Jump to content


Photo

Onlinesecurityworld.com Virus/Hijack


  • This topic is locked This topic is locked
9 replies to this topic

#1 maceo1

maceo1

    Member

  • Full Member
  • Pip
  • 5 posts

Posted 30 June 2007 - 03:24 AM

Seems as though I have a self replicating hijacker virus on my system. After running Spysweeper and no adware, it is still there. It has placed three programs on my computer:

1.) Spyware & malware Protection

2.) Error Cleaner

3.) Privacy Protecter

In addition it has taken over my computer wallpaper. I have a huge red clickable icon as my wall paper that I can close, but then it just pops back up again after 30 seconds otr so.

It runs some sort of a script that continuously tries to take my browser to onlinesecurityworld.com as well as onlinestability.com

...heres a cut and paste of the exact redirect "hxxttp://www.onlinestability.com/index.php?sid=0&aid=0&said=0&pid=1"

it makes pop ups come up all over the place like every 30 seconds saying that malicios spyware has been found on my computer. I have a flashing red triangle in my system tray with a little white exclamtion point in it. When I click on it nothing happens.

Here is my system log when I ran Hijack This: (I hope this is the log file u need.)


Logfile of HijackThis v1.99.1
Scan saved at 1:11:51 AM, on 6/30/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\system32\gearsec.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Razer\Copperhead\razerhid.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9FA.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\mgrs.exe
C:\WINDOWS\xar6000v7.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Razer\Copperhead\razertra.exe
C:\Program Files\Razer\Copperhead\razerofa.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Xfire\xfire.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Program Files\Java\jre1.5.0_08\bin\jucheck.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\NoAdware5.0\NoAdware5.exe
C:\WINDOWS\xar6000v7.exe
C:\Documents and Settings\Maceo\Desktop\Adware Hijacker & Registry Cleaner\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: MSVPS System - {49CF52D7-8D58-4E22-A874-AAD721F5B523} - C:\WINDOWS\ddesupport.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [CTStartup] "C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE" /run
O4 - HKLM\..\Run: [Copperhead] "C:\Program Files\Razer\Copperhead\razerhid.exe"
O4 - HKLM\..\Run: [EPSON Stylus Photo R320 Series] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9FA.EXE" /P30 "EPSON Stylus Photo R320 Series" /O6 "USB001" /M "Stylus Photo R320"
O4 - HKLM\..\Run: [PinnacleDriverCheck] "C:\WINDOWS\system32\PSDrvCheck.exe" -CheckReg
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Windows Updater Servc] C:\WINDOWS\system32\xpuupdate.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [smgr] mgrs.exe
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [TaskTray] "C:\Program Files\Creative\SBAudigy\TaskBar\CTLTray.exe"
O4 - HKCU\..\Run: [TaskBar] "C:\Program Files\Creative\SBAudigy\TaskBar\CTLTask.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O21 - SSODL: msole - {D37E0332-5B57-4B24-99FF-98E55649A52C} - C:\WINDOWS\msole.dll
O21 - SSODL: msdde - {F5929033-A3E0-4978-88FF-CCAEDD3502A8} - C:\WINDOWS\msdde.dll
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: GearSecurity - GEAR Software - C:\WINDOWS\system32\gearsec.exe
O23 - Service: Sony SPTI Service for DVE (ICDSPTSV) - Sony Corporation - C:\WINDOWS\system32\IcdSptSv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI\Win32\RpcDataSrv.exe
O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI\RpcSandraSrv.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

Current Malware and Virus Software I am using:

1) Spysweeper w/ Antivirus

2.) Windows Defender

3.) No Adware

4.) Smitfraudfix

5.) Hijack THis

I have read the Positng guidelines and I hope i didnt jump the gun by posting my Hijack this log file: If so I do apologize

Any advise or help to remove this would be appreciated and thanks so much.

Maceo

PS: **UPDATE**

Seems now I am getting pop ups from several sites... Here are a few other URLs...

http://winantispywar...n...amp;p=&ax=1

http://amaena.com/se...p...amp;h=0&j=1

http://privacyprotec..._mtrt_us_en_ed1

These URLs seem malicious and continuously creates annoying pop ups all the time. The three software icons are still on my desktop and whenever I delete them, they simply re-appear once the computer boots up again.

Here are the software programs that were installed on my computer again:

1.) Spyware & malware Protection

2.) Error Cleaner

3.) Privacy Protecter


It seems that the annoying wallpaper has gone away though after running a few more virus scans.

After running some more scans since my last HIJACK THIS LOG, I thought I would post my latest HIJACK THIS Log:

Logfile of HijackThis v1.99.1
Scan saved at 4:00:05 PM, on 7/1/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\system32\gearsec.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Razer\Copperhead\razerhid.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9FA.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\mgrs.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Razer\Copperhead\razertra.exe
C:\Program Files\Xfire\xfire.exe
C:\Program Files\Razer\Copperhead\razerofa.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Java\jre1.5.0_08\bin\jucheck.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Program Files\Teamspeak2_RC2\TeamSpeak.exe
C:\Program Files\-=CASH=- SOF Minimizer\SOF2 Minimizer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Maceo\Desktop\Adware Hijacker & Registry Cleaner\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: MSVPS System - {49CF52D7-8D58-4E22-A874-AAD721F5B523} - C:\WINDOWS\ddesupport.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [CTStartup] "C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE" /run
O4 - HKLM\..\Run: [Copperhead] "C:\Program Files\Razer\Copperhead\razerhid.exe"
O4 - HKLM\..\Run: [EPSON Stylus Photo R320 Series] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9FA.EXE" /P30 "EPSON Stylus Photo R320 Series" /O6 "USB001" /M "Stylus Photo R320"
O4 - HKLM\..\Run: [PinnacleDriverCheck] "C:\WINDOWS\system32\PSDrvCheck.exe" -CheckReg
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Windows Updater Servc] C:\WINDOWS\system32\xpuupdate.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [smgr] mgrs.exe
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKCU\..\Run: [TaskTray] "C:\Program Files\Creative\SBAudigy\TaskBar\CTLTray.exe"
O4 - HKCU\..\Run: [TaskBar] "C:\Program Files\Creative\SBAudigy\TaskBar\CTLTask.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O21 - SSODL: msole - {D37E0332-5B57-4B24-99FF-98E55649A52C} - C:\WINDOWS\msole.dll
O21 - SSODL: msdde - {F5929033-A3E0-4978-88FF-CCAEDD3502A8} - C:\WINDOWS\msdde.dll
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: GearSecurity - GEAR Software - C:\WINDOWS\system32\gearsec.exe
O23 - Service: Sony SPTI Service for DVE (ICDSPTSV) - Sony Corporation - C:\WINDOWS\system32\IcdSptSv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI\Win32\RpcDataSrv.exe
O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI\RpcSandraSrv.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

Any Help would be appreciated as I am still getting annoying pop ups even when the browser is closed.. It openes my browser and tries to connect to all these sites.

Thanks again

Maceo

Edited by nasdaq, 05 July 2007 - 10:37 AM.


#2 maceo1

maceo1

    Member

  • Full Member
  • Pip
  • 5 posts

Posted 04 July 2007 - 01:52 PM

Its been 4 days and I havent heard from anyone yet. Anyone there?

Maceo

#3 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,081 posts

Posted 05 July 2007 - 10:47 AM

Hi,

Print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, the Advanced Options Menu should appear;
  • Select the first option, to run Windows in Safe Mode, then press Enter.
  • Choose your usual account.
  • Open the extracted SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
    (Report.txt will also be copied to Clipboard ready for posting back on the forum).
  • Finally paste the contents of the Report.txt back on the forum with a new HijackThis log
Wait for further Instructions.
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#4 maceo1

maceo1

    Member

  • Full Member
  • Pip
  • 5 posts

Posted 06 July 2007 - 06:54 PM

Hi,

Print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :

  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, the Advanced Options Menu should appear;
  • Select the first option, to run Windows in Safe Mode, then press Enter.
  • Choose your usual account.
  • Open the extracted SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
    (Report.txt will also be copied to Clipboard ready for posting back on the forum).
  • Finally paste the contents of the Report.txt back on the forum with a new HijackThis log
Wait for further Instructions.





Okay:

Here is the SD File Log:

SDFix: Version 1.90

Run by Maceo on Fri 07/06/2007 at 04:42 PM

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services:






Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...


Normal Mode:
Checking Files:

Below files will be copied to Backups folder then removed:

C:\Documents and Settings\Maceo\Desktop\Error Cleaner.url - Deleted
C:\Documents and Settings\Maceo\Favorites\Error Cleaner.url - Deleted
C:\Documents and Settings\Maceo\Desktop\Privacy Protector.url - Deleted
C:\Documents and Settings\Maceo\Favorites\Privacy Protector.url - Deleted
C:\Documents and Settings\Maceo\Desktop\Spyware&Malware Protection.url - Deleted
C:\Documents and Settings\Maceo\Favorites\Spyware&Malware Protection.url - Deleted
C:\WINDOWS\privacy_danger\index.htm - Deleted
C:\WINDOWS\privacy_danger\images\capt.gif - Deleted
C:\WINDOWS\privacy_danger\images\danger.jpg - Deleted
C:\WINDOWS\privacy_danger\images\down.gif - Deleted
C:\WINDOWS\privacy_danger\images\spacer.gif - Deleted
C:\WINDOWS\dat.txt - Deleted
C:\WINDOWS\ddesupport.dll - Deleted
C:\WINDOWS\install245.exe - Deleted
C:\WINDOWS\msdde.dll - Deleted
C:\WINDOWS\msole.dll - Deleted
C:\WINDOWS\rs.txt - Deleted
C:\WINDOWS\xar6000v7.exe - Deleted


Folder C:\WINDOWS\privacy_danger - Removed

Removing Temp Files...

ADS Check:

Checking C:\WINDOWS
C:\WINDOWS
No streams found.

Checking C:\WINDOWS\system32
C:\WINDOWS\system32
No streams found.

Checking C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
No streams found.

Checking C:\WINDOWS\system32\ntoskrnl.exe
C:\WINDOWS\system32\ntoskrnl.exe
No streams found.



Final Check:

Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Soldier of Fortune II - Double Helix\\SoF2MP.exe"="C:\\Program Files\\Soldier of Fortune II - Double Helix\\SoF2MP.exe:*:Disabled:SoF2MP"
"C:\\StubInstaller.exe"="C:\\StubInstaller.exe:*:Enabled:LimeWire swarmed installer"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\Liquid.6\\Program\\RM.exe"="C:\\Program Files\\Liquid.6\\Program\\RM.exe:*:Enabled:Render Manager"
"C:\\Program Files\\Liquid.6\\Program\\Studiou.mod"="C:\\Program Files\\Liquid.6\\Program\\Studiou.mod:*:Enabled:Liquid"
"C:\\Program Files\\GameSpy Arcade\\Aphex.exe"="C:\\Program Files\\GameSpy Arcade\\Aphex.exe:*:Enabled:GameSpy Arcade"
"C:\\Program Files\\Sierra\\FEAR\\fpupdate.exe"="C:\\Program Files\\Sierra\\FEAR\\fpupdate.exe:*:Enabled:fpupdate"
"C:\\Program Files\\Sierra\\FEAR\\FEAR.exe"="C:\\Program Files\\Sierra\\FEAR\\FEAR.exe:*:Enabled:FEAR"
"C:\\Program Files\\Sierra\\FEAR\\FEARMP.exe"="C:\\Program Files\\Sierra\\FEAR\\FEARMP.exe:*:Enabled:FEAR"
"C:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XI\\RpcSandraSrv.exe"="C:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XI\\RpcSandraSrv.exe:*:Enabled:SiSoftware Sandra Agent Service"
"C:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XI\\Win32\\RpcDataSrv.exe"="C:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XI\\Win32\\RpcDataSrv.exe:*:Enabled:SiSoftware Database Agent Service"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Xfire\\xfire.exe"="C:\\Program Files\\Xfire\\xfire.exe:*:Disabled:Xfire"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

Remaining Files:
---------------

Backups Folder: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes:

C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS01AAD141-E0A1-47D9-BDA0-B06BF9735A4B.tmp
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS037465DB-F15F-4EFC-93E5-21B6A68D5C32.tmp
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS12722CE8-E771-4EB1-837A-E31D36E0D9E6.tmp
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS12EA827A-ED50-4A10-822C-D758BA353639.tmp
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS18BD9780-74C2-46E7-9A87-E638A3F6A851.tmp
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS1D05498A-3CD4-4639-B335-B940CA915C1C.tmp
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS1EB75DD2-0932-4188-94E4-BF96D1E3980F.tmp
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS23142C33-E8AC-4298-BF12-F168839EF69A.tmp
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS29FA9AE3-A965-44FA-AD85-B197ACD7F62B.tmp
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS2E55CBBF-42E9-4CCB-8AA5-5F110072DC5C.tmp
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS33470AF7-D089-478D-B238-1B922FE4405E.tmp
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS395E2EFB-9489-4C5D-BFDA-67DDD900C1A6.tmp
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS39DEEED6-8DEE-4360-9E4F-436795A3A82A.tmp
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS3D973D7B-EF16-4595-831C-E68BD018EEC7.tmp
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS3E281C56-2252-4BC4-9B4B-4CED29242BDC.tmp
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS4DB2F707-7813-4B5A-A026-20C2876A6524.tmp
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS5109BA97-1B1F-4123-98F7-AEABCFFC103B.tmp
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS52128483-72DA-4E38-A758-558487DDA035.tmp
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS55FF3EBA-7176-4F32-9E18-218E77B9A636.tmp
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS5AA499FA-3222-470B-B9C5-0AEE5AEE155C.tmp
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS60A44B26-4CF0-43C3-9AFB-F448D8CC76E7.tmp
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS61C9BD21-2940-422C-8A25-D92FF9A075FD.tmp
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS65B27DF7-E968-4866-95BD-5924147E51B4.tmp
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS66C20C13-2E87-4E68-9475-74AA92743D78.tmp
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS6D15114A-FE4D-435F-B634-01A52A6473F9.tmp
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS6DDEA86B-6684-436B-AD14-5561168E34ED.tmp
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS776A5C87-CC9B-46DB-A20D-52BF83E3C6D4.tmp
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS777365DE-3E3B-4F9A-8763-342ACF70DD54.tmp
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS7808BB3B-B253-40E1-A144-EAE4AA587FFA.tmp
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS7894B57E-E802-4C57-808D-D8AB41CD75FE.tmp
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS7A125A58-57DB-4C05-87B4-3FD9D31AFB10.tmp
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS82F069A8-10EC-43B7-BA3C-DD85B3B20DEB.tmp
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS831ED2F1-5C24-4902-9217-F320D20B2601.tmp
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS875EAB55-B6E5-4720-86EC-382949D3D82D.tmp
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS88CBA45D-A4EC-4D75-BC44-3625F187A4F4.tmp
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS88E9B474-5E6F-4282-8A92-15E84E07EBD0.tmp
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS8E0C27C2-53D1-44FC-BF95-3417BC2C75B6.tmp
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS8E8292C9-1B71-4A4D-966E-39470A682890.tmp
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS92921A18-865D-47AC-958A-18E158C8A57E.tmp
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS93296912-7A4B-4F72-98C9-3DAD7EB83774.tmp
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS9794619B-E8C2-4A29-B7D9-0B47C07391BB.tmp
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS990B0605-E696-4835-B9EC-EF22EE3B0750.tmp
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS999935C2-647E-4262-BD14-9D69ACF7A2CD.tmp
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS9A5E7948-78B0-40DF-A547-5F6ECBE4B737.tmp
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS9B0B8211-E57A-47F1-A586-764131F7B461.tmp
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS9D0F81ED-B7A6-492C-8D2F-29A398A4E205.tmp
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSA33A2103-AD77-4A09-A309-5379D3722AB0.tmp
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSA378AABF-01F3-46A4-B134-7548E6A50E6A.tmp
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSA78EF36D-B8A6-4D14-B259-D177057679AE.tmp
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSAAC70669-82DD-4F8F-833B-9DCA2FA4E3D4.tmp
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSAADFFBE7-56A9-4A40-B2AD-274493FF9F3F.tmp
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSAC81B00F-7E87-4D7E-8373-ADFB6D1F7CBD.tmp
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSB1937BBE-B661-4436-AD1C-92A47FBCCB1B.tmp
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSB78764FF-1BEF-476C-BF67-7F5C2498E547.tmp
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSB7A4F74D-5159-4F7A-88CC-9A454098338D.tmp
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSB7B39A61-20BF-4643-8F3B-E4EFF0F76A58.tmp
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSB9B74742-834E-4DEC-BBC3-0956F49724B2.tmp
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSB9D4DDAD-35E6-4E72-B60F-466AB3A499D5.tmp
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSBB70C1F7-BD5F-44CE-88B1-429CA2D9AA7C.tmp
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSBCDAB32F-A008-4FE1-915A-7461C8E019B1.tmp
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSBECFEF81-526D-4305-9C37-FD3B9CCE558B.tmp
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSC4CD242D-0821-45CE-92CD-86B585781F9A.tmp
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSC5AC4BCD-5A33-46F6-A2BB-5AEA7C6CD276.tmp
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSCAC6C443-A797-4C34-A2A2-B48E56621CD9.tmp
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSD30B0963-A3ED-426E-869A-DEF3ABF6F346.tmp
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSD3598B92-AB74-4231-8D52-FD7EB11FF27B.tmp
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSD380A949-0DD3-41C1-A4BC-528513CC23CD.tmp
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSD6DDEEA6-F1F9-4BC0-8F6A-116BDBD924F4.tmp
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSDC2AC1B9-B215-458D-AA46-8890B5AA3FAD.tmp
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSDC6F49DE-9EA5-425D-8A5A-985E74E6A02D.tmp
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSDC9D226A-7A97-47F7-84E7-85958062617C.tmp
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSDE7EA2B1-50E6-460D-BFDD-9AF28F7F37B6.tmp
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSDEB6CB8E-64F1-40D8-B4BD-DBD2425759B8.tmp
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSE07033F6-2F01-4DBE-969E-93470CCF247C.tmp
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSE1F886F6-C78B-4BED-9138-E68F917A4968.tmp
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSE508085B-D678-47F2-AF6D-8DC9086C7FD8.tmp
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSE605A6E9-D2DD-47E6-9A72-4D9E9C55488E.tmp
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSE71F56CE-9711-4B9F-8CAC-A217F643BC97.tmp
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSEBA441E8-FB5E-4626-A437-A97FBE08C66A.tmp
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSEDBED76A-F5F4-4D38-82E9-6BDF7524DA06.tmp
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSEE1EF1C2-DDEA-43BE-A762-68FF5D8CC579.tmp
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSEE638139-6C09-474D-B410-8EC7A28A12BD.tmp
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSF034DECA-6FAA-4D5D-8464-FBFB175537EE.tmp
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSF187A565-D9CB-4E71-B34B-7BC8E84FC305.tmp
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSF36CFC97-110D-4F3E-A609-4B8AB2CB114A.tmp
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSFA061DC0-75DD-4D75-93C4-4401BD638884.tmp
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSFCB6E408-5739-496C-A337-9D51A07DE4C6.tmp
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSFE832F0F-DE56-4EE2-BD84-84966225BD0D.tmp
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSFF63167F-9FD0-4408-AEF3-ADD84A8BCBD6.tmp
C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSCS015E6E95-E5CF-49C4-83D4-FE217FF9E824.tmp
C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSCS03A48337-126A-461D-943A-152EF46E5659.tmp
C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSCS073D54FD-4362-4B1A-940F-E8F9A1B86E0C.tmp
C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSCS078369A9-86C9-4E31-AF8C-33971999D60A.tmp
C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSCS0871EDF6-E929-49C9-AB7F-19EAD0878A7A.tmp
C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSCS0D2D0DD5-4CD2-42F2-82C9-1CF481EAA66D.tmp
C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSCS0E16D580-1E30-4D68-AD9D-DD1393460503.tmp
C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSCS10663020-23C2-4CA0-BD87-E4C357DD26F5.tmp
C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSCS139C0782-4DA4-43D3-B237-70936D9F1B10.tmp
C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSCS162B63BA-B722-476C-B404-7ED8E33D90C2.tmp
C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSCS1AA594CA-641A-4565-9293-98DF1316724E.tmp
C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSCS1D7B37A5-2E59-4B19-96AB-B524AB0543FB.tmp
C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSCS23E09D1D-6867-4835-B63C-CEED1E3020A0.tmp
C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSCS26350776-A5FD-40BB-89C5-B49C60DA6809.tmp
C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSCS28BC072B-6909-452E-817D-6E99076AB5FD.tmp
C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSCS2D88E036-96DE-4C68-B129-3FBB871E10FD.tmp
C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSCS2FF04377-65BB-48F2-8AB0-98C7F17A6C84.tmp
C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSCS390950A6-E3F7-4DC6-9E2C-FD3C2F61B55E.tmp
C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSCS399CBC2E-9D3D-4241-A626-339508D3EDAF.tmp
C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSCS3A50AAF1-BF3E-403F-BE9B-6B6D19EB7CDE.tmp
C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSCS3B0B1590-B327-4BE9-8C75-7A11B7385973.tmp
C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSCS3E4E6200-5E1E-4C00-84C1-1AD7483ADBE9.tmp
C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSCS3EBC0634-A741-4CE7-9FF4-CC51F4DD16D6.tmp
C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSCS3F5CBE75-38EA-4EF5-81E3-A8A1F11904BC.tmp
C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSCS45241C89-5D8A-4527-A2EF-1016DDFA27E1.tmp
C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSCS45478D0A-428E-4E22-8FEE-295153DA60CB.tmp
C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSCS46AC3794-D8A0-46C7-8791-6E84BBEC56B4.tmp
C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSCS474ED38F-3A75-44E5-8E90-966E26C9CA5E.tmp
C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSCS4A056E65-242E-47FF-B5C7-DD5431F50BE3.tmp
C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSCS4AE77B0B-D8E9-4690-922B-536C3ED99D60.tmp
C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSCS4B9BCE8C-A9B1-4B31-BDCF-A46143DDA372.tmp
C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSCS4E62651F-B012-4E5C-8DF6-6A776A5E19FF.tmp
C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSCS5249814F-CD24-4285-899A-7CEB175D51C6.tmp
C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSCS5930FF42-04EC-458A-917B-D7AF7FCD266F.tmp
C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSCS59527494-3B6B-45E2-AEFF-59D58F530452.tmp
C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSCS609A21EA-D745-44CC-87DF-7EA8E7711E38.tmp
C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSCS66A7CECD-3871-4598-8E5A-5435F665B024.tmp
C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSCS69A1451A-4BE9-4988-8C09-50D74DB030F5.tmp
C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSCS69B732EA-476C-47CB-8293-509BA38EF326.tmp
C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSCS6CC75596-39C6-4EDA-B44D-DF57DF9DB2F3.tmp
C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSCS6F658D1F-FB61-475F-B800-852D6E7C34EF.tmp
C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSCS70C183AB-F5BA-4387-AEC8-59581035026D.tmp
C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSCS734504DE-B189-4ED6-93B1-4A53782A188B.tmp
C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSCS7706CBFF-7D96-4BF7-8A15-B05F8168249C.tmp
C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSCS7E2F8901-9B58-4904-A2B4-77F0F8005A67.tmp
C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSCS80B0DF7F-1544-4E37-9C71-395496EE8F14.tmp
C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSCS87A7A757-5143-4369-9348-3EE73AF2F57D.tmp
C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSCS87BADEF1-93E3-4017-A11F-89EEAFFF965E.tmp
C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSCS885565BB-51B5-4135-8F1D-5FDC5CBC6EB6.tmp
C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSCS93F96E13-651A-49C9-A9AA-45A4F84340F2.tmp
C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSCS9527A5C5-62AE-4EE6-939E-ECD045C05D69.tmp
C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSCSA15A5631-51BA-4C97-8E73-EB617FFB6FFD.tmp
C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSCSA83DE1C6-7ABC-4394-9F21-2378561FD165.tmp
C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSCSAF13418C-69B5-4ACF-A86E-F972CBFE7970.tmp
C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSCSB3651BC4-16FA-4949-BD8A-9650ED2A06C9.tmp
C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSCSB5B8D7E8-4F66-42E9-937C-057535C15A86.tmp
C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSCSB6905BE7-D21F-45C7-96EF-8D6AAFEDCB6D.tmp
C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSCSCB8B1D66-FA9E-4728-BF42-CB9E2ED05339.tmp
C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSCSCBE08AC1-6BD9-4D6C-A332-D93D562D3B34.tmp
C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSCSCBE67A40-D7BB-41CA-8EFF-39F7BEC756DF.tmp
C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSCSD59E1B31-23FB-49CA-B527-9A956C5D79A0.tmp
C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSCSE1F8B0FB-BA50-4B21-8D63-FEBDE7CF16D2.tmp
C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSCSE3404A65-B3B3-46EA-A08C-9CB84E2F3456.tmp
C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSCSE34CF5A8-A85E-44EC-820B-98EC880EA31F.tmp
C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSCSF33E4060-AFB7-4D8C-ACC6-26E3810CE52F.tmp
C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSCSF587A10B-2103-429F-A51A-B437D600032C.tmp
C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSCSFA559928-4924-486B-82A6-CAF10F161F3F.tmp
C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSCSFA85CE44-7C03-448F-BA17-99EFF9503472.tmp
C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSCSFB46E6BA-BC5C-44E2-9DF3-38DB5FE25787.tmp

Finished



And here is my new HiJack This Log:

Logfile of HijackThis v1.99.1
Scan saved at 4:51:57 PM, on 7/6/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\system32\gearsec.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Razer\Copperhead\razerhid.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9FA.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Creative\SBAudigy\TaskBar\CTLTray.exe
C:\Program Files\Creative\SBAudigy\TaskBar\CTLTask.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Xfire\xfire.exe
C:\Program Files\Razer\Copperhead\razertra.exe
C:\Program Files\Razer\Copperhead\razerofa.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Documents and Settings\Maceo\Desktop\Adware Hijacker & Registry Cleaner\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [CTStartup] "C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE" /run
O4 - HKLM\..\Run: [Copperhead] "C:\Program Files\Razer\Copperhead\razerhid.exe"
O4 - HKLM\..\Run: [EPSON Stylus Photo R320 Series] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9FA.EXE" /P30 "EPSON Stylus Photo R320 Series" /O6 "USB001" /M "Stylus Photo R320"
O4 - HKLM\..\Run: [PinnacleDriverCheck] "C:\WINDOWS\system32\PSDrvCheck.exe" -CheckReg
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKCU\..\Run: [TaskTray] "C:\Program Files\Creative\SBAudigy\TaskBar\CTLTray.exe"
O4 - HKCU\..\Run: [TaskBar] "C:\Program Files\Creative\SBAudigy\TaskBar\CTLTask.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: GearSecurity - GEAR Software - C:\WINDOWS\system32\gearsec.exe
O23 - Service: Sony SPTI Service for DVE (ICDSPTSV) - Sony Corporation - C:\WINDOWS\system32\IcdSptSv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI\Win32\RpcDataSrv.exe
O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI\RpcSandraSrv.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

Awaiting further instruction...

Thanks

Maceo

#5 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,081 posts

Posted 07 July 2007 - 07:16 AM

Nice Work your log is clean.

Please read this Prevention page with lots of info and tips how to prevent this in the future.
http://users.telenet...prevention.html

I suggest that you Update your Java.

Updating Java
  • Download the latest version of Java Runtime Environment (JRE) 6u2.
  • Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Check the box that says: "Accept License Agreement".
  • The page will refresh.
  • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
    - Examples of older versions in Add or Remove Programs:
    • Java 2 Runtime Environment, SE v1.4.2
    • J2SE Runtime Environment 5.0
    • J2SE Runtime Environment 5.0 Update 6
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u2-windows-i586-p.exe to install the newest version.

nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#6 maceo1

maceo1

    Member

  • Full Member
  • Pip
  • 5 posts

Posted 07 July 2007 - 12:53 PM

It has been a whole day now and no pop ups. System seems to run a lot smoother as well. Some websites I visit such as CNN.COM requires active X controls to run properly. It seems that mine are disabled.

I will follow your instruction for the Active X updates.

Thank You sooo much for ridding me of this problem.

Maceo

#7 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,081 posts

Posted 08 July 2007 - 06:23 AM

I will follow your instruction for the Active X updates.


ActiveX and Java are two different things.

Check your ActiveX settings under the I. E. Menu.

Tools > Internet Options > Security > Custom Level.

Under "ActiveX controls and Plug-ins

Set the following as suggested.

Download signed ActiveX controls
- Prompt

Download UNsigned ActiveX controls
- Disable

Initialize and Script ActiveX control not marked as safe
- Disable

Run ActiveX controls and Plug-ins
- Enable

Script ActiveX controls marked as safe
- Enable
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#8 maceo1

maceo1

    Member

  • Full Member
  • Pip
  • 5 posts

Posted 11 July 2007 - 09:34 PM

done.

Thanks
:D

#9 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,081 posts

Posted 12 July 2007 - 06:38 AM

Glad we could help.

Please read this Prevention page with lots of info and tips how to prevent this in the future.
http://users.telenet...prevention.html

:wave:
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#10 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,081 posts

Posted 24 July 2007 - 08:44 AM

Glad we could help. :)

If you need this topic reopened, please tell the moderating team by replying here with the address of the thread. This applies only to the original topic starter. Everyone else please begin a New Topic.
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button