Virus through MSN[resolved]

Unknown
edited December 2006 in Spyware & Virus Removal
Hi

Today I got a virus on my laptop through MSN. I got a link from a friend saying "is this you?" followed by a link which was supposed to be a photo. When clicking the link I got a virus that was sending this message to everyone in my msn list automatically. I also got this 888Bar in my internet explorer and lots of pop-ups which I usually don't get.

Just made this Hijackthis scan.. hopefully someone can help me out.

Thanks!



Logfile of HijackThis v1.99.1
Scan saved at 21:36:18, on 26-11-2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\WINDOWS\system32\winstall.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\SMANTE~1\regsvr32.exe
C:\WINDOWS\system32\S?mantec\m?hta.exe
C:\WINDOWS\system32\atievxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\msrr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HJt\HJT\HijackThis.exe
C:\WINDOWS\system32\winstall.exe
C:\WINDOWS\system32\mcnew.exe
C:\WINDOWS\system32\winstall.exe
C:\Program Files\Common Files\{D41CDF88-01F2-1043-0726-01001011001f}\Update.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://zlatan.proboards48.com/index.cgi
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
R3 - URLSearchHook: (no name) - {72BB7EE9-9907-B0D7-2C22-C8CE6ACABFC2} - C:\WINDOWS\system32\qlk.dll
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: (no name) - {72BB7EE9-9907-B0D7-2C22-C8CE6ACABFC2} - C:\WINDOWS\system32\qlk.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [explorer] C:\WINDOWS\system32\winstall.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Soao] "C:\WINDOWS\system32\SMANTE~1\regsvr32.exe" -vt yazb
O4 - HKCU\..\Run: [Uunvttj] C:\WINDOWS\system32\S?mantec\m?hta.exe
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {E055C02E-6258-40FF-80A7-3BDA52FACAD7} (Installer Class) - http://activex.matcash.com/speedtest2.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe

Comments

  • SpywareShooterSpywareShooter 127.0.0.1
    edited November 2006
    [STEP 1] Fix HijackThis Entries:
    Fix the following entries with HijackThis by placing checkmarks in the boxes next to them and clicking "Fix Checked".

    R3 - URLSearchHook: (no name) - {72BB7EE9-9907-B0D7-2C22-C8CE6ACABFC2} - C:\WINDOWS\system32\qlk.dll
    R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
    O2 - BHO: (no name) - {72BB7EE9-9907-B0D7-2C22-C8CE6ACABFC2} - C:\WINDOWS\system32\qlk.dll
    O4 - HKLM\..\Run: [explorer] C:\WINDOWS\system32\winstall.exe
    O4 - HKCU\..\Run: [Soao] "C:\WINDOWS\system32\SMANTE~1\regsvr32.exe" -vt yazb
    O4 - HKCU\..\Run: [Uunvttj] C:\WINDOWS\system32\S?mantec\m?hta.exe
    O16 - DPF: {E055C02E-6258-40FF-80A7-3BDA52FACAD7} (Installer Class) - http://activex.matcash.com/speedtest2.dll

    [STEP 2] Remove Malicious Files:
    Locate the following files using Windows Explorer (the My Computer icon or shortcut) and delete them from your computer.

    C:\WINDOWS\system32\qlk.dll
    C:\WINDOWS\system32\winstall.exe
    C:\WINDOWS\system32\SMANTE~1\regsvr32.exe
    C:\WINDOWS\system32\S?mantec\m?hta.exe

    [STEP 3]Report Back to us:
    Once you have followed all of the steps above please reboot your computer and post a new HijackThis log.
  • being me
    edited November 2006
    Thanks for helping me out. I followed your steps above but couldn't locate the file : C:\WINDOWS\system32\qlk.dll. Maybe its already deleted?


    here's my new logfile:


    Logfile of HijackThis v1.99.1
    Scan saved at 19:21:05, on 27-11-2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
    C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
    C:\Program Files\Common Files\{D41CDF88-01F2-1043-0726-01001011001f}\Update.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\WINDOWS\system32\atievxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\WINDOWS\system32\wuauclt.exe
    C:\HJt\HJT\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://zlatan.proboards48.com/index.cgi
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
    O2 - BHO: 888Bar - {C004DEC2-2623-438e-9CA2-C9043AB28508} - C:\PROGRA~1\COMMON~1\{341CD~1\888Bar.dll (file missing)
    O3 - Toolbar: 888Bar - {C004DEC2-2623-438e-9CA2-C9043AB28508} - C:\PROGRA~1\COMMON~1\{341CD~1\888Bar.dll (file missing)
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
    O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
    O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
    O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
  • SpywareShooterSpywareShooter 127.0.0.1
    edited November 2006
    [STEP 1] Online Malware Scan:
    There is a file in your log that looks suspicious, but we need to run a test to see whether it is or not. Please go to http://virusscan.jotti.org and submit the following file, and post the results.

    C:\Program Files\Common Files\{D41CDF88-01F2-1043-0726-01001011001f}\Update.exe

    [STEP 2] Fix HijackThis Entries:
    Fix the following entries with HijackThis by placing checkmarks in the boxes next to them and clicking "Fix Checked".

    O2 - BHO: 888Bar - {C004DEC2-2623-438e-9CA2-C9043AB28508} - C:\PROGRA~1\COMMON~1\{341CD~1\888Bar.dll (file missing)
    O3 - Toolbar: 888Bar - {C004DEC2-2623-438e-9CA2-C9043AB28508} - C:\PROGRA~1\COMMON~1\{341CD~1\888Bar.dll (file missing)

    [STEP 3]Report Back to us:
    Once you have followed all of the steps above please reboot your computer and post a new HijackThis log, and the results from Jotti.
  • being me
    edited November 2006
    Virusscan Jotti results

    Service
    Service load: 0% 100%

    File: Update.exe
    Status: INFECTED/MALWARE (Note: this file has been scanned before. Therefore, this file's scan results will not be stored in the database)
    MD5 95da98f474ee10694abaa3271060fb4d
    Packers detected: -
    Scanner results
    AntiVir Found nothing
    ArcaVir Found Adware.Mediaback.C
    Avast Found nothing
    AVG Antivirus Found nothing
    BitDefender Found nothing
    ClamAV Found nothing
    Dr.Web Found nothing
    F-Prot Antivirus Found nothing
    F-Secure Anti-Virus Found nothing
    Fortinet Found Dloader.K!tr
    Kaspersky Anti-Virus Found nothing
    NOD32 Found nothing
    Norman Virus Control Found nothing
    VirusBuster Found nothing
    VBA32 Found nothing


    Logfile of HijackThis v1.99.1
    Scan saved at 21:51:18, on 27-11-2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
    C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
    C:\Program Files\Common Files\{D41CDF88-01F2-1043-0726-01001011001f}\Update.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\atievxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\HJt\HJT\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://zlatan.proboards48.com/index.cgi
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
    O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
    O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
    O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
  • SpywareShooterSpywareShooter 127.0.0.1
    edited November 2006
    Please Download Killbox from this site and extract it to your desktop. Once it is fully downloaded and extracted run Killbox, and in the box, enter the file below and mark the "Delete on Reboot" option, exit the program, and reboot your computer.

    C:\Program Files\Common Files\{D41CDF88-01F2-1043-0726-01001011001f}\Update.exe

    Once you have completed that step, please scan again with HijackThis and post a new log.
  • being me
    edited November 2006
    Ok I deleted that file through killbox. Here's my new log:

    Logfile of HijackThis v1.99.1
    Scan saved at 22:10:30, on 27-11-2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
    C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
    C:\Program Files\Common Files\{D41CDF88-01F2-1043-0726-01001011001f}\Update.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\atievxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\HJt\HJT\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://zlatan.proboards48.com/index.cgi
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
    O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
    O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
    O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
  • SpywareShooterSpywareShooter 127.0.0.1
    edited November 2006
    It seems it came back somehow. Did you reboot the computer after running Killbox?
  • being me
    edited November 2006
    yeah i did that. I just tried it again 2 times but it keeps coming back for some reason.
  • lachie27
    edited November 2006
    We seem to have baffled the people here. But I have a solution. A reasonably quick and easy solution at that.
    If you're using Windows Live Messenger it has been corrupted. Below are the details of how to get rid of it.


    To perform a clean installation of Windows Live Messenger, follow these steps:
    1. Remove Windows Live Messenger from the computer.
    a. In the notification area, right-click the Messenger icon, and then click "Sign Out."
    b. Click "Start," click "Run," type "control appwiz.cpl", and then click "OK." If you are running Windows Vista, click "Start," type "control appwiz.cpl," and then press ENTER.
    c. In the list of currently installed programs, select "Windows Live Messenger," and then click "Remove."
    d. If you are prompted to confirm, click "Yes."

    2. Remove the temporary files and folders from the computer:
    - For Windows Vista
    a. Click "Start," type "cleanmgr," in the text box, and then press ENTER.
    b. In the Disk Cleanup options window, click "My Files only."

    c. On the "Disk Cleanup" tab, make sure that only the following options are selected:
    -- "Downloaded Program Files"
    -- "Temporary Internet Files"
    -- "Temporary files"
    -- "Hibernation File Cleaner"
    -- "Setup Log Files"
    -- "Recycle Bin"
    -- "Thumbnails"

    d. Confirm deletion of files, and then run the Disk Cleanup utility.

    - For Microsoft Windows XP , Windows 2000, Windows Millennium Edition, and Windows 98
    a. Click "Start," click "Run," type "cleanmgr," and then click "OK."
    b. If you are prompted, click "C:" in the "Select the drive you want to clean up" list, and then click "OK."

    NOTES:
    - If you partitioned the hard disk, the CleanMgr utility prompts you to select a drive.
    - The Disk Cleanup utility displays how much disk space can be freed.
    - This process can take several minutes.

    c. On the "Disk Cleanup" tab, make sure that only the following options are selected:
    -- "Downloaded Program Files"
    -- "Temporary Internet Files"
    -- "Temporary files"
    -- "Temporary Offline Files"
    -- "Offline Files"

    d. Click "OK" two times.

    3. Delete the Windows Live Messenger-associated registry keys.

    IMPORTANT: The following steps contain information about modifying the registry. Before you modify the registry, make sure to back it up, and make sure that you understand how to restore the registry if a problem occurs.

    WARNING: If you use Registry Editor incorrectly, you may cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that you can solve problems that result from using Registry Editor incorrectly. Use Registry Editor at your own risk.

    a. Click "Start," click "Run," type "cmd", and then click "OK." If you are using Windows Vista, click "Start," type "cmd," and then press ENTER. The Command Prompt window opens.
    b. At the command prompt, type the following commands (without quotation marks), and then press ENTER after each command:
    "REG DELETE HKCU\Software\Microsoft\MSNMessenger"
    "REG DELETE HKLM\Software\Microsoft\MSNMessenger"

    c. Type "exit," and then press ENTER.

    4. Restart the computer.

    5. Reinstall Windows Live Messenger:


    Hopefully this worked for you, it sure worked for me!
    Contact Windows Live Messenger Support if you have any problems.
  • SpywareShooterSpywareShooter 127.0.0.1
    edited November 2006
    being me, please try the solution that lachie27 has suggested and report back with a HijackThis log to see if it worked.

    All other users: Please start your own threads on this issue!
  • being me
    edited November 2006
    Oke. I followed the steps. This is my new HijackThis logfile:

    Logfile of HijackThis v1.99.1
    Scan saved at 21:01:32, on 29-11-2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
    C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\atievxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\System32\svchost.exe
    C:\HJt\HJT\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://zlatan.proboards48.com/index.cgi
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
    O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
    O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
    O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
  • SpywareShooterSpywareShooter 127.0.0.1
    edited November 2006
    [STEP 1]Run Additional Tools:
    Your HijackThis log shows no more signs of executable malware. However, this does not mean that your system is completely clean. In order to make sure that all remaining pieces of this malware have been removed, it is reccomended that you download and scan with Ewido Anti-Malware. Please do an Ewido scan and post the log here.:

    Download Ewido

    [STEP 2]Report Back to us:
    Once you have followed all of the steps above please reboot your computer and post a new HijackThis log.
  • being me
    edited November 2006
    AVG Anti-Spyware - Scan Report

    + Created at: 22:27:26 29-11-2006

    + Scan result:



    C:\Program Files\Common Files\Yazzle1122OinUninstaller.exe -> Adware.ClickSpring : No action taken.
    C:\Documents and Settings\tessa\winstall.exe -> Adware.PurityScan : No action taken.
    C:\HJt\HJT\backups\backup-20061127-190625-596.dll -> Adware.PurityScan : No action taken.
    C:\RECYCLER\S-1-5-21-606747145-1060284298-842925246-1003\Dc152.exe -> Adware.PurityScan : No action taken.
    C:\RECYCLER\S-1-5-21-606747145-1060284298-842925246-1003\Dc18.exe -> Adware.PurityScan : No action taken.
    C:\RECYCLER\S-1-5-21-606747145-1060284298-842925246-1003\Dc20.exe -> Adware.PurityScan : No action taken.
    C:\System Volume Information\_restore{A5641221-9E7A-4DDE-892D-F9C16BD253DA}\RP38\A0002086.exe -> Adware.PurityScan : No action taken.
    C:\System Volume Information\_restore{A5641221-9E7A-4DDE-892D-F9C16BD253DA}\RP38\A0002098.exe -> Adware.PurityScan : No action taken.
    C:\System Volume Information\_restore{A5641221-9E7A-4DDE-892D-F9C16BD253DA}\RP38\A0002129.exe -> Adware.PurityScan : No action taken.
    C:\System Volume Information\_restore{A5641221-9E7A-4DDE-892D-F9C16BD253DA}\RP40\A0002197.exe -> Adware.PurityScan : No action taken.
    C:\System Volume Information\_restore{A5641221-9E7A-4DDE-892D-F9C16BD253DA}\RP40\A0002224.dll -> Adware.PurityScan : No action taken.
    C:\Program Files\Common Files\{D41CDF88-01F2-1043-0726-01001011001f}\system.dll -> Adware.Softomate : No action taken.
    C:\RECYCLER\S-1-5-21-606747145-1060284298-842925246-1003\Dc100\Update.exe -> Adware.Softomate : No action taken.
    C:\RECYCLER\S-1-5-21-606747145-1060284298-842925246-1003\Dc100\system.dll -> Adware.Softomate : No action taken.
    C:\RECYCLER\S-1-5-21-606747145-1060284298-842925246-1003\Dc101\Update.exe -> Adware.Softomate : No action taken.
    C:\RECYCLER\S-1-5-21-606747145-1060284298-842925246-1003\Dc101\system.dll -> Adware.Softomate : No action taken.
    C:\RECYCLER\S-1-5-21-606747145-1060284298-842925246-1003\Dc102\Update.exe -> Adware.Softomate : No action taken.
    C:\RECYCLER\S-1-5-21-606747145-1060284298-842925246-1003\Dc102\system.dll -> Adware.Softomate : No action taken.
    C:\RECYCLER\S-1-5-21-606747145-1060284298-842925246-1003\Dc103\Update.exe -> Adware.Softomate : No action taken.
    C:\RECYCLER\S-1-5-21-606747145-1060284298-842925246-1003\Dc103\system.dll -> Adware.Softomate : No action taken.
    C:\RECYCLER\S-1-5-21-606747145-1060284298-842925246-1003\Dc104\Update.exe -> Adware.Softomate : No action taken.
    C:\RECYCLER\S-1-5-21-606747145-1060284298-842925246-1003\Dc104\system.dll -> Adware.Softomate : No action taken.
    C:\RECYCLER\S-1-5-21-606747145-1060284298-842925246-1003\Dc105\Update.exe -> Adware.Softomate : No action taken.
    C:\RECYCLER\S-1-5-21-606747145-1060284298-842925246-1003\Dc105\system.dll -> Adware.Softomate : No action taken.
    C:\RECYCLER\S-1-5-21-606747145-1060284298-842925246-1003\Dc112\Update.exe -> Adware.Softomate : No action taken.
    C:\RECYCLER\S-1-5-21-606747145-1060284298-842925246-1003\Dc112\system.dll -> Adware.Softomate : No action taken.
    C:\RECYCLER\S-1-5-21-606747145-1060284298-842925246-1003\Dc113\Update.exe -> Adware.Softomate : No action taken.
    C:\RECYCLER\S-1-5-21-606747145-1060284298-842925246-1003\Dc113\system.dll -> Adware.Softomate : No action taken.
    C:\RECYCLER\S-1-5-21-606747145-1060284298-842925246-1003\Dc114\Update.exe -> Adware.Softomate : No action taken.
    C:\RECYCLER\S-1-5-21-606747145-1060284298-842925246-1003\Dc114\system.dll -> Adware.Softomate : No action taken.
    C:\RECYCLER\S-1-5-21-606747145-1060284298-842925246-1003\Dc115\Update.exe -> Adware.Softomate : No action taken.
    C:\RECYCLER\S-1-5-21-606747145-1060284298-842925246-1003\Dc115\system.dll -> Adware.Softomate : No action taken.
    C:\RECYCLER\S-1-5-21-606747145-1060284298-842925246-1003\Dc122\Update.exe -> Adware.Softomate : No action taken.
    C:\RECYCLER\S-1-5-21-606747145-1060284298-842925246-1003\Dc122\system.dll -> Adware.Softomate : No action taken.
    C:\RECYCLER\S-1-5-21-606747145-1060284298-842925246-1003\Dc123\Update.exe -> Adware.Softomate : No action taken.
    C:\RECYCLER\S-1-5-21-606747145-1060284298-842925246-1003\Dc123\system.dll -> Adware.Softomate : No action taken.
    C:\RECYCLER\S-1-5-21-606747145-1060284298-842925246-1003\Dc124\Update.exe -> Adware.Softomate : No action taken.
    C:\RECYCLER\S-1-5-21-606747145-1060284298-842925246-1003\Dc124\system.dll -> Adware.Softomate : No action taken.
    C:\RECYCLER\S-1-5-21-606747145-1060284298-842925246-1003\Dc125\Update.exe -> Adware.Softomate : No action taken.
    C:\RECYCLER\S-1-5-21-606747145-1060284298-842925246-1003\Dc125\system.dll -> Adware.Softomate : No action taken.
    C:\RECYCLER\S-1-5-21-606747145-1060284298-842925246-1003\Dc126\Update.exe -> Adware.Softomate : No action taken.
    C:\RECYCLER\S-1-5-21-606747145-1060284298-842925246-1003\Dc126\system.dll -> Adware.Softomate : No action taken.
    C:\RECYCLER\S-1-5-21-606747145-1060284298-842925246-1003\Dc127\Update.exe -> Adware.Softomate : No action taken.
    C:\RECYCLER\S-1-5-21-606747145-1060284298-842925246-1003\Dc127\system.dll -> Adware.Softomate : No action taken.
    C:\RECYCLER\S-1-5-21-606747145-1060284298-842925246-1003\Dc128\Update.exe -> Adware.Softomate : No action taken.
    C:\RECYCLER\S-1-5-21-606747145-1060284298-842925246-1003\Dc128\system.dll -> Adware.Softomate : No action taken.
    C:\RECYCLER\S-1-5-21-606747145-1060284298-842925246-1003\Dc129\Update.exe -> Adware.Softomate : No action taken.
    C:\RECYCLER\S-1-5-21-606747145-1060284298-842925246-1003\Dc129\system.dll -> Adware.Softomate : No action taken.
    C:\RECYCLER\S-1-5-21-606747145-1060284298-842925246-1003\Dc130\Update.exe -> Adware.Softomate : No action taken.
    C:\RECYCLER\S-1-5-21-606747145-1060284298-842925246-1003\Dc130\system.dll -> Adware.Softomate : No action taken.
    C:\RECYCLER\S-1-5-21-606747145-1060284298-842925246-1003\Dc131\Update.exe -> Adware.Softomate : No action taken.
    C:\RECYCLER\S-1-5-21-606747145-1060284298-842925246-1003\Dc131\system.dll -> Adware.Softomate : No action taken.
    C:\RECYCLER\S-1-5-21-606747145-1060284298-842925246-1003\Dc132\Update.exe -> Adware.Softomate : No action taken.
    C:\RECYCLER\S-1-5-21-606747145-1060284298-842925246-1003\Dc132\system.dll -> Adware.Softomate : No action taken.
    C:\RECYCLER\S-1-5-21-606747145-1060284298-842925246-1003\Dc133\Update.exe -> Adware.Softomate : No action taken.
    C:\RECYCLER\S-1-5-21-606747145-1060284298-842925246-1003\Dc133\system.dll -> Adware.Softomate : No action taken.
    C:\RECYCLER\S-1-5-21-606747145-1060284298-842925246-1003\Dc134\Update.exe -> Adware.Softomate : No action taken.
    C:\RECYCLER\S-1-5-21-606747145-1060284298-842925246-1003\Dc134\system.dll -> Adware.Softomate : No action taken.
    C:\RECYCLER\S-1-5-21-606747145-1060284298-842925246-1003\Dc135\Update.exe -> Adware.Softomate : No action taken.
    C:\RECYCLER\S-1-5-21-606747145-1060284298-842925246-1003\Dc135\system.dll -> Adware.Softomate : No action taken.
    C:\RECYCLER\S-1-5-21-606747145-1060284298-842925246-1003\Dc136\Update.exe -> Adware.Softomate : No action taken.
    C:\RECYCLER\S-1-5-21-606747145-1060284298-842925246-1003\Dc136\system.dll -> Adware.Softomate : No action taken.
    C:\RECYCLER\S-1-5-21-606747145-1060284298-842925246-1003\Dc137\Update.exe -> Adware.Softomate : No action taken.
    C:\RECYCLER\S-1-5-21-606747145-1060284298-842925246-1003\Dc137\system.dll -> Adware.Softomate : No action taken.
    C:\RECYCLER\S-1-5-21-606747145-1060284298-842925246-1003\Dc144\Update.exe -> Adware.Softomate : No action taken.
    C:\RECYCLER\S-1-5-21-606747145-1060284298-842925246-1003\Dc144\system.dll -> Adware.Softomate : No action taken.
    C:\RECYCLER\S-1-5-21-606747145-1060284298-842925246-1003\Dc145\Update.exe -> Adware.Softomate : No action taken.
    C:\RECYCLER\S-1-5-21-606747145-1060284298-842925246-1003\Dc145\system.dll -> Adware.Softomate : No action taken.
    C:\RECYCLER\S-1-5-21-606747145-1060284298-842925246-1003\Dc146\Update.exe -> Adware.Softomate : No action taken.
    C:\RECYCLER\S-1-5-21-606747145-1060284298-842925246-1003\Dc146\system.dll -> Adware.Softomate : No action taken.
    C:\RECYCLER\S-1-5-21-606747145-1060284298-842925246-1003\Dc147\Update.exe -> Adware.Softomate : No action taken.
    C:\RECYCLER\S-1-5-21-606747145-1060284298-842925246-1003\Dc147\system.dll -> Adware.Softomate : No action taken.
    C:\RECYCLER\S-1-5-21-606747145-1060284298-842925246-1003\Dc148\Update.exe -> Adware.Softomate : No action taken.
    C:\RECYCLER\S-1-5-21-606747145-1060284298-842925246-1003\Dc148\system.dll -> Adware.Softomate : No action taken.
    C:\RECYCLER\S-1-5-21-606747145-1060284298-842925246-1003\Dc149\Update.exe -> Adware.Softomate : No action taken.
    C:\RECYCLER\S-1-5-21-606747145-1060284298-842925246-1003\Dc149\system.dll -> Adware.Softomate : No action taken.
    C:\RECYCLER\S-1-5-21-606747145-1060284298-842925246-1003\Dc14\Update.exe -> Adware.Softomate : No action taken.
    C:\RECYCLER\S-1-5-21-606747145-1060284298-842925246-1003\Dc14\system.dll -> Adware.Softomate : No action taken.
    C:\RECYCLER\S-1-5-21-606747145-1060284298-842925246-1003\Dc150\Update.exe -> Adware.Softomate : No action taken.
    C:\RECYCLER\S-1-5-21-606747145-1060284298-842925246-1003\Dc150\system.dll -> Adware.Softomate : No action taken.
    C:\RECYCLER\S-1-5-21-606747145-1060284298-842925246-1003\Dc151\Update.exe -> Adware.Softomate : No action taken.
    C:\RECYCLER\S-1-5-21-606747145-1060284298-842925246-1003\Dc151\system.dll -> Adware.Softomate : No action taken.
    C:\RECYCLER\S-1-5-21-606747145-1060284298-842925246-1003\Dc155.exe -> Adware.Softomate : No action taken.
    C:\RECYCLER\S-1-5-21-606747145-1060284298-842925246-1003\Dc15\Update.exe -> Adware.Softomate : No action taken.
    C:\RECYCLER\S-1-5-21-606747145-1060284298-842925246-1003\Dc15\system.dll -> Adware.Softomate : No action taken.
    C:\RECYCLER\S-1-5-21-606747145-1060284298-842925246-1003\Dc16\Update.exe -> Adware.Softomate : No action taken.
    C:\RECYCLER\S-1-5-21-606747145-1060284298-842925246-1003\Dc16\system.dll -> Adware.Softomate : No action taken.
    C:\RECYCLER\S-1-5-21-606747145-1060284298-842925246-1003\Dc21\Update.exe -> Adware.Softomate : No action taken.
    C:\RECYCLER\S-1-5-21-606747145-1060284298-842925246-1003\Dc21\system.dll -> Adware.Softomate : No action taken.
    C:\RECYCLER\S-1-5-21-606747145-1060284298-842925246-1003\Dc22\Update.exe -> Adware.Softomate : No action taken.
    C:\RECYCLER\S-1-5-21-606747145-1060284298-842925246-1003\Dc22\system.dll -> Adware.Softomate : No action taken.
    C:\RECYCLER\S-1-5-21-606747145-1060284298-842925246-1003\Dc23\Update.exe -> Adware.Softomate : No action taken.
    C:\RECYCLER\S-1-5-21-606747145-1060284298-842925246-1003\Dc23\system.dll -> Adware.Softomate : No action taken.
    C:\RECYCLER\S-1-5-21-606747145-1060284298-842925246-1003\Dc31\Update.exe -> Adware.Softomate : No action taken.
    C:\RECYCLER\S-1-5-21-606747145-1060284298-842925246-1003\Dc31\system.dll -> Adware.Softomate : No action taken.
    C:\RECYCLER\S-1-5-21-606747145-1060284298-842925246-1003\Dc32\Update.exe -> Adware.Softomate : No action taken.
    C:\RECYCLER\S-1-5-21-606747145-1060284298-842925246-1003\Dc32\system.dll -> Adware.Softomate : No action taken.
    C:\RECYCLER\S-1-5-21-606747145-1060284298-842925246-1003\Dc33\Update.exe -> Adware.Softomate : No action taken.
    C:\RECYCLER\S-1-5-21-606747145-1060284298-842925246-1003\Dc33\system.dll -> Adware.Softomate : No action taken.
    C:\RECYCLER\S-1-5-21-606747145-1060284298-842925246-1003\Dc40\Update.exe -> Adware.Softomate : No action taken.
    C:\RECYCLER\S-1-5-21-606747145-1060284298-842925246-1003\Dc40\system.dll -> Adware.Softomate : No action taken.
    C:\RECYCLER\S-1-5-21-606747145-1060284298-842925246-1003\Dc41\Update.exe -> Adware.Softomate : No action taken.
    C:\RECYCLER\S-1-5-21-606747145-1060284298-842925246-1003\Dc41\system.dll -> Adware.Softomate : No action taken.
    C:\RECYCLER\S-1-5-21-606747145-1060284298-842925246-1003\Dc42\Update.exe -> Adware.Softomate : No action taken.
    C:\RECYCLER\S-1-5-21-606747145-1060284298-842925246-1003\Dc42\system.dll -> Adware.Softomate : No action taken.
    C:\RECYCLER\S-1-5-21-606747145-1060284298-842925246-1003\Dc49\Update.exe -> Adware.Softomate : No action taken.
    C:\RECYCLER\S-1-5-21-606747145-1060284298-842925246-1003\Dc49\system.dll -> Adware.Softomate : No action taken.
    C:\RECYCLER\S-1-5-21-606747145-1060284298-842925246-1003\Dc50\Update.exe -> Adware.Softomate : No action taken.
    C:\RECYCLER\S-1-5-21-606747145-1060284298-842925246-1003\Dc50\system.dll -> Adware.Softomate : No action taken.
    C:\RECYCLER\S-1-5-21-606747145-1060284298-842925246-1003\Dc57\Update.exe -> Adware.Softomate : No action taken.
    C:\RECYCLER\S-1-5-21-606747145-1060284298-842925246-1003\Dc57\system.dll -> Adware.Softomate : No action taken.
    C:\RECYCLER\S-1-5-21-606747145-1060284298-842925246-1003\Dc58\Update.exe -> Adware.Softomate : No action taken.
    C:\RECYCLER\S-1-5-21-606747145-1060284298-842925246-1003\Dc58\system.dll -> Adware.Softomate : No action taken.
    C:\RECYCLER\S-1-5-21-606747145-1060284298-842925246-1003\Dc59\Update.exe -> Adware.Softomate : No action taken.
    C:\RECYCLER\S-1-5-21-606747145-1060284298-842925246-1003\Dc59\system.dll -> Adware.Softomate : No action taken.
    C:\RECYCLER\S-1-5-21-606747145-1060284298-842925246-1003\Dc60\Update.exe -> Adware.Softomate : No action taken.
    C:\RECYCLER\S-1-5-21-606747145-1060284298-842925246-1003\Dc60\system.dll -> Adware.Softomate : No action taken.
    C:\RECYCLER\S-1-5-21-606747145-1060284298-842925246-1003\Dc61\Update.exe -> Adware.Softomate : No action taken.
    C:\RECYCLER\S-1-5-21-606747145-1060284298-842925246-1003\Dc61\system.dll -> Adware.Softomate : No action taken.
    C:\RECYCLER\S-1-5-21-606747145-1060284298-842925246-1003\Dc62\Update.exe -> Adware.Softomate : No action taken.
    C:\RECYCLER\S-1-5-21-606747145-1060284298-842925246-1003\Dc62\system.dll -> Adware.Softomate : No action taken.
    C:\RECYCLER\S-1-5-21-606747145-1060284298-842925246-1003\Dc63\Update.exe -> Adware.Softomate : No action taken.
    C:\RECYCLER\S-1-5-21-606747145-1060284298-842925246-1003\Dc63\system.dll -> Adware.Softomate : No action taken.
    C:\RECYCLER\S-1-5-21-606747145-1060284298-842925246-1003\Dc64\Update.exe -> Adware.Softomate : No action taken.
    C:\RECYCLER\S-1-5-21-606747145-1060284298-842925246-1003\Dc64\system.dll -> Adware.Softomate : No action taken.
    C:\RECYCLER\S-1-5-21-606747145-1060284298-842925246-1003\Dc65\Update.exe -> Adware.Softomate : No action taken.
    C:\RECYCLER\S-1-5-21-606747145-1060284298-842925246-1003\Dc65\system.dll -> Adware.Softomate : No action taken.
    C:\RECYCLER\S-1-5-21-606747145-1060284298-842925246-1003\Dc66\Update.exe -> Adware.Softomate : No action taken.
    C:\RECYCLER\S-1-5-21-606747145-1060284298-842925246-1003\Dc66\system.dll -> Adware.Softomate : No action taken.
    C:\RECYCLER\S-1-5-21-606747145-1060284298-842925246-1003\Dc67\Update.exe -> Adware.Softomate : No action taken.
    C:\RECYCLER\S-1-5-21-606747145-1060284298-842925246-1003\Dc67\system.dll -> Adware.Softomate : No action taken.
    C:\RECYCLER\S-1-5-21-606747145-1060284298-842925246-1003\Dc68\Update.exe -> Adware.Softomate : No action taken.
    C:\RECYCLER\S-1-5-21-606747145-1060284298-842925246-1003\Dc68\system.dll -> Adware.Softomate : No action taken.
    C:\RECYCLER\S-1-5-21-606747145-1060284298-842925246-1003\Dc69\Update.exe -> Adware.Softomate : No action taken.
    C:\RECYCLER\S-1-5-21-606747145-1060284298-842925246-1003\Dc69\system.dll -> Adware.Softomate : No action taken.
    C:\RECYCLER\S-1-5-21-606747145-1060284298-842925246-1003\Dc70\Update.exe -> Adware.Softomate : No action taken.
    C:\RECYCLER\S-1-5-21-606747145-1060284298-842925246-1003\Dc70\system.dll -> Adware.Softomate : No action taken.
    C:\RECYCLER\S-1-5-21-606747145-1060284298-842925246-1003\Dc71\Update.exe -> Adware.Softomate : No action taken.
    C:\RECYCLER\S-1-5-21-606747145-1060284298-842925246-1003\Dc71\system.dll -> Adware.Softomate : No action taken.
    C:\RECYCLER\S-1-5-21-606747145-1060284298-842925246-1003\Dc72\Update.exe -> Adware.Softomate : No action taken.
    C:\RECYCLER\S-1-5-21-606747145-1060284298-842925246-1003\Dc72\system.dll -> Adware.Softomate : No action taken.
    C:\RECYCLER\S-1-5-21-606747145-1060284298-842925246-1003\Dc73\Update.exe -> Adware.Softomate : No action taken.
    C:\RECYCLER\S-1-5-21-606747145-1060284298-842925246-1003\Dc73\system.dll -> Adware.Softomate : No action taken.
    C:\RECYCLER\S-1-5-21-606747145-1060284298-842925246-1003\Dc74\Update.exe -> Adware.Softomate : No action taken.
    C:\RECYCLER\S-1-5-21-606747145-1060284298-842925246-1003\Dc74\system.dll -> Adware.Softomate : No action taken.
    C:\RECYCLER\S-1-5-21-606747145-1060284298-842925246-1003\Dc75\Update.exe -> Adware.Softomate : No action taken.
    C:\RECYCLER\S-1-5-21-606747145-1060284298-842925246-1003\Dc75\system.dll -> Adware.Softomate : No action taken.
    C:\RECYCLER\S-1-5-21-606747145-1060284298-842925246-1003\Dc76\Update.exe -> Adware.Softomate : No action taken.
    C:\RECYCLER\S-1-5-21-606747145-1060284298-842925246-1003\Dc76\system.dll -> Adware.Softomate : No action taken.
    C:\RECYCLER\S-1-5-21-606747145-1060284298-842925246-1003\Dc77\Update.exe -> Adware.Softomate : No action taken.
    C:\RECYCLER\S-1-5-21-606747145-1060284298-842925246-1003\Dc77\system.dll -> Adware.Softomate : No action taken.
    C:\RECYCLER\S-1-5-21-606747145-1060284298-842925246-1003\Dc78\Update.exe -> Adware.Softomate : No action taken.
    C:\RECYCLER\S-1-5-21-606747145-1060284298-842925246-1003\Dc78\system.dll -> Adware.Softomate : No action taken.
    C:\RECYCLER\S-1-5-21-606747145-1060284298-842925246-1003\Dc79\Update.exe -> Adware.Softomate : No action taken.
    C:\RECYCLER\S-1-5-21-606747145-1060284298-842925246-1003\Dc79\system.dll -> Adware.Softomate : No action taken.
    C:\RECYCLER\S-1-5-21-606747145-1060284298-842925246-1003\Dc80\Update.exe -> Adware.Softomate : No action taken.
    C:\RECYCLER\S-1-5-21-606747145-1060284298-842925246-1003\Dc80\system.dll -> Adware.Softomate : No action taken.
    C:\RECYCLER\S-1-5-21-606747145-1060284298-842925246-1003\Dc81\Update.exe -> Adware.Softomate : No action taken.
    C:\RECYCLER\S-1-5-21-606747145-1060284298-842925246-1003\Dc81\system.dll -> Adware.Softomate : No action taken.
    C:\RECYCLER\S-1-5-21-606747145-1060284298-842925246-1003\Dc82\Update.exe -> Adware.Softomate : No action taken.
    C:\RECYCLER\S-1-5-21-606747145-1060284298-842925246-1003\Dc82\system.dll -> Adware.Softomate : No action taken.
    C:\RECYCLER\S-1-5-21-606747145-1060284298-842925246-1003\Dc83\Update.exe -> Adware.Softomate : No action taken.
    C:\RECYCLER\S-1-5-21-606747145-1060284298-842925246-1003\Dc83\system.dll -> Adware.Softomate : No action taken.
    C:\RECYCLER\S-1-5-21-606747145-1060284298-842925246-1003\Dc84\Update.exe -> Adware.Softomate : No action taken.
    C:\RECYCLER\S-1-5-21-606747145-1060284298-842925246-1003\Dc84\system.dll -> Adware.Softomate : No action taken.
    C:\RECYCLER\S-1-5-21-606747145-1060284298-842925246-1003\Dc85\Update.exe -> Adware.Softomate : No action taken.
    C:\RECYCLER\S-1-5-21-606747145-1060284298-842925246-1003\Dc85\system.dll -> Adware.Softomate : No action taken.
    C:\RECYCLER\S-1-5-21-606747145-1060284298-842925246-1003\Dc86\Update.exe -> Adware.Softomate : No action taken.
    C:\RECYCLER\S-1-5-21-606747145-1060284298-842925246-1003\Dc86\system.dll -> Adware.Softomate : No action taken.
    C:\RECYCLER\S-1-5-21-606747145-1060284298-842925246-1003\Dc87\Update.exe -> Adware.Softomate : No action taken.
    C:\RECYCLER\S-1-5-21-606747145-1060284298-842925246-1003\Dc87\system.dll -> Adware.Softomate : No action taken.
    C:\RECYCLER\S-1-5-21-606747145-1060284298-842925246-1003\Dc88\Update.exe -> Adware.Softomate : No action taken.
    C:\RECYCLER\S-1-5-21-606747145-1060284298-842925246-1003\Dc88\system.dll -> Adware.Softomate : No action taken.
    C:\RECYCLER\S-1-5-21-606747145-1060284298-842925246-1003\Dc89\Update.exe -> Adware.Softomate : No action taken.
    C:\RECYCLER\S-1-5-21-606747145-1060284298-842925246-1003\Dc89\system.dll -> Adware.Softomate : No action taken.
    C:\RECYCLER\S-1-5-21-606747145-1060284298-842925246-1003\Dc90\Update.exe -> Adware.Softomate : No action taken.
    C:\RECYCLER\S-1-5-21-606747145-1060284298-842925246-1003\Dc90\system.dll -> Adware.Softomate : No action taken.
    C:\RECYCLER\S-1-5-21-606747145-1060284298-842925246-1003\Dc91\Update.exe -> Adware.Softomate : No action taken.
    C:\RECYCLER\S-1-5-21-606747145-1060284298-842925246-1003\Dc91\system.dll -> Adware.Softomate : No action taken.
    C:\RECYCLER\S-1-5-21-606747145-1060284298-842925246-1003\Dc92\Update.exe -> Adware.Softomate : No action taken.
    C:\RECYCLER\S-1-5-21-606747145-1060284298-842925246-1003\Dc92\system.dll -> Adware.Softomate : No action taken.
    C:\RECYCLER\S-1-5-21-606747145-1060284298-842925246-1003\Dc93\Update.exe -> Adware.Softomate : No action taken.
    C:\RECYCLER\S-1-5-21-606747145-1060284298-842925246-1003\Dc93\system.dll -> Adware.Softomate : No action taken.
    C:\RECYCLER\S-1-5-21-606747145-1060284298-842925246-1003\Dc94\Update.exe -> Adware.Softomate : No action taken.
    C:\RECYCLER\S-1-5-21-606747145-1060284298-842925246-1003\Dc94\system.dll -> Adware.Softomate : No action taken.
    C:\RECYCLER\S-1-5-21-606747145-1060284298-842925246-1003\Dc95\Update.exe -> Adware.Softomate : No action taken.
    C:\RECYCLER\S-1-5-21-606747145-1060284298-842925246-1003\Dc95\system.dll -> Adware.Softomate : No action taken.
    C:\RECYCLER\S-1-5-21-606747145-1060284298-842925246-1003\Dc96\Update.exe -> Adware.Softomate : No action taken.
    C:\RECYCLER\S-1-5-21-606747145-1060284298-842925246-1003\Dc96\system.dll -> Adware.Softomate : No action taken.
    C:\RECYCLER\S-1-5-21-606747145-1060284298-842925246-1003\Dc97\Update.exe -> Adware.Softomate : No action taken.
    C:\RECYCLER\S-1-5-21-606747145-1060284298-842925246-1003\Dc97\system.dll -> Adware.Softomate : No action taken.
    C:\RECYCLER\S-1-5-21-606747145-1060284298-842925246-1003\Dc98\Update.exe -> Adware.Softomate : No action taken.
    C:\RECYCLER\S-1-5-21-606747145-1060284298-842925246-1003\Dc98\system.dll -> Adware.Softomate : No action taken.
    C:\RECYCLER\S-1-5-21-606747145-1060284298-842925246-1003\Dc99\Update.exe -> Adware.Softomate : No action taken.
    C:\RECYCLER\S-1-5-21-606747145-1060284298-842925246-1003\Dc99\system.dll -> Adware.Softomate : No action taken.
    C:\System Volume Information\_restore{A5641221-9E7A-4DDE-892D-F9C16BD253DA}\RP40\A0002204.rbf -> Backdoor.Agent.aim : No action taken.
    C:\Documents and Settings\tessa\mcnew.exe -> Downloader.Agent.bca : No action taken.
    C:\RECYCLER\S-1-5-21-606747145-1060284298-842925246-1003\Dc19.exe -> Downloader.Agent.bca : No action taken.
    C:\System Volume Information\_restore{A5641221-9E7A-4DDE-892D-F9C16BD253DA}\RP38\A0002087.exe -> Downloader.Agent.bca : No action taken.
    C:\System Volume Information\_restore{A5641221-9E7A-4DDE-892D-F9C16BD253DA}\RP38\A0002089.exe -> Downloader.Agent.bca : No action taken.
    C:\System Volume Information\_restore{A5641221-9E7A-4DDE-892D-F9C16BD253DA}\RP38\A0002099.exe -> Downloader.Agent.bca : No action taken.
    C:\System Volume Information\_restore{A5641221-9E7A-4DDE-892D-F9C16BD253DA}\RP38\A0002102.exe -> Downloader.Agent.bca : No action taken.
    C:\System Volume Information\_restore{A5641221-9E7A-4DDE-892D-F9C16BD253DA}\RP38\A0002112.exe -> Downloader.Agent.bca : No action taken.
    C:\System Volume Information\_restore{A5641221-9E7A-4DDE-892D-F9C16BD253DA}\RP38\A0002130.exe -> Downloader.Agent.bca : No action taken.
    C:\System Volume Information\_restore{A5641221-9E7A-4DDE-892D-F9C16BD253DA}\RP38\A0002131.exe -> Downloader.Agent.bca : No action taken.
    C:\System Volume Information\_restore{A5641221-9E7A-4DDE-892D-F9C16BD253DA}\RP40\A0002198.exe -> Downloader.Agent.bca : No action taken.
    C:\System Volume Information\_restore{A5641221-9E7A-4DDE-892D-F9C16BD253DA}\RP40\A0002200.exe -> Downloader.Agent.bca : No action taken.
    C:\WINDOWS\system32\mcnew.exe -> Downloader.Agent.bca : No action taken.
    C:\WINDOWS\system32\Sуmantec\regsvr32.exe -> Downloader.PurityScan.dr : No action taken.
    C:\Documents and Settings\tessa\Local Settings\Temp\installer.exe -> Dropper.PurityScan.q : No action taken.
    C:\Program Files\Common Files\Yazzle1122OinAdmin.exe -> Dropper.Small : No action taken.
    C:\HJt\HJT\backups\backup-20061127-190625-286.dll -> Not-A-Virus.Downloader.Win32.InsTool.a : No action taken.
    C:\Documents and Settings\tessa\Cookies\tessa@2o7[2].txt -> TrackingCookie.2o7 : No action taken.
    C:\Documents and Settings\tessa\Cookies\tessa@gettyimages.122.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
    C:\Documents and Settings\tessa\Cookies\tessa@kpn.122.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
    C:\Documents and Settings\tessa\Cookies\tessa@microsoftwlmessengermkt.112.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
    C:\Documents and Settings\tessa\Cookies\tessa@msninvite.112.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
    C:\Documents and Settings\tessa\Cookies\tessa@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
    C:\Documents and Settings\tessa\Cookies\tessa@partygaming.122.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
    C:\Documents and Settings\tessa\Cookies\tessa@adbrite[2].txt -> TrackingCookie.Adbrite : No action taken.
    C:\Documents and Settings\tessa\Cookies\tessa@www.adtrak[1].txt -> TrackingCookie.Adtrak : No action taken.
    C:\Documents and Settings\tessa\Cookies\tessa@atdmt[2].txt -> TrackingCookie.Atdmt : No action taken.
    C:\Documents and Settings\tessa\Cookies\tessa@bluestreak[2].txt -> TrackingCookie.Bluestreak : No action taken.
    C:\Documents and Settings\tessa\Cookies\tessa@com[1].txt -> TrackingCookie.Com : No action taken.
    C:\Documents and Settings\tessa\Cookies\tessa@doubleclick[1].txt -> TrackingCookie.Doubleclick : No action taken.
    C:\Documents and Settings\tessa\Cookies\tessa@as1.falkag[2].txt -> TrackingCookie.Falkag : No action taken.
    C:\Documents and Settings\tessa\Cookies\tessa@hotlog[1].txt -> TrackingCookie.Hotlog : No action taken.
    C:\Documents and Settings\tessa\Cookies\tessa@mediaplex[1].txt -> TrackingCookie.Mediaplex : No action taken.
    C:\Documents and Settings\tessa\Cookies\tessa@ads.planetactive[1].txt -> TrackingCookie.Planetactive : No action taken.
    C:\Documents and Settings\tessa\Cookies\tessa@popuptraffic[2].txt -> TrackingCookie.Popuptraffic : No action taken.
    C:\Documents and Settings\tessa\Cookies\tessa@ads-205.quarterserver[1].txt -> TrackingCookie.Quarterserver : No action taken.
    C:\Documents and Settings\tessa\Cookies\tessa@stats1.reliablestats[2].txt -> TrackingCookie.Reliablestats : No action taken.
    C:\Documents and Settings\tessa\Cookies\tessa@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : No action taken.
    C:\Documents and Settings\tessa\ssetup.exe -> Trojan.Small : No action taken.
    C:\RECYCLER\S-1-5-21-606747145-1060284298-842925246-1003\Dc17.exe -> Trojan.Small : No action taken.
    C:\System Volume Information\_restore{A5641221-9E7A-4DDE-892D-F9C16BD253DA}\RP38\A0002085.exe -> Trojan.Small : No action taken.
    C:\System Volume Information\_restore{A5641221-9E7A-4DDE-892D-F9C16BD253DA}\RP38\A0002088.exe -> Trojan.Small : No action taken.
    C:\System Volume Information\_restore{A5641221-9E7A-4DDE-892D-F9C16BD253DA}\RP38\A0002097.exe -> Trojan.Small : No action taken.
    C:\System Volume Information\_restore{A5641221-9E7A-4DDE-892D-F9C16BD253DA}\RP38\A0002101.exe -> Trojan.Small : No action taken.
    C:\System Volume Information\_restore{A5641221-9E7A-4DDE-892D-F9C16BD253DA}\RP38\A0002116.exe -> Trojan.Small : No action taken.
    C:\System Volume Information\_restore{A5641221-9E7A-4DDE-892D-F9C16BD253DA}\RP40\A0002196.exe -> Trojan.Small : No action taken.
    C:\System Volume Information\_restore{A5641221-9E7A-4DDE-892D-F9C16BD253DA}\RP40\A0002199.exe -> Trojan.Small : No action taken.
    C:\WINDOWS\system32\ssetup.exe -> Trojan.Small : No action taken.
    C:\WINDOWS\system32\wnscpsv.exe -> Trojan.Small : No action taken.


    ::Report end
  • SpywareShooterSpywareShooter 127.0.0.1
    edited November 2006
    Ewido found a lot of stuff, but none of it was removed. Please scan with Ewido again, and at the screen where it shows all of your infections, choose the "Delete" option next to "Set All Elements To:". Once you do that, reboot, scan with Ewido again, and post the new log.
  • being me
    edited November 2006
    here are the results of Ewido. I runned it twice.
    AVG Anti-Spyware - Scan Report

    + Created at: 20:11:27 30-11-2006

    + Scan result:



    C:\System Volume Information\_restore{A5641221-9E7A-4DDE-892D-F9C16BD253DA}\RP41\A0002551.dll -> Not-A-Virus.Downloader.Win32.InsTool.a : Ignored.


    ::Report end
  • being me
    edited December 2006
    SpywareShooter wrote:
    [STEP 1] Fix HijackThis Entries:
    Fix the following entries with HijackThis by placing checkmarks in the boxes next to them and clicking "Fix Checked".

    O4 - HKLM\..\Run: [NI.UWFX5_0001_N57M2911] "C:\Documents and Settings\End User\Local Settings\Temporary Internet Files\Content.IE5\9DY5JL5E\WinFixerScannerInstall[1].exe" -nag
    O4 - HKLM\..\Run: [zango] "c:\program files\zango\zango.exe"
    O4 - HKLM\..\Run: [explorer] C:\Documents and Settings\End User\winstall.exe
    O15 - Trusted Zone: http://*.billingnow.com
    O15 - Trusted Zone: http://*.reliablestats.com
    O16 - DPF: {DECEAAA2-370A-49BB-9362-68C3A58DDC62} (SAIX) - http://static.zangocash.com/cab/Seek... 6aa2ada858e0d

    [STEP 2] Remove Malicious Files:
    Locate the following files using Windows Explorer (the My Computer icon or shortcut) and delete them from your computer.

    C:\Documents and Settings\End User\winstall.exe
    C:\Documents and Settings\End User\Local Settings\Temporary Internet Files\Content.IE5\9DY5JL5E\WinFixerScannerInstall[1].exe

    [STEP 3] Remove Malicious Folders:
    Locate the following folders using Windows Explorer (the My Computer icon or shortcut) and delete them from your computer.

    c:\program files\zango\

    [STEP 4]Report Back to us:
    Once you have followed all of the steps above please reboot your computer and post a new HijackThis log.

    I dont think this is meant for me but for another user nsnsns who has been posting in my topic as well.. why cant everyone make their own topic for their problem?
  • SpywareShooterSpywareShooter 127.0.0.1
    edited December 2006
    Wow sorry about that, I didn't see that he took over your topic. I'm going to split the topics now.

    Can you do the same as I instructed you to do in the last post, for that last thing that Ewido is picking up?
  • being me
    edited December 2006
    Thats ok. Thanks :)

    I did the scan again and deleted everything Ewido found.

    AVG Anti-Spyware - Scan Report

    + Created at: 17:10:17 2-12-2006

    + Scan result:



    Nothing found.



    ::Report end




    I also made a new Hijjackthis file:

    Logfile of HijackThis v1.99.1
    Scan saved at 17:13:12, on 2-12-2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\atievxx.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
    C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\HJt\HJT\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://zlatan.proboards48.com/index.cgi
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
    O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
    O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
    O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
  • SpywareShooterSpywareShooter 127.0.0.1
    edited December 2006
    Your log is now clean!

    As precaution measures for the future, please follow these steps to ensure that your computer stays clean and secure:
    1. Always have AntiVirus software running - Having an AntiVirus is very important and can protect you in the future from all kinds of viruses, spyware and other malicious software.

    2. Keep your AntiVirus program updated - Without having an updated AntiVirus program you will be susceptible to any form of new malware as it is released. If your AntiVirus software has the option of Automatic Updates you should enable it. If not, visit the producer's website at least once a week and download any updates for the product.

    3. Use a Firewall - Using a firewall is essential in the Internet today. Having one at default settings will block intruders from accessing your computer and can block new programs from installing without your consent.

    4. WindowsUpdate - Make sure that you keep your computer updated by visiting [link=http://www.windowsupdate.com]windowsupdate.com[/link] weekly, and downloading any critical updates. Many of these updates are against hackers and malware installations. Without all critical updates you will be susceptible to many of the spyware creator's tricks to get you to install their software. Download and install all critical updates and reboot your computer. Continue this until all critical updates have been installed.

    5. Anti-Spyware Software - Spybot - Search & Destroy and Ad-Aware SE

      Both of these programs are free and reccomended by many anti-spyware professionals. You should download them from the links below, keep them updated, and scan weekly.

      Spybot - Search & Destroy
      Ad-Aware SE Personal Edition 1.06
      *Note: Please read my article here about false positives in Spybot - Search & Destroy.

    6. Secure Internet Explorer - Spyware Shooter is a free program which I developed for the cause of blocking malicious websites from installing spyware onto your computer. Please check for updates weekly and download any new releases to make sure that you are safe against newly-disovered websites.

      Spyware Shooter home page



    How to say "thanks":
    1. Donations are not accepted - At Short-Media we do not accept donations. If you have found this website helpful, you can contribute in the following ways.
    2. Stick Around - Without users like you, Short-Media would not be as successful as it is today. One way you can thank us is to stick around the forums. Even if you are not a computer professional you can learn by reading past topics in the forums, or if you do not feel comfortable helping, there are a few forums for non-computer-related topics.
    3. Refer Friends - If you know anyone who is having problems with their computers, or just needs a place to chill online, they would make a great addition to the Short-Media community.
    4. Fold! - Folding is a safe and easy way to help find a cure for fatal diseases such as Alzheimer's. You can learn more about folding at the topic "[link=http://www.short-media.com/forum/showthread.php?t=3"]Everything About Folding@Home[/link]"
This discussion has been closed.