylus Photo R300"
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [tunebite.exe] C:\Program Files\tunebite\tunebite.exe -hidden
    O4 - Startup: Registration-INSDVD.lnk = C:\Program Files\Pinnacle\InstantCDDVD\SharedFiles\Pixie\RegTool.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Exif Launcher.lnk = C:\Program Files\FinePixViewer\QuickDCF.exe
    O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=http://www.meshcomputers.com
    O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/ca...C_1_0_0_44.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

    Thank you very much
    Last edited by tashi; 2006-11-05 at 23:40. Reason: Removed email address in Panda

  2. #2
    In Memoriam -Always in our heart pskelley's Avatar
    Join Date
    Oct 2005
    Location
    Clearwater, Florida
    Posts
    20,247

    Default

    Welcome to the forum, I do not see any malware in this log. I do however, see your Java program is out of date and that will get you infected.
    See this information: http://forums.spybot.info/showpost.p...80&postcount=2

    If you want to look, then do this:

    1) Run that Panda scan again, have it remove anything it locates, post the scan results so I can see them.

    2) Download and run AVG Anti-Spyware, make sure you follow the instructions in the turorial and delete or at least quarantine what it locates. I need to see the scan report.http://www.virusvault.co.uk/fusionbb...ic.php?tid/33/
    Thanks to John McKenna for the tutorial.

    3) Post the results of the two scans and a new HJT log.

    Thanks

  3. #3
    Member
    Join Date
    Nov 2006
    Posts
    40

    Default

    Thank for for your advice. Log files are as follows

    Panda

    Adware:adware/megatds Not disinfected Windows Registry
    Potentially unwanted tool:application/kill&clean Not disinfected HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\extensions\CmdMapping\{BF69DF00-2734-477F-8257-27CD04F88779}
    Potentially unwanted tool:Application/Processor Not disinfected C:\Battle of Britain II\Process.exe
    Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Paula Debling\Cookies\paula debling@advertising[2].txt
    Spyware:Cookie/Adviva Not disinfected C:\Documents and Settings\Paula Debling\Cookies\paula debling@adviva[1].txt
    Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Paula Debling\Cookies\paula debling@atdmt[2].txt
    Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\Paula Debling\Cookies\paula debling@bluestreak[2].txt
    Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Paula Debling\Cookies\paula debling@bs.serving-sys[2].txt
    Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Paula Debling\Cookies\paula debling@doubleclick[1].txt
    Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Paula Debling\Cookies\paula debling@mediaplex[1].txt
    Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Paula Debling\Cookies\paula debling@overture[2].txt
    Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Paula Debling\Cookies\paula debling@questionmarket[1].txt
    Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Paula Debling\Cookies\paula debling@serving-sys[1].txt
    Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Sean Debling\Cookies\sean debling@247realmedia[1].txt
    Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Sean Debling\Cookies\sean debling@2o7[1].txt
    Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Sean Debling\Cookies\sean debling@ad.yieldmanager[2].txt
    Spyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\Sean Debling\Cookies\sean debling@adopt.hbmediapro[2].txt
    Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Sean Debling\Cookies\sean debling@ads.pointroll[1].txt
    Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\Sean Debling\Cookies\sean debling@adtech[2].txt
    Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Sean Debling\Cookies\sean debling@as-us.falkag[1].txt
    Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Sean Debling\Cookies\sean debling@atdmt[1].txt
    Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Sean Debling\Cookies\sean debling@bs.serving-sys[2].txt
    Spyware:Cookie/Enhance Not disinfected C:\Documents and Settings\Sean Debling\Cookies\sean debling@c.enhance[1].txt
    Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Sean Debling\Cookies\sean debling@casalemedia[2].txt
    Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Sean Debling\Cookies\sean debling@com[1].txt
    Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Sean Debling\Cookies\sean debling@doubleclick[1].txt
    Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Sean Debling\Cookies\sean debling@fastclick[1].txt
    Spyware:Cookie/Findwhat Not disinfected C:\Documents and Settings\Sean Debling\Cookies\sean debling@findwhat[1].txt
    Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Sean Debling\Cookies\sean debling@mediaplex[1].txt
    Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Sean Debling\Cookies\sean debling@overture[1].txt
    Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Sean Debling\Cookies\sean debling@perf.overture[1].txt
    Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Sean Debling\Cookies\sean debling@questionmarket[2].txt
    Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Sean Debling\Cookies\sean debling@serving-sys[2].txt
    Potentially unwanted tool:Application/PRScheduler Not disinfected C:\Documents and Settings\Sean Debling\My Documents\Unzipped\hijackthis\backups\backup-20060615-122223-938-PowerReg Scheduler.exe
    Dialer:Dialer.NQ Not disinfected C:\winhelp.chm[/d_tony1.exe]

    ---------------------------------------------------------
    AVG Anti-Spyware - Scan Report
    ---------------------------------------------------------

    + Created at: 01:21:40 12/11/2006

    + Scan result:

    [216] VM_00D60000 -> Downloader.Agent.uj : Cleaned with backup (quarantined).
    [240] VM_00D00000 -> Downloader.Agent.uj : Cleaned with backup (quarantined).
    [744] VM_009C0000 -> Downloader.Agent.uj : Cleaned with backup (quarantined).
    [840] VM_00BF0000 -> Downloader.Agent.uj : Cleaned with backup (quarantined).
    C:\Documents and Settings\Sean Debling\Cookies\sean debling@247realmedia[1].txt -> TrackingCookie.247realmedia : Cleaned.
    C:\Documents and Settings\Sean Debling\Cookies\sean debling@2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
    C:\Documents and Settings\Sean Debling\Cookies\sean debling@metacafe.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
    C:\Documents and Settings\Sean Debling\Cookies\sean debling@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
    C:\Documents and Settings\Sean Debling\Cookies\sean debling@adtech[2].txt -> TrackingCookie.Adtech : Cleaned.
    C:\Documents and Settings\Paula Debling\Cookies\paula debling@advertising[2].txt -> TrackingCookie.Advertising : Cleaned.
    C:\Documents and Settings\Paula Debling\Cookies\paula debling@adviva[1].txt -> TrackingCookie.Adviva : Cleaned.
    C:\Documents and Settings\Paula Debling\Cookies\paula debling@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
    C:\Documents and Settings\Sean Debling\Cookies\sean debling@atdmt[1].txt -> TrackingCookie.Atdmt : Cleaned.
    C:\Documents and Settings\Paula Debling\Cookies\paula debling@bluestreak[2].txt -> TrackingCookie.Bluestreak : Cleaned.
    C:\Documents and Settings\Sean Debling\Cookies\sean debling@casalemedia[2].txt -> TrackingCookie.Casalemedia : Cleaned.
    C:\Documents and Settings\Sean Debling\Cookies\sean debling@com[1].txt -> TrackingCookie.Com : Cleaned.
    C:\Documents and Settings\Paula Debling\Cookies\paula debling@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
    C:\Documents and Settings\Sean Debling\Cookies\sean debling@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
    C:\Documents and Settings\Sean Debling\Cookies\sean debling@adservices6.enhance[1].txt -> TrackingCookie.Enhance : Cleaned.
    C:\Documents and Settings\Sean Debling\Cookies\sean debling@c.enhance[1].txt -> TrackingCookie.Enhance : Cleaned.
    C:\Documents and Settings\Sean Debling\Cookies\sean debling@enhance[2].txt -> TrackingCookie.Enhance : Cleaned.
    C:\Documents and Settings\Paula Debling\Cookies\paula debling@e-2dj6wfk4wpczaao.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\Sean Debling\Cookies\sean debling@adopt.euroclick[2].txt -> TrackingCookie.Euroclick : Cleaned.
    C:\Documents and Settings\Sean Debling\Cookies\sean debling@as-us.falkag[1].txt -> TrackingCookie.Falkag : Cleaned.
    C:\Documents and Settings\Sean Debling\Cookies\sean debling@fastclick[1].txt -> TrackingCookie.Fastclick : Cleaned.
    C:\Documents and Settings\Sean Debling\Cookies\sean debling@findwhat[1].txt -> TrackingCookie.Findwhat : Cleaned.
    C:\Documents and Settings\Paula Debling\Cookies\paula debling@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned.
    C:\Documents and Settings\Sean Debling\Cookies\sean debling@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned.
    C:\Documents and Settings\Paula Debling\Cookies\paula debling@overture[2].txt -> TrackingCookie.Overture : Cleaned.
    C:\Documents and Settings\Sean Debling\Cookies\sean debling@overture[1].txt -> TrackingCookie.Overture : Cleaned.
    C:\Documents and Settings\Sean Debling\Cookies\sean debling@perf.overture[1].txt -> TrackingCookie.Overture : Cleaned.
    C:\Documents and Settings\Sean Debling\Cookies\sean debling@ads.pointroll[1].txt -> TrackingCookie.Pointroll : Cleaned.
    C:\Documents and Settings\Paula Debling\Cookies\paula debling@questionmarket[1].txt -> TrackingCookie.Questionmarket : Cleaned.
    C:\Documents and Settings\Sean Debling\Cookies\sean debling@questionmarket[2].txt -> TrackingCookie.Questionmarket : Cleaned.
    C:\Documents and Settings\Paula Debling\Cookies\paula debling@bs.serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned.
    C:\Documents and Settings\Paula Debling\Cookies\paula debling@serving-sys[1].txt -> TrackingCookie.Serving-sys : Cleaned.
    C:\Documents and Settings\Sean Debling\Cookies\sean debling@bs.serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned.
    C:\Documents and Settings\Sean Debling\Cookies\sean debling@serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned.
    C:\Documents and Settings\Sean Debling\Cookies\sean debling@try.starware[1].txt -> TrackingCookie.Starware : Cleaned.
    C:\Documents and Settings\Sean Debling\Cookies\sean debling@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned.

    ::Report end

  4. #4
    Member
    Join Date
    Nov 2006
    Posts
    40

    Default Log file pII

    Logfile of HijackThis v1.99.1
    Scan saved at 01:33:09, on 12/11/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\WINDOWS\System32\inetsrv\inetinfo.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\wdfmgr.exe
    C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe
    C:\WINDOWS\system32\carpserv.exe
    C:\WINDOWS\system32\GSICON.EXE
    C:\WINDOWS\system32\dslagent.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\AceGain\LiveUpdate\LiveUpdate.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0F2.EXE
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\CursorXP\CursorXP.exe
    C:\Program Files\AceGain\LiveUpdate\aceagent.exe
    C:\PROGRA~1\Stardock\OBJECT~1\DesktopX\DesktopX.exe
    C:\WINDOWS\System32\alg.exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    C:\Program Files\FinePixViewer\QuickDCF.exe
    C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
    C:\PROGRA~1\Stardock\OBJECT~1\DesktopX\dxwidget.exe
    C:\PROGRA~1\Stardock\OBJECT~1\DesktopX\dxwidget.exe
    C:\PROGRA~1\Stardock\OBJECT~1\DesktopX\dxwidget.exe
    C:\PROGRA~1\Stardock\OBJECT~1\DesktopX\dxwidget.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Documents and Settings\Sean Debling\My Documents\Unzipped\hijackthis\HijackThis.exe

    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O4 - HKLM\..\Run: [PtiuPbmd] Rundll32.exe ptipbm.dll,SetWriteBack
    O4 - HKLM\..\Run: [VOBID] C:\Program Files\Pinnacle\InstantCDDVD\InstantDrive\InstantDrive.exe /remount
    O4 - HKLM\..\Run: [IW ControlCenter] C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe
    O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe
    O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
    O4 - HKLM\..\Run: [CARPService] carpserv.exe
    O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE
    O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
    O4 - HKLM\..\Run: [Ptipbmf] rundll32.exe ptipbmf.dll,SetWriteCacheMode
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [AceGain LiveUpdate] C:\Program Files\AceGain\LiveUpdate\LiveUpdate.exe
    O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
    O4 - HKLM\..\Run: [EPSON Stylus Photo R300 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0F2.EXE /P30 "EPSON Stylus Photo R300 Series" /O6 "USB001" /M "Stylus Photo R300"
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [LogonStudio] "C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [tunebite.exe] C:\Program Files\tunebite\tunebite.exe -hidden
    O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe
    O4 - Startup: GT3 Calendar.lnk = C:\Program Files\Stardock\Object Desktop\DesktopX\Widgets\GT3calendar.exe
    O4 - Startup: GT3 cpu monitor.lnk = C:\Program Files\Stardock\Object Desktop\DesktopX\Widgets\GT3 cpu monitor.exe
    O4 - Startup: GT3 digital clock.lnk = C:\Program Files\Stardock\Object Desktop\DesktopX\Widgets\GT3 digital clock.exe
    O4 - Startup: GT3 recycle bin.lnk = C:\Program Files\Stardock\Object Desktop\DesktopX\Widgets\GT3 recycle bin.exe
    O4 - Startup: Registration-INSDVD.lnk = C:\Program Files\Pinnacle\InstantCDDVD\SharedFiles\Pixie\RegTool.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Exif Launcher.lnk = C:\Program Files\FinePixViewer\QuickDCF.exe
    O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=http://www.meshcomputers.com
    O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/ca...C_1_0_0_44.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O20 - Winlogon Notify: MCPClient - C:\PROGRA~1\COMMON~1\Stardock\mcpstub.dll
    O20 - Winlogon Notify: WBSrv - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll
    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

  5. #5
    In Memoriam -Always in our heart pskelley's Avatar
    Join Date
    Oct 2005
    Location
    Clearwater, Florida
    Posts
    20,247

    Default

    Thanks for returning the information. This is what I see in the first log:
    Panda
    kill&clean Not disinfected <<< results of using a rouge spyware program, see this:
    http://www.castlecops.com/o9list-174.html

    Potentially unwanted tool:Application/Processor Not disinfected C:\Battle of Britain II\Process.exe
    pup that appears to be part of a game, you can check here to make sure it is not infected: http://virusscan.jotti.org/

    Bunch of cookies, they can be controlled, if you need information showing you how to do that let me know.

    C:\Documents and Settings\Sean Debling\My Documents\Unzipped\hijackthis\backups\backup-20060615-122223-938
    HJT backups, you can remove that.

    Dialer:Dialer.NQ Not disinfected C:\winhelp.chm[/d_tony1.exe]
    check the file and delete it manually if it scans bad.

    AVG Anti-Spyware
    Downloader.Agent.uj << this is Wareout, we probably want to run the tool though nothing shows in the HJT log.

    Looks like the program cleaned the cookies for you.

    I see no malware problems in the HJT log, let's run the fix for Wareout to make sure nothing is hiding from us.

    Download FixWareout from one of these sites:

    http://downloads.subratam.org/Fixwareout.exe
    http://swandog46.geekstogo.com/Fixwareout.exe

    Save it to your Desktop and run it. Click Next, then Install, then make sure "Run fixit" is checked and click Finish. The fix will begin; follow the prompts. You will be asked to reboot your computer; please do so. Your system may take longer than usual to load; this is normal.

    When your system reboots, follow the prompts.

    Post the results of that scan and let me know of any issues.

    Thanks

  6. #6
    Member
    Join Date
    Nov 2006
    Posts
    40

    Default

    Results of the scans are as follows...


    Fixwareout ver 1.003
    Last edited 8/11/2006
    Post this report in the forums please

    Reg Entries that were deleted
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}0301827B87C8-2B0A-EDD4-1DF6-26C85901{
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\pfimd
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\0mdm
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\1mdm
    ...

    Microsoft (R) Windows Script Host Version 5.6
    Random Runs removed from HKLM
    "dmifp.exe"=-
    ...

    PLEASE NOTE, There WILL be LEGITIMATE FILES LISTED. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE.

    »»»»» Searching by size/names...

    »»»»»
    Search five digit cs, dm and jb files.
    This WILL/CAN also list Legit Files, Submit them at Virustotal
    C:\WINDOWS\SYSTEM32\CSKVK.EXE 51,803 2006-11-05
    C:\WINDOWS\SYSTEM32\DMIFP.EXE 60,948 2004-08-04

    Other suspects.
    Directory of C:\WINDOWS\system32

    »»»»» Misc files.

    »»»»» Checking for older varients covered by the Rem3 tool.

    Logfile of HijackThis v1.99.1
    Scan saved at 16:35:22, on 12/11/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\WINDOWS\System32\inetsrv\inetinfo.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe
    C:\WINDOWS\system32\carpserv.exe
    C:\WINDOWS\system32\GSICON.EXE
    C:\WINDOWS\system32\dslagent.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\AceGain\LiveUpdate\LiveUpdate.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0F2.EXE
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\AceGain\LiveUpdate\aceagent.exe
    C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\CursorXP\CursorXP.exe
    C:\PROGRA~1\Stardock\OBJECT~1\DesktopX\DesktopX.exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    C:\Program Files\FinePixViewer\QuickDCF.exe
    C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
    C:\PROGRA~1\Stardock\OBJECT~1\DesktopX\dxwidget.exe
    C:\PROGRA~1\Stardock\OBJECT~1\DesktopX\dxwidget.exe
    C:\PROGRA~1\Stardock\OBJECT~1\DesktopX\dxwidget.exe
    C:\PROGRA~1\Stardock\OBJECT~1\DesktopX\dxwidget.exe
    C:\Documents and Settings\Sean Debling\My Documents\Unzipped\hijackthis\HijackThis.exe

    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O4 - HKLM\..\Run: [PtiuPbmd] Rundll32.exe ptipbm.dll,SetWriteBack
    O4 - HKLM\..\Run: [VOBID] C:\Program Files\Pinnacle\InstantCDDVD\InstantDrive\InstantDrive.exe /remount
    O4 - HKLM\..\Run: [IW ControlCenter] C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe
    O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe
    O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
    O4 - HKLM\..\Run: [CARPService] carpserv.exe
    O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE
    O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
    O4 - HKLM\..\Run: [Ptipbmf] rundll32.exe ptipbmf.dll,SetWriteCacheMode
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [AceGain LiveUpdate] C:\Program Files\AceGain\LiveUpdate\LiveUpdate.exe
    O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
    O4 - HKLM\..\Run: [EPSON Stylus Photo R300 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0F2.EXE /P30 "EPSON Stylus Photo R300 Series" /O6 "USB001" /M "Stylus Photo R300"
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [LogonStudio] "C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [tunebite.exe] C:\Program Files\tunebite\tunebite.exe -hidden
    O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe
    O4 - Startup: GT3 Calendar.lnk = C:\Program Files\Stardock\Object Desktop\DesktopX\Widgets\GT3calendar.exe
    O4 - Startup: GT3 cpu monitor.lnk = C:\Program Files\Stardock\Object Desktop\DesktopX\Widgets\GT3 cpu monitor.exe
    O4 - Startup: GT3 digital clock.lnk = C:\Program Files\Stardock\Object Desktop\DesktopX\Widgets\GT3 digital clock.exe
    O4 - Startup: GT3 recycle bin.lnk = C:\Program Files\Stardock\Object Desktop\DesktopX\Widgets\GT3 recycle bin.exe
    O4 - Startup: Registration-INSDVD.lnk = C:\Program Files\Pinnacle\InstantCDDVD\SharedFiles\Pixie\RegTool.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Exif Launcher.lnk = C:\Program Files\FinePixViewer\QuickDCF.exe
    O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=http://www.meshcomputers.com
    O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/ca...C_1_0_0_44.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O20 - Winlogon Notify: MCPClient - C:\PROGRA~1\COMMON~1\Stardock\mcpstub.dll
    O20 - Winlogon Notify: WBSrv - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll
    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

    Tried the google links last night and they appear to be working just fine. Thanks ever so much for taking time out in your busy schedule to fix my little problemm

  7. #7
    In Memoriam -Always in our heart pskelley's Avatar
    Join Date
    Oct 2005
    Location
    Clearwater, Florida
    Posts
    20,247

    Default

    Thanks for returning your information and the feedback. I was wondering if you had tried to remove this infection (Wareout) by another means? It is a bit unusual to see no signs in the HJT log, and only the marker in the AVG A/S let me know it was there. If that takes care of your problem, the HJT log looks clean so I would say you are good to go.

    System Restore does not know the good files from the bad. In case bad stuff has gotten into your System Restore files, follow the instructions in this link to get clean System Restore files. Turn it off, reboot then turn it back on:
    http://service1.symantec.com/SUPPORT...rc=sec_doc_nam

    AVG Anti-Spyware is a good program but it does use some resources. Once the trial is over you can update and use the scanner for as long as you wish, but unless you purchase it you should turn it off completely so it does not run unless you start it manually.

    Here is some great information from Tony Klein, Texruss, ChrisRLG and Grinler to help you stay clean and safe online:
    http://forums.spybot.info/showthread.php?t=279
    http://russelltexas.com/malware/allclear.htm
    http://forum.malwareremoval.com/viewtopic.php?t=14
    http://www.bleepingcomputer.com/forums/topict2520.html
    http://cybercoyote.org/security/not-admin.shtml

    Safe surfing...tashi will close your topic in a few days.

    Thanks...pskelley
    Safer Networking Forums
    http://www.spybot.info/en/donate/index.html
    If you are reading this information...thank a teacher,
    If you are reading it in English...thank a soldier.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •