New computer running suspiciously slow. (Log inside)

Unknown
edited January 2006 in Spyware & Virus Removal
Hello, hopefully you guys will be able to help me sort this computer out.

Details posted below, ignore to go right to the Hijackthis log.



Tis a new (about 3 month old) Dell (we needed a good enough desktop quickly - that's my excuse) 3100.

Recently (last week or so) it's been running rather slow. And the booting up is also taking quite a while.

I've ran Adaware, which returns nothing major.
I've ran AVG, which has nothing.
Microsoft Spyware thing, which returns nothing.
Trend Micro spyware thing, which returns nothing major.

I ran CWShredder, which returned a variant, CW.Msconfig (or something like that, it was definetly Msconfig). So I got rid of that (with CWShredder).

Every now and then, I get an Internet Explorer window pop up with an advertisement offering some sort of computer scan for spyware. I can't remember the link/name, but I'll update the post when I see it again!

I was editing something in my registry, and noticed this strange entry named "MyWaySA" with a subfolder named "SearchAssistantDE". My google searches brought me here. So here I am. Posted below is a recently Hijackthis scan log. I basically want to know if I have anything to worry about..


C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
C:\Program Files\Winamp\Winamp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\ABC\ABC.exe
C:\Program Files\Trend Micro\Tmas\tmas.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Alex Frew\Desktop\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.co.uk/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.co.uk/myway
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://www-config.strath.ac.uk/proxy.config
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: ATLDistrib Object - {2353FCBC-012D-487B-8BF3-865C0929FBEB} - C:\WINDOWS\system32\gebyw.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [MBMon] Rundll32 CTMBHA.DLL,MBMon
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Trend Micro Anti-Spyware.lnk = C:\Program Files\Trend Micro\Tmas\Tmas.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://creative.com/su/ocx/15015/CTSUEng.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1132591506578
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://creative.com/su/ocx/15016/CTPID.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{59819F07-76FB-4E65-B233-6C693586BDAE}: NameServer = 212.74.112.66,212.74.112.67
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: gebyw - C:\WINDOWS\system32\gebyw.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll

EDIT - (That was my full hijackthis log?)

Comments

  • CrunchieCrunchie Mandurah. Western Australia. Member
    edited January 2006
    You need to post the entire log in your next reply.

    Please print these instructions out for use in Safe Mode.

    Please download VundoFix.exe to your desktop.
    • Double-click VundoFix.exe to extract the files
    • This will create a VundoFix folder on your desktop.
    • After the files are extracted, please reboot your computer into Safe Mode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight Safe Mode then hit enter.
    • Once in safe mode open the VundoFix folder and doubleclick on KillVundo.bat
    • You will first be presented with a warning.
      It should look like this
      VundoFix V2.1 by Atri
      By pressing enter you agree that you are using this at your own risk.
    • At this point press enter one time.
    • Next you will see:
      Type in the filepath as instructed by the forum staff
      Then Press Enter, Then F6, Then Enter Again to continue with the fix.
    • At this point please type the following file path (make sure to enter it exactly as below!):

        C:\WINDOWS\system32\gebyw.dll

      [*]Press Enter, then press the F6 key, then press Enter one more time to continue with the fix.
      [*] Next you will see:
      Please type in the second filepath as instructed by the forum staff
      Then Press Enter, Then F6, Then Enter Again to continue with the fix.
      [*]At this point please type the following file path (make sure to enter it exactly as below!):

        C:\WINDOWS\system32\wybeg.*



        [*]Press Enter, then press the F6 key, then press Enter one more time to continue with the fix.

        [*]The fix will run then HijackThis will open.
        [*]In HijackThis, please place a check next to the following items and click FIX CHECKED:

          R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.co.uk/myway
          R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.co.uk/myway

          O2 - BHO: ATLDistrib Object - {2353FCBC-012D-487B-8BF3-865C0929FBEB} - C:\WINDOWS\system32\gebyw.dll

          O20 - Winlogon Notify: gebyw - C:\WINDOWS\system32\gebyw.dll



          [*]After you have fixed these items, close Hijackthis and Press any key to Force a reboot of your computer.
          [*]Pressing any key will cause a "Blue Screen of Death" this is normal, do not worry!
          [*]Once your machine reboots please continue with the instructions below.


          Then, please run this online virus scan: ActiveScan

          Copy the results of the ActiveScan and paste them here along with a new HijackThis log and the vundofix.txt file from the vundofix folder into this topic.
        • [A13X]
          edited January 2006
          Well, I managed to type in the two file paths. Then when I pressed enter the utility told me this :

          "Killing Processes.

          File not found - C:\WINDOWS\system32\gebyw.dll
          Attempting to Delete C:\WINDOWS\system32\gebyw.dll

          File not found - C:\WINDOWS\system32\wybeg.*
          Attempting to delete infected ini's and bak's
          Fixing Registry

          Opening Hijack This
          If Hijack This does not open automatically,
          please locate and open it manually"

          Then a window opens with hijackthis.exe in the top blue bar and the box says :
          "Windows cannot find 'hijackthis.exe'. Make sure you typed the name correctly, and then try again. To search for a file, click the Start button, and then click Search."

          However, computer locks up after this - Only lets me see the dos screen. I have to do a hardreboot.
        • [A13X]
          edited January 2006
          I then just rebooted, and went straight into Hijackthis and checked all the things you said, now I'm running the Panda activescan.

          A bit worrying, did this 3 days ago and got nothing and I'm on 48 Spyware and 1 hacking tool at the moment.. Guess I could drop a bowl of water on the computer and send it back to Dell..
        • [A13X]
          edited January 2006
          Hijackthis log

          Logfile of HijackThis v1.99.1
          Scan saved at 03:23:07, on 09/01/2006
          Platform: Windows XP SP2 (WinNT 5.01.2600)
          MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

          Running processes:
          C:\WINDOWS\System32\smss.exe
          C:\WINDOWS\system32\winlogon.exe
          C:\WINDOWS\system32\services.exe
          C:\WINDOWS\system32\lsass.exe
          C:\WINDOWS\system32\svchost.exe
          C:\WINDOWS\System32\svchost.exe
          C:\WINDOWS\system32\spoolsv.exe
          C:\WINDOWS\Explorer.EXE
          C:\WINDOWS\eHome\ehRecvr.exe
          C:\WINDOWS\eHome\ehSched.exe
          C:\WINDOWS\system32\svchost.exe
          C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
          C:\WINDOWS\system32\Rundll32.exe
          C:\WINDOWS\system32\dla\tfswctrl.exe
          C:\WINDOWS\system32\hkcmd.exe
          C:\WINDOWS\system32\igfxpers.exe
          C:\Program Files\Dell Support\DSAgnt.exe
          C:\Program Files\MSN Messenger\MsnMsgr.Exe
          C:\WINDOWS\system32\devldr32.exe
          C:\DOCUME~1\ALEXFR~1\LOCALS~1\Temp\clclean.0001
          C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
          C:\WINDOWS\system32\dllhost.exe
          C:\Program Files\Mozilla Thunderbird\thunderbird.exe
          C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
          C:\Program Files\Internet Explorer\IEXPLORE.EXE
          C:\Documents and Settings\Alex Frew\Desktop\hijackthis\HijackThis.exe

          R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://www-config.strath.ac.uk/proxy.config
          O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
          O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
          O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
          O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
          O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
          O4 - HKLM\..\Run: [MBMon] Rundll32 CTMBHA.DLL,MBMon
          O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
          O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
          O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
          O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe
          O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
          O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
          O4 - Global Startup: Trend Micro Anti-Spyware.lnk = C:\Program Files\Trend Micro\Tmas\Tmas.exe
          O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
          O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
          O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
          O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
          O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
          O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
          O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://creative.com/su/ocx/15015/CTSUEng.cab
          O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
          O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1132591506578
          O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
          O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
          O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://creative.com/su/ocx/15016/CTPID.cab
          O17 - HKLM\System\CCS\Services\Tcpip\..\{59819F07-76FB-4E65-B233-6C693586BDAE}: NameServer = 212.74.112.66,212.74.112.67
          O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
          O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
          O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe



          Vundofix.txt file


          killvundo.bat
          process.exe
          ReadMe.txt
          vundo.reg
          vundofix.txt

          Filepaths entered

          The filepath entered was C:\WINDOWS\system32\gebyw.dll

          The second filepath entered was C:\WINDOWS\system32\wybeg.*

          Log from Process


          Killing PID 592 'smss.exe'

          Killing PID 1632 'explorer.exe'
          Killing PID 1632 'explorer.exe'

          Killing PID 1972 'rundll32.exe'

          Killing PID 668 'winlogon.exe'

          C:\WINDOWS\system32\gebyw.dll Deleted sucessfully.
          C:\WINDOWS\system32\wybeg.* Deleted sucessfully.

          Fixing Registry


          Panda Log


          Incident Status Location

          Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Alex Frew\Cookies\alex [email]frew@atdmt[1].txt[/email]
          Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Alex Frew\Application Data\Mozilla\Firefox\Profiles\hqjwsk7w.default\cookies.txt[.tribalfusion.com/]
          Spyware:Cookie/Barelylegal Not disinfected C:\Documents and Settings\Alex Frew\Application Data\Mozilla\Firefox\Profiles\hqjwsk7w.default\cookies.txt[c.fsx.com/]
          Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\Alex Frew\Application Data\Mozilla\Firefox\Profiles\hqjwsk7w.default\cookies.txt[.adultfriendfinder.com/]
          Spyware:Cookie/Sextracker Not disinfected C:\Documents and Settings\Alex Frew\Application Data\Mozilla\Firefox\Profiles\hqjwsk7w.default\cookies.txt[.sextracker.com/]
          Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\Alex Frew\Application Data\Mozilla\Firefox\Profiles\hqjwsk7w.default\cookies.txt[.toplist.cz/]
          Spyware:Cookie/Sextracker Not disinfected C:\Documents and Settings\Alex Frew\Application Data\Mozilla\Firefox\Profiles\hqjwsk7w.default\cookies.txt[counter6.sextracker.com/]
          Spyware:Cookie/cs.sexcounter Not disinfected C:\Documents and Settings\Alex Frew\Application Data\Mozilla\Firefox\Profiles\hqjwsk7w.default\cookies.txt[.cs.sexcounter.com/]
          Spyware:Cookie/SexList Not disinfected C:\Documents and Settings\Alex Frew\Application Data\Mozilla\Firefox\Profiles\hqjwsk7w.default\cookies.txt[.sexlist.com/]
          Spyware:Cookie/Sextracker Not disinfected C:\Documents and Settings\Alex Frew\Application Data\Mozilla\Firefox\Profiles\hqjwsk7w.default\cookies.txt[counter15.sextracker.com/]
          Spyware:Cookie/2o7.net Not disinfected C:\Documents and Settings\Alex Frew\Application Data\Mozilla\Firefox\Profiles\hqjwsk7w.default\cookies.txt[.2o7.net/]
          Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Alex Frew\Application Data\Mozilla\Firefox\Profiles\hqjwsk7w.default\cookies.txt[.doubleclick.net/]
          Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Alex Frew\Application Data\Mozilla\Firefox\Profiles\hqjwsk7w.default\cookies.txt[.apmebf.com/]
          Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Alex Frew\Application Data\Mozilla\Firefox\Profiles\hqjwsk7w.default\cookies.txt[.mediaplex.com/]
          Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Alex Frew\Application Data\Mozilla\Firefox\Profiles\hqjwsk7w.default\cookies.txt[.hitbox.com/]
          Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Alex Frew\Application Data\Mozilla\Firefox\Profiles\hqjwsk7w.default\cookies.txt[.ehg-micron.hitbox.com/]
          Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Alex Frew\Application Data\Mozilla\Firefox\Profiles\hqjwsk7w.default\cookies.txt[.atdmt.com/]
          Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Alex Frew\Application Data\Mozilla\Firefox\Profiles\hqjwsk7w.default\cookies.txt[.as-us.falkag.net/]
          Spyware:Cookie/Linksynergy Not disinfected C:\Documents and Settings\Alex Frew\Application Data\Mozilla\Firefox\Profiles\hqjwsk7w.default\cookies.txt[.linksynergy.com/]
          Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Alex Frew\Application Data\Mozilla\Firefox\Profiles\hqjwsk7w.default\cookies.txt[ad.yieldmanager.com/]
          Spyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\Alex Frew\Application Data\Mozilla\Firefox\Profiles\hqjwsk7w.default\cookies.txt[.adopt.hbmediapro.com/]
          Spyware:Cookie/Xmts Not disinfected C:\Documents and Settings\Alex Frew\Application Data\Mozilla\Firefox\Profiles\hqjwsk7w.default\cookies.txt[.xmts.net/]
          Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Alex Frew\Application Data\Mozilla\Firefox\Profiles\hqjwsk7w.default\cookies.txt[.realmedia.com/]
          Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Alex Frew\Application Data\Mozilla\Firefox\Profiles\hqjwsk7w.default\cookies.txt[.statcounter.com/]
          Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Alex Frew\Application Data\Mozilla\Firefox\Profiles\hqjwsk7w.default\cookies.txt[.burstnet.com/]
          Spyware:Cookie/Yadro Not disinfected C:\Documents and Settings\Alex Frew\Application Data\Mozilla\Firefox\Profiles\hqjwsk7w.default\cookies.txt[.yadro.ru/]
          Spyware:Cookie/SpyLog Not disinfected C:\Documents and Settings\Alex Frew\Application Data\Mozilla\Firefox\Profiles\hqjwsk7w.default\cookies.txt[.spylog.com/]
          Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Alex Frew\Application Data\Mozilla\Firefox\Profiles\hqjwsk7w.default\cookies.txt[.com.com/]
          Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Alex Frew\Application Data\Mozilla\Firefox\Profiles\hqjwsk7w.default\cookies.txt[.advertising.com/]
          Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Alex Frew\Application Data\Mozilla\Firefox\Profiles\hqjwsk7w.default\cookies.txt[.casalemedia.com/]
          Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Alex Frew\Application Data\Mozilla\Firefox\Profiles\hqjwsk7w.default\cookies.txt[.fastclick.net/]
          Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Alex Frew\Application Data\Mozilla\Firefox\Profiles\hqjwsk7w.default\cookies.txt[.questionmarket.com/]
          Spyware:Cookie/SexList Not disinfected C:\Documents and Settings\Alex Frew\Application Data\Mozilla\Firefox\Profiles\hqjwsk7w.default\cookies.txt[.sexlist.com/]
          Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\Alex Frew\Application Data\Mozilla\Firefox\Profiles\hqjwsk7w.default\cookies.txt[.adultfriendfinder.com/]
          Spyware:Cookie/Valueclick Not disinfected C:\Documents and Settings\Alex Frew\Application Data\Mozilla\Firefox\Profiles\hqjwsk7w.default\cookies.txt[.valueclick.com/]
          Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Alex Frew\Application Data\Mozilla\Firefox\Profiles\hqjwsk7w.default\cookies.txt[.zedo.com/]
          Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and Settings\Alex Frew\Application Data\Mozilla\Firefox\Profiles\hqjwsk7w.default\cookies.txt[.tradedoubler.com/]
          Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Alex Frew\Application Data\Mozilla\Firefox\Profiles\hqjwsk7w.default\cookies.txt[.xiti.com/]
          Spyware:Cookie/Adviva Not disinfected C:\Documents and Settings\Alex Frew\Application Data\Mozilla\Firefox\Profiles\hqjwsk7w.default\cookies.txt[.adviva.net/]
          Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\Alex Frew\Application Data\Mozilla\Firefox\Profiles\hqjwsk7w.default\cookies.txt[.adtech.de/]
          Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\Alex Frew\Application Data\Mozilla\Firefox\Profiles\hqjwsk7w.default\cookies.txt[.bluestreak.com/]
          Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Alex Frew\Application Data\Mozilla\Firefox\Profiles\hqjwsk7w.default\cookies.txt[statse.webtrendslive.com/]
          Spyware:Cookie/WebPower Not disinfected C:\Documents and Settings\Alex Frew\Application Data\Mozilla\Firefox\Profiles\hqjwsk7w.default\cookies.txt[.webpower.com/]
          Spyware:Cookie/24/7 Realmedia Not disinfected C:\Documents and Settings\Alex Frew\Application Data\Mozilla\Firefox\Profiles\hqjwsk7w.default\cookies.txt[.247realmedia.com/]
          Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\Alex Frew\Application Data\Mozilla\Firefox\Profiles\hqjwsk7w.default\cookies.txt[.maxserving.com/]
          Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Alex Frew\Application Data\Mozilla\Firefox\Profiles\hqjwsk7w.default\cookies.txt[]
          Adware:Adware/IST.ISTBar Not disinfected C:\Documents and Settings\Alex Frew\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\javainstaller.jar-2cb7cc7b-37297d1f.zip[InstallerApplet.class]
          Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Alex Frew\Cookies\alex [email]frew@atdmt[1].txt[/email]
          Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Alex Frew\Desktop\VundoFix\VundoFix\process.exe
        • [A13X]
          edited January 2006
          Oh, and both that hijackthis log and my original one were both the full ones. I don't know what you mean when you said "You need to post the entire log in your next reply."... *looks blank*
        • CrunchieCrunchie Mandurah. Western Australia. Member
          edited January 2006
          [A13X] wrote:
          Oh, and both that hijackthis log and my original one were both the full ones. I don't know what you mean when you said "You need to post the entire log in your next reply."... *looks blank*
          Take a look at the difference. No header in the first one and a lot of the running processes were missing, as well as the 023 entry :D.

          Please download the trial version of Ewido anti-malware here:
          http://www.ewido.net/en/download/
          Install it, and update the definitions to the newest files. Do NOT run a scan yet.
          Next, please reboot your computer in Safe Mode by doing the following:
          1) Restart your computer
          2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
          3) Instead of Windows loading as normal, a menu should appear
          4) Select the first option, to run Windows in Safe Mode.

          For additional help in booting into Safe Mode, see the following site:
          http://www.pchell.com/support/safemode.shtml

          Once in Safe Mode, please run Ewido, and do a full scan. During the scan it will prompt you to clean files, click OK.

          Save the logfile from the scan. Restart your computer in normal mode and please post the log from the Ewido scan.

          I reckon that will clean up most of what Panda found.
        • [A13X]
          edited January 2006
          Hello again. Just did that scan, log follows:
          ewido anti-malware - Scan report

          + Created on: 13:59:49, 09/01/2006
          + Report-Checksum: 892F972B

          + Scan result:

          :mozilla.11:C:\Documents and Settings\Alex Frew\Application Data\Mozilla\Firefox\Profiles\hqjwsk7w.default\cookies.txt -> Spyware.Cookie.247realmedia : Cleaned with backup
          :mozilla.12:C:\Documents and Settings\Alex Frew\Application Data\Mozilla\Firefox\Profiles\hqjwsk7w.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
          :mozilla.13:C:\Documents and Settings\Alex Frew\Application Data\Mozilla\Firefox\Profiles\hqjwsk7w.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
          :mozilla.16:C:\Documents and Settings\Alex Frew\Application Data\Mozilla\Firefox\Profiles\hqjwsk7w.default\cookies.txt -> Spyware.Cookie.Euroclick : Cleaned with backup
          :mozilla.17:C:\Documents and Settings\Alex Frew\Application Data\Mozilla\Firefox\Profiles\hqjwsk7w.default\cookies.txt -> Spyware.Cookie.Euroclick : Cleaned with backup
          :mozilla.18:C:\Documents and Settings\Alex Frew\Application Data\Mozilla\Firefox\Profiles\hqjwsk7w.default\cookies.txt -> Spyware.Cookie.Euroclick : Cleaned with backup
          :mozilla.24:C:\Documents and Settings\Alex Frew\Application Data\Mozilla\Firefox\Profiles\hqjwsk7w.default\cookies.txt -> Spyware.Cookie.Adtech : Cleaned with backup
          :mozilla.25:C:\Documents and Settings\Alex Frew\Application Data\Mozilla\Firefox\Profiles\hqjwsk7w.default\cookies.txt -> Spyware.Cookie.Adtech : Cleaned with backup
          :mozilla.35:C:\Documents and Settings\Alex Frew\Application Data\Mozilla\Firefox\Profiles\hqjwsk7w.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
          :mozilla.36:C:\Documents and Settings\Alex Frew\Application Data\Mozilla\Firefox\Profiles\hqjwsk7w.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
          :mozilla.37:C:\Documents and Settings\Alex Frew\Application Data\Mozilla\Firefox\Profiles\hqjwsk7w.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
          :mozilla.38:C:\Documents and Settings\Alex Frew\Application Data\Mozilla\Firefox\Profiles\hqjwsk7w.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
          :mozilla.44:C:\Documents and Settings\Alex Frew\Application Data\Mozilla\Firefox\Profiles\hqjwsk7w.default\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup
          :mozilla.45:C:\Documents and Settings\Alex Frew\Application Data\Mozilla\Firefox\Profiles\hqjwsk7w.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
          :mozilla.46:C:\Documents and Settings\Alex Frew\Application Data\Mozilla\Firefox\Profiles\hqjwsk7w.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
          :mozilla.47:C:\Documents and Settings\Alex Frew\Application Data\Mozilla\Firefox\Profiles\hqjwsk7w.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
          :mozilla.48:C:\Documents and Settings\Alex Frew\Application Data\Mozilla\Firefox\Profiles\hqjwsk7w.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
          :mozilla.49:C:\Documents and Settings\Alex Frew\Application Data\Mozilla\Firefox\Profiles\hqjwsk7w.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
          :mozilla.50:C:\Documents and Settings\Alex Frew\Application Data\Mozilla\Firefox\Profiles\hqjwsk7w.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
          :mozilla.56:C:\Documents and Settings\Alex Frew\Application Data\Mozilla\Firefox\Profiles\hqjwsk7w.default\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
          :mozilla.57:C:\Documents and Settings\Alex Frew\Application Data\Mozilla\Firefox\Profiles\hqjwsk7w.default\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
          :mozilla.62:C:\Documents and Settings\Alex Frew\Application Data\Mozilla\Firefox\Profiles\hqjwsk7w.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
          :mozilla.63:C:\Documents and Settings\Alex Frew\Application Data\Mozilla\Firefox\Profiles\hqjwsk7w.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
          :mozilla.64:C:\Documents and Settings\Alex Frew\Application Data\Mozilla\Firefox\Profiles\hqjwsk7w.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
          :mozilla.65:C:\Documents and Settings\Alex Frew\Application Data\Mozilla\Firefox\Profiles\hqjwsk7w.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
          :mozilla.66:C:\Documents and Settings\Alex Frew\Application Data\Mozilla\Firefox\Profiles\hqjwsk7w.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
          :mozilla.67:C:\Documents and Settings\Alex Frew\Application Data\Mozilla\Firefox\Profiles\hqjwsk7w.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
          :mozilla.68:C:\Documents and Settings\Alex Frew\Application Data\Mozilla\Firefox\Profiles\hqjwsk7w.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
          :mozilla.69:C:\Documents and Settings\Alex Frew\Application Data\Mozilla\Firefox\Profiles\hqjwsk7w.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
          :mozilla.70:C:\Documents and Settings\Alex Frew\Application Data\Mozilla\Firefox\Profiles\hqjwsk7w.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
          :mozilla.71:C:\Documents and Settings\Alex Frew\Application Data\Mozilla\Firefox\Profiles\hqjwsk7w.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
          :mozilla.72:C:\Documents and Settings\Alex Frew\Application Data\Mozilla\Firefox\Profiles\hqjwsk7w.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
          :mozilla.73:C:\Documents and Settings\Alex Frew\Application Data\Mozilla\Firefox\Profiles\hqjwsk7w.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
          :mozilla.74:C:\Documents and Settings\Alex Frew\Application Data\Mozilla\Firefox\Profiles\hqjwsk7w.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
          :mozilla.75:C:\Documents and Settings\Alex Frew\Application Data\Mozilla\Firefox\Profiles\hqjwsk7w.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
          :mozilla.76:C:\Documents and Settings\Alex Frew\Application Data\Mozilla\Firefox\Profiles\hqjwsk7w.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
          :mozilla.77:C:\Documents and Settings\Alex Frew\Application Data\Mozilla\Firefox\Profiles\hqjwsk7w.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
          :mozilla.78:C:\Documents and Settings\Alex Frew\Application Data\Mozilla\Firefox\Profiles\hqjwsk7w.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
          :mozilla.79:C:\Documents and Settings\Alex Frew\Application Data\Mozilla\Firefox\Profiles\hqjwsk7w.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
          :mozilla.80:C:\Documents and Settings\Alex Frew\Application Data\Mozilla\Firefox\Profiles\hqjwsk7w.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
          :mozilla.81:C:\Documents and Settings\Alex Frew\Application Data\Mozilla\Firefox\Profiles\hqjwsk7w.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
          :mozilla.82:C:\Documents and Settings\Alex Frew\Application Data\Mozilla\Firefox\Profiles\hqjwsk7w.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
          :mozilla.83:C:\Documents and Settings\Alex Frew\Application Data\Mozilla\Firefox\Profiles\hqjwsk7w.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
          :mozilla.84:C:\Documents and Settings\Alex Frew\Application Data\Mozilla\Firefox\Profiles\hqjwsk7w.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
          :mozilla.85:C:\Documents and Settings\Alex Frew\Application Data\Mozilla\Firefox\Profiles\hqjwsk7w.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
          :mozilla.86:C:\Documents and Settings\Alex Frew\Application Data\Mozilla\Firefox\Profiles\hqjwsk7w.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
          :mozilla.87:C:\Documents and Settings\Alex Frew\Application Data\Mozilla\Firefox\Profiles\hqjwsk7w.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
          :mozilla.97:C:\Documents and Settings\Alex Frew\Application Data\Mozilla\Firefox\Profiles\hqjwsk7w.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
          :mozilla.98:C:\Documents and Settings\Alex Frew\Application Data\Mozilla\Firefox\Profiles\hqjwsk7w.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
          :mozilla.99:C:\Documents and Settings\Alex Frew\Application Data\Mozilla\Firefox\Profiles\hqjwsk7w.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
          :mozilla.100:C:\Documents and Settings\Alex Frew\Application Data\Mozilla\Firefox\Profiles\hqjwsk7w.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
          :mozilla.101:C:\Documents and Settings\Alex Frew\Application Data\Mozilla\Firefox\Profiles\hqjwsk7w.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
          :mozilla.102:C:\Documents and Settings\Alex Frew\Application Data\Mozilla\Firefox\Profiles\hqjwsk7w.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
          :mozilla.103:C:\Documents and Settings\Alex Frew\Application Data\Mozilla\Firefox\Profiles\hqjwsk7w.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
          :mozilla.104:C:\Documents and Settings\Alex Frew\Application Data\Mozilla\Firefox\Profiles\hqjwsk7w.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
          :mozilla.105:C:\Documents and Settings\Alex Frew\Application Data\Mozilla\Firefox\Profiles\hqjwsk7w.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
          :mozilla.106:C:\Documents and Settings\Alex Frew\Application Data\Mozilla\Firefox\Profiles\hqjwsk7w.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
          :mozilla.107:C:\Documents and Settings\Alex Frew\Application Data\Mozilla\Firefox\Profiles\hqjwsk7w.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
          :mozilla.108:C:\Documents and Settings\Alex Frew\Application Data\Mozilla\Firefox\Profiles\hqjwsk7w.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
          :mozilla.109:C:\Documents and Settings\Alex Frew\Application Data\Mozilla\Firefox\Profiles\hqjwsk7w.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
          :mozilla.190:C:\Documents and Settings\Alex Frew\Application Data\Mozilla\Firefox\Profiles\hqjwsk7w.default\cookies.txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
          :mozilla.191:C:\Documents and Settings\Alex Frew\Application Data\Mozilla\Firefox\Profiles\hqjwsk7w.default\cookies.txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
          :mozilla.202:C:\Documents and Settings\Alex Frew\Application Data\Mozilla\Firefox\Profiles\hqjwsk7w.default\cookies.txt -> Spyware.Cookie.Valuead : Cleaned with backup
          :mozilla.203:C:\Documents and Settings\Alex Frew\Application Data\Mozilla\Firefox\Profiles\hqjwsk7w.default\cookies.txt -> Spyware.Cookie.Valuead : Cleaned with backup
          :mozilla.204:C:\Documents and Settings\Alex Frew\Application Data\Mozilla\Firefox\Profiles\hqjwsk7w.default\cookies.txt -> Spyware.Cookie.Valuead : Cleaned with backup
          :mozilla.205:C:\Documents and Settings\Alex Frew\Application Data\Mozilla\Firefox\Profiles\hqjwsk7w.default\cookies.txt -> Spyware.Cookie.Valuead : Cleaned with backup
          :mozilla.206:C:\Documents and Settings\Alex Frew\Application Data\Mozilla\Firefox\Profiles\hqjwsk7w.default\cookies.txt -> Spyware.Cookie.Valuead : Cleaned with backup
          :mozilla.220:C:\Documents and Settings\Alex Frew\Application Data\Mozilla\Firefox\Profiles\hqjwsk7w.default\cookies.txt -> Spyware.Cookie.Spylog : Cleaned with backup
          :mozilla.223:C:\Documents and Settings\Alex Frew\Application Data\Mozilla\Firefox\Profiles\hqjwsk7w.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
          :mozilla.224:C:\Documents and Settings\Alex Frew\Application Data\Mozilla\Firefox\Profiles\hqjwsk7w.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
          :mozilla.235:C:\Documents and Settings\Alex Frew\Application Data\Mozilla\Firefox\Profiles\hqjwsk7w.default\cookies.txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
          :mozilla.236:C:\Documents and Settings\Alex Frew\Application Data\Mozilla\Firefox\Profiles\hqjwsk7w.default\cookies.txt -> Spyware.Cookie.Trafic : Cleaned with backup
          :mozilla.237:C:\Documents and Settings\Alex Frew\Application Data\Mozilla\Firefox\Profiles\hqjwsk7w.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
          :mozilla.259:C:\Documents and Settings\Alex Frew\Application Data\Mozilla\Firefox\Profiles\hqjwsk7w.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
          :mozilla.260:C:\Documents and Settings\Alex Frew\Application Data\Mozilla\Firefox\Profiles\hqjwsk7w.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
          :mozilla.261:C:\Documents and Settings\Alex Frew\Application Data\Mozilla\Firefox\Profiles\hqjwsk7w.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
          :mozilla.262:C:\Documents and Settings\Alex Frew\Application Data\Mozilla\Firefox\Profiles\hqjwsk7w.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
          :mozilla.263:C:\Documents and Settings\Alex Frew\Application Data\Mozilla\Firefox\Profiles\hqjwsk7w.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
          :mozilla.264:C:\Documents and Settings\Alex Frew\Application Data\Mozilla\Firefox\Profiles\hqjwsk7w.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
          :mozilla.265:C:\Documents and Settings\Alex Frew\Application Data\Mozilla\Firefox\Profiles\hqjwsk7w.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
          :mozilla.289:C:\Documents and Settings\Alex Frew\Application Data\Mozilla\Firefox\Profiles\hqjwsk7w.default\cookies.txt -> Spyware.Cookie.Masterstats : Cleaned with backup
          C:\Documents and Settings\Alex Frew\Cookies\alex [email]frew@adopt.euroclick[1].txt[/email] -> Spyware.Cookie.Euroclick : Cleaned with backup
          C:\Documents and Settings\Alex Frew\Cookies\alex [email]frew@atdmt[1].txt[/email] -> Spyware.Cookie.Atdmt : Cleaned with backup
          C:\WINDOWS\system32\vturo.dll -> Adware.Virtumonde : Cleaned with backup


          ::Report End
        • CrunchieCrunchie Mandurah. Western Australia. Member
          edited January 2006
          Looks good. How is your PC now?
        • [A13X]
          edited January 2006
          Seems to be running better!

          Thanks a lot! If you're ever in Aberdeen, I'll buy you a pint
        • CrunchieCrunchie Mandurah. Western Australia. Member
          edited January 2006
          Congratulations! Your log looks clean - good work!

          ===============

          Now that your PC is clean you need to follow these easy steps to keeping it this way:

          Secure your Internet Explorer by going here and following the instructions there.

          Better yet, use an alternative browser! Download FireFox and give it a run. It is far more secure than Internet Explorer. Or, you can get Opera which in my opinion, is better still.

          Use a firewall to help prevent your PC's control being usurped by undesireables. There is a link to a good, free firewall in my signature.

          Install and keep updated, Ewido anti-malware, Ad-Aware SE and Spybot S&D.
          Run them both on a regular basis, following the manufacturer's recommendations.

          Install an anti-virus. There are some good, free AV's available today. Make sure that it is updated regularly and have it scan your system often.

          Check for Windows Updates. Microsoft regularly post updates for your systems safe running. Make sure to take advantage of this. Reboot when installed and return to make sure there are no others.


          Clear your Temp folders.
          Clear out your Temporary internet files and other temp files.
          Go to Start > Settings > Control Panel >Internet Options.
          Under the General tab click the Delete temporary internet files,
          delete all Offline content as well. Clear out Cookies.

          Also, go to Start > Find/search > Files or folders > in the named box, type: *.tmp and choose Edit > select all -> File > delete.

          Empty/delete the entire contents of the C:\Windows\temp folder and C:\temp folder, if you have one. (Contents but not the folder itself.)

          C:\Documents and Settings\username\Local Settings\Temp\

          In order to view these files you may have to select 'show hidden files/folders.' Instructions on how to here.

          Empty the Recycle Bin.

          For XP users.
          After something like this it is a good idea to Flush the Restore Points and start fresh.
          To flush the XP system Restore Points.

          Go to Start>Run and type msconfig. Press enter.

          When msconfig opens, click the Launch System Restore Button.
          On the next page, click the System Restore Settings link on the left.

          Check the box labelled 'Turn off System restore'.

          Reboot. Go back in and Turn System Restore Back on. A new Restore Point will be created.

          Note that all previous restore points will be lost.

          ===============

          If you have any more problems, post back.

          -

          Happy surfing,

          crunchie.
        This discussion has been closed.