• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
TheHun

Browser hijacked!

18 posts in this topic

My home page keeps getting redirected to a search page and no matter how many times I run Spybot S&D or Nortons 2004 it doesn't seem to fix the problem. Is there anything anyone could tell me that could fix my predicament? The following is the log file from Hijack this. I appreciate very much any and all help that could be extended.

 

Frustrated in Vancouver, Canada.

 

Logfile of HijackThis v1.97.7

Scan saved at 2:07:13 AM, on 6/13/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\System32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\CTsvcCDA.EXE

C:\Program Files\Executive Software\Diskeeper\DkService.exe

C:\PROGRA~1\Symantec\NORTON~1\GHOSTS~2.EXE

C:\PROGRA~1\Iomega\System32\AppServices.exe

C:\Program Files\Norton AntiVirus\navapsvc.exe

C:\WINDOWS\PMJ151LA.BIN

C:\Program Files\Norton AntiVirus\SAVScan.exe

C:\WINDOWS\System32\ScsiAccess.EXE

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

C:\WINDOWS\System32\MsPMSPSv.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\DELLMMKB.EXE

C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\PROGRA~1\Dantz\RETROS~1\ComboButton.exe

C:\Program Files\Microsoft IntelliPoint\point32.exe

C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe

C:\Program Files\InkSaver\InkSaver.exe

C:\WINDOWS\System32\CTHELPER.EXE

C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

C:\WINDOWS\System32\devldr32.exe

C:\Program Files\DigiPortal Software\ChoiceMail\ChoiceMail.exe

C:\Program Files\CyberPower\PowerPanel\PowPanel.exe

C:\Program Files\DigiPortal Software\ChoiceMail\ChoiceMail.exe

C:\Program Files\Netropa\OSD.exe

C:\Program Files\DigiPortal Software\ChoiceMail\IzyMail.exe

C:\Program Files\Common Files\Symantec Shared\NMain.exe

C:\PROGRA~1\NORTON~1\navw32.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Documents and Settings\attila\Desktop\HijackThis.exe

C:\Program Files\Messenger\msmsgs.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://nkvd.us (obfuscated)

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://nkvd.us (obfuscated)

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://nkvd.us (obfuscated)

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://nkvd.us (obfuscated)

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://nkvd.us (obfuscated)

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://nkvd.us (obfuscated)

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://nkvd.us (obfuscated)

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://nkvd.us (obfuscated)

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://nkvd.us (obfuscated)

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://nkvd.us (obfuscated)

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://nkvd.us (obfuscated)

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://nkvd.us (obfuscated)

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://nkvd.us (obfuscated)

R1 - HKCU\Software\Microsoft\Internet Explorer,Search = http://nkvd.us (obfuscated)

R1 - HKLM\Software\Microsoft\Internet Explorer,Search = http://nkvd.us (obfuscated)

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O4 - HKLM\..\Run: [AHQInit] C:\Program Files\Creative\SBLive\Program\AHQInit.exe

O4 - HKLM\..\Run: [DellTouch] C:\WINDOWS\DELLMMKB.EXE

O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [MaxtorCombo] "C:\PROGRA~1\Dantz\RETROS~1\ComboButton.exe"

O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"

O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe

O4 - HKLM\..\Run: [inkSaver] C:\Program Files\InkSaver\InkSaver.exe hide

O4 - HKLM\..\Run: [PCDRealtime] C:\WINDOWS\realtime.exe

O4 - HKLM\..\Run: [updReg] C:\WINDOWS\Updreg.exe

O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE

O4 - HKLM\..\Run: [iomega Automatic Backup 1.0.1] C:\Program Files\Iomega\Iomega Automatic Backup\ibackup.exe

O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"

O4 - HKCU\..\Run: [ChoiceMail] "C:\Program Files\DigiPortal Software\ChoiceMail\ChoiceMail.exe"

O4 - Startup: PowerReg Scheduler V3.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O4 - Global Startup: PowerPanel.lnk = C:\Program Files\CyberPower\PowerPanel\PowPanel.exe

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html

O8 - Extra context menu item: Backward &Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html

O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html

O8 - Extra context menu item: Si&milar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html

O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html

O9 - Extra button: AIM (HKLM)

O9 - Extra button: Messenger (HKLM)

O9 - Extra 'Tools' menuitem: Messenger (HKLM)

O12 - Plugin for .com/q3atomic/: C:\Program Files\Internet Explorer\PLUGINS\npq3plug.dll

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O13 - DefaultPrefix: http://%6E%6B%76%64%2E%75%73/

O13 - WWW Prefix: http://%6E%6B%76%64%2E%75%73/

O13 - Home Prefix: http://%6E%6B%76%64%2E%75%73/

O13 - Mosaic Prefix: http://%6E%6B%76%64%2E%75%73/

O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab

O16 - DPF: {072D3F2E-5FB6-11D3-B461-00C04FA35A21} (CFForm Runtime) - http://www.bulletinboards.com/CFIDE/classes/CFJava.cab

O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://us.creative.com/support/downloads/s...119/CTSUEng.cab

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwa...director/sw.cab

O16 - DPF: {2359626E-7524-4F87-B04E-22CD38A0C88C} (ICSScannerLight Class) - http://download.zonelabs.com/bin/free/cm/ICSCM.cab

O16 - DPF: {27527D31-447B-11D5-A46E-0001023B4289} (CoGSManager Class) - http://gamingzone.ubisoft.com/packages/GSManager.cab

O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://i.a.cnn.net/cnn/resources/cult3d/cult.cab

O16 - DPF: {34805D32-AD89-469E-8503-A5666AEE4333} (RdxIE Class) - http://207.188.7.150/18abd8674d1ecc475101/netzip/RdxIE.cab

O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc.cab

O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200207...meInstaller.exe

O16 - DPF: {4E888414-DB8F-11D1-9CD9-00C04F98436A} (Microsoft.WinRep) - https://webresponse.one.microsoft.com/oas/ActiveX/winrep.cab

O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab

O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab

O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://195.56.108.66/activex/AxisCamControl.cab

O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/...7653.5308564815

O16 - DPF: {A7E092C3-692A-11D0-A7E5-08002B322F3B} (WebResponseAttachments Control) - https://webresponse.one.microsoft.com/oas/A...eX/FileXfer.cab

O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

O16 - DPF: {C9FE2AB2-84D5-4B4A-92A4-94D6D4595DE9} (Check Class) - http://www.edgestream.com/demopage/plugins...ersionCheck.cab

O16 - DPF: {CD17FAAA-17B4-4736-AAEF-436EDC304C8C} (ContentAuditX Control) - http://a840.g.akamai.net/7/840/5805/v1000/...uditControl.cab

O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/ac...ta/SymAData.dll

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab

O16 - DPF: {D702FBF4-EE60-11D0-BD5B-00A0C91F4635} (CFForm Runtime) - http://www.bulletinboards.com/CFIDE/classes/CFJava.cab

O16 - DPF: {DE22A7AB-A739-4C58-AD52-21F9CD6306B7} (CTAdjust Class) - http://www.microsoft.com/typography/clearadj.cab

O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/ac.../ActiveData.cab

O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/aio/eng/check/qdiagh.cab?312

O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://us.creative.com/support/downloads/s...12119/CTPID.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{7BFE24E3-F6C5-4444-B61E-E3C8118FDDAE}: NameServer = 24.69.255.195,24.69.255.212

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = creo.com

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = creo.com

Share this post


Link to post
Share on other sites

You Have A Variant of the CoolWebSearch Trojan.

 

Please Download CWShredder from HERE and run the Program in safe mode . Press the "Fix Button" Let it fix all variants. Next, Close the program and all windows and IE windows and run hijackthis and Post a Fresh log.

 

Reboot to SAFE mode to run swshredder

 

How to start computer in safe mode

 

Then

Ad-Aware

 

Download the latest version of Ad-Aware at ADAWARE

 

 

 

How to setup Ad-Aware and Spy-Bot S&D

http://www.zerosrealm.com/scanning.php

 

And after that, please do the following:

 

reboot computer and post a new log

Edited by billiebob

Share this post


Link to post
Share on other sites

Important: Create a folder on the C: drive called C:\HJT.

You can do this by going to My Computer (Windows key+e) then double click on C: then right click and select New then Folder and name it HJT.

Unzip HijackThis into this folder. When you run HijackThis from this folder and have it "Fixed checked" it will create a backup file of modifications to use if restore is necessary.

Share this post


Link to post
Share on other sites
Frustrated in Vancouver, Canada.

I Am ,also Frustrated but on the East coast .NS :)

Edited by billiebob

Share this post


Link to post
Share on other sites

Mr. billiebob!!!

 

Your suggestions seem to have fixed my problem! Whooo hoooo!! I am so happy this worked. Thank you very very much. Here is my most recent scan log. What do you make of it? And why may I ask were you frustrated?

 

Logfile of HijackThis v1.97.7

Scan saved at 12:58:43 PM, on 6/13/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\System32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\CTsvcCDA.EXE

C:\Program Files\Executive Software\Diskeeper\DkService.exe

C:\PROGRA~1\Symantec\NORTON~1\GHOSTS~2.EXE

C:\PROGRA~1\Iomega\System32\AppServices.exe

C:\Program Files\Norton AntiVirus\navapsvc.exe

C:\WINDOWS\PMJ151LA.BIN

C:\Program Files\Norton AntiVirus\SAVScan.exe

C:\WINDOWS\System32\ScsiAccess.EXE

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

C:\WINDOWS\System32\MsPMSPSv.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\DELLMMKB.EXE

C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\WINDOWS\System32\devldr32.exe

C:\PROGRA~1\Dantz\RETROS~1\ComboButton.exe

C:\Program Files\Microsoft IntelliPoint\point32.exe

C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe

C:\Program Files\InkSaver\InkSaver.exe

C:\WINDOWS\System32\CTHELPER.EXE

C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

C:\Program Files\DigiPortal Software\ChoiceMail\ChoiceMail.exe

C:\Program Files\DigiPortal Software\ChoiceMail\ChoiceMail.exe

C:\Program Files\CyberPower\PowerPanel\PowPanel.exe

C:\Program Files\Netropa\OSD.exe

C:\Program Files\DigiPortal Software\ChoiceMail\IzyMail.exe

C:\WINDOWS\System32\msiexec.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Messenger\msmsgs.exe

C:\HJT\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.shaw.ca/start/enca/

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O4 - HKLM\..\Run: [AHQInit] C:\Program Files\Creative\SBLive\Program\AHQInit.exe

O4 - HKLM\..\Run: [DellTouch] C:\WINDOWS\DELLMMKB.EXE

O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [MaxtorCombo] "C:\PROGRA~1\Dantz\RETROS~1\ComboButton.exe"

O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"

O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe

O4 - HKLM\..\Run: [inkSaver] C:\Program Files\InkSaver\InkSaver.exe hide

O4 - HKLM\..\Run: [PCDRealtime] C:\WINDOWS\realtime.exe

O4 - HKLM\..\Run: [updReg] C:\WINDOWS\Updreg.exe

O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE

O4 - HKLM\..\Run: [iomega Automatic Backup 1.0.1] C:\Program Files\Iomega\Iomega Automatic Backup\ibackup.exe

O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe

O4 - HKCU\..\Run: [ChoiceMail] "C:\Program Files\DigiPortal Software\ChoiceMail\ChoiceMail.exe"

O4 - Startup: PowerReg Scheduler V3.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O4 - Global Startup: PowerPanel.lnk = C:\Program Files\CyberPower\PowerPanel\PowPanel.exe

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html

O8 - Extra context menu item: Backward &Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html

O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html

O8 - Extra context menu item: Si&milar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html

O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html

O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)

O9 - Extra button: AIM (HKLM)

O9 - Extra button: Messenger (HKLM)

O9 - Extra 'Tools' menuitem: Messenger (HKLM)

O12 - Plugin for .com/q3atomic/: C:\Program Files\Internet Explorer\PLUGINS\npq3plug.dll

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab

O16 - DPF: {072D3F2E-5FB6-11D3-B461-00C04FA35A21} (CFForm Runtime) - http://www.bulletinboards.com/CFIDE/classes/CFJava.cab

O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://us.creative.com/support/downloads/s...119/CTSUEng.cab

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwa...director/sw.cab

O16 - DPF: {2359626E-7524-4F87-B04E-22CD38A0C88C} (ICSScannerLight Class) - http://download.zonelabs.com/bin/free/cm/ICSCM.cab

O16 - DPF: {27527D31-447B-11D5-A46E-0001023B4289} (CoGSManager Class) - http://gamingzone.ubisoft.com/packages/GSManager.cab

O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://i.a.cnn.net/cnn/resources/cult3d/cult.cab

O16 - DPF: {34805D32-AD89-469E-8503-A5666AEE4333} (RdxIE Class) - http://207.188.7.150/18abd8674d1ecc475101/netzip/RdxIE.cab

O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc.cab

O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200207...meInstaller.exe

O16 - DPF: {4E888414-DB8F-11D1-9CD9-00C04F98436A} (Microsoft.WinRep) - https://webresponse.one.microsoft.com/oas/ActiveX/winrep.cab

O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab

O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab

O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://195.56.108.66/activex/AxisCamControl.cab

O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/...7653.5308564815

O16 - DPF: {A7E092C3-692A-11D0-A7E5-08002B322F3B} (WebResponseAttachments Control) - https://webresponse.one.microsoft.com/oas/A...eX/FileXfer.cab

O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

O16 - DPF: {C9FE2AB2-84D5-4B4A-92A4-94D6D4595DE9} (Check Class) - http://www.edgestream.com/demopage/plugins...ersionCheck.cab

O16 - DPF: {CD17FAAA-17B4-4736-AAEF-436EDC304C8C} (ContentAuditX Control) - http://a840.g.akamai.net/7/840/5805/v1000/...uditControl.cab

O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/ac...ta/SymAData.dll

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab

O16 - DPF: {D702FBF4-EE60-11D0-BD5B-00A0C91F4635} (CFForm Runtime) - http://www.bulletinboards.com/CFIDE/classes/CFJava.cab

O16 - DPF: {DE22A7AB-A739-4C58-AD52-21F9CD6306B7} (CTAdjust Class) - http://www.microsoft.com/typography/clearadj.cab

O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/ac.../ActiveData.cab

O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/aio/eng/check/qdiagh.cab?312

O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://us.creative.com/support/downloads/s...12119/CTPID.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{7BFE24E3-F6C5-4444-B61E-E3C8118FDDAE}: NameServer = 24.69.255.195,24.69.255.212

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = creo.com

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = creo.com

Share this post


Link to post
Share on other sites
billiebob! Thank you so much for replying! A fellow Canadian to boot!! :D

 

I am in the process of trying your suggestions but your link: http://www.zerosrealm.com/scanning.php does not work. Can you tell me what the correct link would be for the info on how to setup HJT. Thanks.

My Frustration !!Things are allways changing ,I just get use to something ,and Bang It's gone or Something new replaces it!:)

Here are the instructions to setup Ad-Aware .

 

In settings under 'scanning,' have it set to

'scan within archives,'

'scan active processes,'

'scan registry,'

'deepscan registry'

'scan my IE Favourites for banned URL's,'

'scan my host's file.'

In 'tweaks' under 'scanning engine' set it to 'unload recognised processes during scanning.'

Also in 'tweaks' under 'cleaning engine' set it to 'Automatically try to unregister objects prior to deletion' & 'let Windows remove files in use at next reboot.'

Select 'activate in-depth scan' before starting scan.

When the scan is finished select 'next.'

Remove what it finds by placing a check in the box to the left of the object. Reboot

Share this post


Link to post
Share on other sites

Have Hijack This fix the following by placing a check in the appropriate boxes and selecting fix checked. Make sure all browser and all Windows Explorer windows are closed before fixing.

 

O4 - Startup: PowerReg Scheduler V3.exe

 

This one is rescource hog, and suggested fix ,not needed in startup .

 

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

 

Unless you set these with Spy-Bot ,fix them ,

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

 

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

 

 

O16 - DPF: {34805D32-AD89-469E-8503-A5666AEE4333} (RdxIE Class) - http://207.188.7.150/18abd8674d1ecc475101/netzip/RdxIE.cab

 

If this is you IP address and you know this creo.com ,leave ,otherwise fix them

O17 - HKLM\System\CCS\Services\Tcpip\..\{7BFE24E3-F6C5-4444-B61E-E3C8118FDDAE}: NameServer = 24.69.255.195,24.69.255.212

 

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = creo.com

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = creo.com

 

 

reboot computer and post a new log

Edited by billiebob

Share this post


Link to post
Share on other sites

Also check in my signature ,How I got infected in the first place .

Share this post


Link to post
Share on other sites

+++Thanks for the suggestions! See below for my comments.

 

Have Hijack This fix the following by placing a check in the appropriate boxes and selecting fix checked. Make sure all browser and all Windows Explorer windows are closed before fixing.

 

O4 - Startup: PowerReg Scheduler V3.exe

+++What do you think this is exactly? I'm worried about removing it if it might be used by the system....

 

This one is rescource hog, and suggested fix ,not needed in startup .

 

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

+++I removed this one.

 

Unless you set these with Spy-Bot ,fix them ,

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

 

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

 

+++I set these options with spybot so I guess I shouldn't remove them.

 

 

O16 - DPF: {34805D32-AD89-469E-8503-A5666AEE4333} (RdxIE Class) - http://207.188.7.150/18abd8674d1ecc475101/netzip/RdxIE.cab

+++Removed

 

If this is you IP address and you know this creo.com ,leave ,otherwise fix them

O17 - HKLM\System\CCS\Services\Tcpip\..\{7BFE24E3-F6C5-4444-B61E-E3C8118FDDAE}: NameServer = 24.69.255.195,24.69.255.212

 

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = creo.com

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = creo.com

+++This is probably for my remote access to my work email. I work at a company called Creo. I have it set up on my computer.

 

 

reboot computer and post a new log

 

 

Here is the new log:

 

 

 

Logfile of HijackThis v1.97.7

Scan saved at 7:50:51 PM, on 6/13/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\System32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\CTsvcCDA.EXE

C:\Program Files\Executive Software\Diskeeper\DkService.exe

C:\PROGRA~1\Symantec\NORTON~1\GHOSTS~2.EXE

C:\PROGRA~1\Iomega\System32\AppServices.exe

C:\Program Files\Norton AntiVirus\navapsvc.exe

C:\WINDOWS\PMJ151LA.BIN

C:\Program Files\Norton AntiVirus\SAVScan.exe

C:\WINDOWS\System32\ScsiAccess.EXE

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

C:\WINDOWS\System32\MsPMSPSv.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\DELLMMKB.EXE

C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\PROGRA~1\Dantz\RETROS~1\ComboButton.exe

C:\Program Files\Microsoft IntelliPoint\point32.exe

C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe

C:\Program Files\InkSaver\InkSaver.exe

C:\WINDOWS\System32\CTHELPER.EXE

C:\WINDOWS\System32\devldr32.exe

C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe

C:\Program Files\DigiPortal Software\ChoiceMail\ChoiceMail.exe

C:\Program Files\DigiPortal Software\ChoiceMail\ChoiceMail.exe

C:\Program Files\Netropa\OSD.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\DigiPortal Software\ChoiceMail\IzyMail.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\HJT\HijackThis.exe

C:\WINDOWS\system32\NOTEPAD.EXE

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.shaw.ca/start/enca/

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O4 - HKLM\..\Run: [AHQInit] C:\Program Files\Creative\SBLive\Program\AHQInit.exe

O4 - HKLM\..\Run: [DellTouch] C:\WINDOWS\DELLMMKB.EXE

O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [MaxtorCombo] "C:\PROGRA~1\Dantz\RETROS~1\ComboButton.exe"

O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"

O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe

O4 - HKLM\..\Run: [inkSaver] C:\Program Files\InkSaver\InkSaver.exe hide

O4 - HKLM\..\Run: [PCDRealtime] C:\WINDOWS\realtime.exe

O4 - HKLM\..\Run: [updReg] C:\WINDOWS\Updreg.exe

O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE

O4 - HKLM\..\Run: [iomega Automatic Backup 1.0.1] C:\Program Files\Iomega\Iomega Automatic Backup\ibackup.exe

O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe

O4 - HKCU\..\Run: [ChoiceMail] "C:\Program Files\DigiPortal Software\ChoiceMail\ChoiceMail.exe"

O4 - Startup: PowerReg Scheduler V3.exe

O4 - Global Startup: PowerPanel.lnk = C:\Program Files\CyberPower\PowerPanel\PowPanel.exe

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html

O8 - Extra context menu item: Backward &Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html

O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html

O8 - Extra context menu item: Si&milar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html

O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html

O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)

O9 - Extra button: AIM (HKLM)

O9 - Extra button: Messenger (HKLM)

O9 - Extra 'Tools' menuitem: Messenger (HKLM)

O12 - Plugin for .com/q3atomic/: C:\Program Files\Internet Explorer\PLUGINS\npq3plug.dll

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab

O16 - DPF: {072D3F2E-5FB6-11D3-B461-00C04FA35A21} (CFForm Runtime) - http://www.bulletinboards.com/CFIDE/classes/CFJava.cab

O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://us.creative.com/support/downloads/s...119/CTSUEng.cab

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwa...director/sw.cab

O16 - DPF: {2359626E-7524-4F87-B04E-22CD38A0C88C} (ICSScannerLight Class) - http://download.zonelabs.com/bin/free/cm/ICSCM.cab

O16 - DPF: {27527D31-447B-11D5-A46E-0001023B4289} (CoGSManager Class) - http://gamingzone.ubisoft.com/packages/GSManager.cab

O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://i.a.cnn.net/cnn/resources/cult3d/cult.cab

O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc.cab

O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200207...meInstaller.exe

O16 - DPF: {4E888414-DB8F-11D1-9CD9-00C04F98436A} (Microsoft.WinRep) - https://webresponse.one.microsoft.com/oas/ActiveX/winrep.cab

O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab

O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab

O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://195.56.108.66/activex/AxisCamControl.cab

O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/...7653.5308564815

O16 - DPF: {A7E092C3-692A-11D0-A7E5-08002B322F3B} (WebResponseAttachments Control) - https://webresponse.one.microsoft.com/oas/A...eX/FileXfer.cab

O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

O16 - DPF: {C9FE2AB2-84D5-4B4A-92A4-94D6D4595DE9} (Check Class) - http://www.edgestream.com/demopage/plugins...ersionCheck.cab

O16 - DPF: {CD17FAAA-17B4-4736-AAEF-436EDC304C8C} (ContentAuditX Control) - http://a840.g.akamai.net/7/840/5805/v1000/...uditControl.cab

O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/ac...ta/SymAData.dll

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab

O16 - DPF: {D702FBF4-EE60-11D0-BD5B-00A0C91F4635} (CFForm Runtime) - http://www.bulletinboards.com/CFIDE/classes/CFJava.cab

O16 - DPF: {DE22A7AB-A739-4C58-AD52-21F9CD6306B7} (CTAdjust Class) - http://www.microsoft.com/typography/clearadj.cab

O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/ac.../ActiveData.cab

O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/aio/eng/check/qdiagh.cab?312

O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://us.creative.com/support/downloads/s...12119/CTPID.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{7BFE24E3-F6C5-4444-B61E-E3C8118FDDAE}: NameServer = 24.69.255.195,24.69.255.212

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = creo.com

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = creo.com

 

Let me know what you think.

Share this post


Link to post
Share on other sites
billiebob!  Thank you so much for replying!  A fellow Canadian to boot!! :D

 

I am in the process of trying your suggestions but your link: http://www.zerosrealm.com/scanning.php  does not work.  Can you tell me what the correct link would be for the info on how to setup HJT.  Thanks.

My Frustration !!Things are allways changing ,I just get use to something ,and Bang It's gone or Something new replaces it!:)

Here are the instructions to setup Ad-Aware .

 

In settings under 'scanning,' have it set to

'scan within archives,'

'scan active processes,'

'scan registry,'

'deepscan registry'

'scan my IE Favourites for banned URL's,'

'scan my host's file.'

In 'tweaks' under 'scanning engine' set it to 'unload recognised processes during scanning.'

Also in 'tweaks' under 'cleaning engine' set it to 'Automatically try to unregister objects prior to deletion' & 'let Windows remove files in use at next reboot.'

Select 'activate in-depth scan' before starting scan.

When the scan is finished select 'next.'

Remove what it finds by placing a check in the box to the left of the object. Reboot

I don't use ad-aware. I used Spybot S&D.

 

Also I wanted to let you know I checked out the link in your signature about "how you got infected" and found it very usefull. I downloaded some of the recommended tools.

Share this post


Link to post
Share on other sites

Ad-aware and spybot are best used in tandem ,as one finds stuff the other doesn't .

Share this post


Link to post
Share on other sites
Ad-aware and spybot are best used in tandem ,as one finds stuff the other doesn't .

But the Spybot S&D website said that Ad-aware can conflict with it...

 

Thats basically why I didn't install both.

Share this post


Link to post
Share on other sites

Yeah ,I think what they are refering to is that if you run adawre to fix ,and then run spybot to fix ,spybot will find what Adawre has in quarantine.

I use both all the time on my system .no problems .

Edited by billiebob

Share this post


Link to post
Share on other sites

Hi ,actuall this one i missed needs fixing .

 

O4 - HKLM\..\Run: [PCDRealtime] C:\WINDOWS\realtime.exe

reboot and delete realtime.exe

Share this post


Link to post
Share on other sites
Sign in to follow this  
Followers 0