Author Topic: help with adware.stoppopupadsnow (Read 524 times)

geb · « **on:** May 21, 2006, 07:50:11 AM »

My computer has been infected with adware.stoppopupadsnow. Norton directed me to remove 3 entries in the registry to remove this problem but I am unable to find the entries despite doing a search for them and manually searching for them. Can anyone help with this?

Many thanks

guestolo · « **Reply #1 on:** May 21, 2006, 12:11:18 PM »

From my signature below, download and save too a permanent folder of it's own onto your harddrive
Hijackthis 1.99.1
Open Hijackthis.exe

Do a "SCAN and Save a Log file"
A log will open in Notepad
Copy and paste the WHOLE contents of the log here... Don't try and fix anything yet----It is all important

geb · « **Reply #2 on:** May 21, 2006, 11:23:08 PM »

Logfile of HijackThis v1.99.1
Scan saved at 10:16:20 PM, on 5/21/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
F:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
F:\WINDOWS\Explorer.EXE
F:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
F:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
F:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
F:\WINDOWS\System32\rundll32.exe
F:\WINDOWS\SOUNDMAN.EXE
F:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
F:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
F:\Program Files\Common Files\Symantec Shared\ccApp.exe
F:\WINDOWS\AGRSMMSG.exe
F:\Program Files\QuickTime\qttask.exe
F:\PROGRA~1\ACDSYS~1\DEVDET~1\DEVDET~1.EXE
C:\BITWARE\NT\bwprnmon.exe
F:\WINDOWS\system32\spoolsv.exe
F:\Program Files\Common Files\Real\Update_OB\realsched.exe
F:\WINDOWS\system32\ntvdm.exe
F:\Program Files\Messenger\msmsgs.exe
F:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
F:\Program Files\ewido\security suite\ewidoctrl.exe
F:\Program Files\Norton AntiVirus\navapsvc.exe
F:\Program Files\WinZip\WZQKPICK.EXE
F:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
F:\WINDOWS\System32\nvsvc32.exe
F:\WINDOWS\System32\svchost.exe
F:\Program Files\Belkin Bulldog\upsd.exe
F:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
F:\WINDOWS\System32\wuauclt.exe
F:\Program Files\Outlook Express\msimn.exe
F:\Program Files\Mozilla Firefox\firefox.exe
F:\Documents and Settings\B Gollub\Desktop\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www./
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - F:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Nothing - {f79fd28e-36ee-4989-aa61-9dd8e30a82fa} - F:\WINDOWS\System32\hp2DA3.tmp
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - F:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - F:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - f:\program files\google\googletoolbar1.dll
O3 - Toolbar: SecurityToolbar - {736b5468-bdad-41be-92d0-22ae2ddf7bcb} - F:\Program Files\Security Toolbar\Security Toolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE F:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE F:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Adobe Photo Downloader] "F:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [LogonStudio] "F:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM
O4 - HKLM\..\Run: [SunJavaUpdateSched] F:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [NeroFilterCheck] F:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ccApp] "F:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] "F:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [QuickTime Task] "F:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Camera Detector] F:\PROGRA~1\ACDSYS~1\DEVDET~1\DEVDET~1.EXE -autorun
O4 - HKLM\..\Run: [bwprnmon.exe] C:\BITWARE\NT\bwprnmon.exe
O4 - HKLM\..\Run: [TkBellExe] "F:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [MSMSGS] "F:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [updateMgr] F:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_5
O4 - Startup: palmOne Registration.lnk = F:\Program Files\palmOne\register.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = F:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = F:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = F:\Program Files\palm\Hotsync.exe
O4 - Global Startup: Microsoft Office.lnk = F:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: QuickBooks Update Agent.lnk = F:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: WinZip Quick Pick.lnk = F:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Google Search - res://f:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://f:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://f:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://f:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://f:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://f:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
O23 - Service: Adobe LM Service - Unknown owner - F:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - F:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - F:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - F:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - F:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - F:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - F:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: UPS - UPSlim Service (UPSlim) - Delta - F:\Program Files\Belkin Bulldog\upsd.exe

guestolo · « **Reply #3 on:** May 21, 2006, 11:31:35 PM »

Please Download [color=\"red\"]SmitfraudFix[/color][/url] (by S!Ri)
Extract the contents (a folder named SmitfraudFix) to your Desktop.

Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

[color=\"#3366FF\"]Note[/color] : [color=\"#FF0000\"]process.exe[/color] [color=\"#3366FF\"]is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.[/color]

geb · « **Reply #4 on:** May 22, 2006, 10:50:14 PM »

SmitFraudFix v2.45

Scan done at 21:47:59.99, Mon 05/22/2006
Run from F:\Documents and Settings\B Gollub\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600]

»»»»»»»»»»»»»»»»»»»»»»»» F:\

»»»»»»»»»»»»»»»»»»»»»»»» F:\WINDOWS

»»»»»»»»»»»»»»»»»»»»»»»» F:\WINDOWS\system

»»»»»»»»»»»»»»»»»»»»»»»» F:\WINDOWS\Web

»»»»»»»»»»»»»»»»»»»»»»»» F:\WINDOWS\system32

F:\WINDOWS\system32\appmagr.dll FOUND !
F:\WINDOWS\system32\dcomcfg.exe FOUND !
F:\WINDOWS\system32\hp?

.tmp FOUND !
F:\WINDOWS\system32\ot.ico FOUND !
F:\WINDOWS\system32\regperf.exe FOUND !
F:\WINDOWS\system32\simpole.tlb FOUND !
F:\WINDOWS\system32\stdole3.tlb FOUND !
F:\WINDOWS\system32\ts.ico FOUND !
F:\WINDOWS\system32\1024\ FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» F:\Documents and Settings\B Gollub\Application Data

»»»»»»»»»»»»»»»»»»»»»»»» Start Menu

»»»»»»»»»»»»»»»»»»»»»»»» F:\DOCUME~1\BGOLLU~1\FAVORI~1

F:\DOCUME~1\BGOLLU~1\FAVORI~1\Antivirus Test Online.url FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» Desktop

»»»»»»»»»»»»»»»»»»»»»»»» F:\Program Files

F:\Program Files\Security Toolbar\ FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys

»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{64ba30a2-811a-4597-b0af-d551128be340}"="AppManager"

[HKEY_CLASSES_ROOT\CLSID\{64ba30a2-811a-4597-b0af-d551128be340}\InProcServer32]
@="F:\WINDOWS\System32\appmagr.dll"

[HKEY_CURRENT_USER\Software\Classes\CLSID\{64ba30a2-811a-4597-b0af-d551128be340}\InProcServer32]
@="F:\WINDOWS\System32\appmagr.dll"

»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection

»»»»»»»»»»»»»»»»»»»»»»»» End

guestolo · « **Reply #5 on:** May 22, 2006, 11:55:51 PM »

Can you do the following please

==Download and install Windows CleanUp! 4.5.1
Don't run this yet
NOTE: If you have an older version of Windows CleanUp!, Please uninstall it and use this newer version

Open Ewido
[/list]From the main ewido screen, click on Update in the left menu, then click the Start update button.
After the update finishes (the status bar at the bottom will display "Update successful")
Close out Ewido for now, we'll need it later
If for some reason the auto updater won't work
Please manually update from this link
http://www.ewido.net/en/download/updates/

Please save these instructions to a Notepad file and save it to your Desktop for reference
or Print them out!

RESTART your Computer in SAFE MODE
You can do this by tapping the F8 key as the system is restarting, just before Windows loads
Choose Safe mode from the startup menu
In safe mode

==Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu).
Set the program up as follows:
Click "Options..."
Move the arrow down to "Custom CleanUp!"
Put a check next to the following (Make sure nothing else is checked!):

* Empty Recycle Bins
* Delete Cookies
* Delete Prefetch files
* Cleanup! All Users

Click OK
Press the CleanUp! button to start the program.
When it's done>>Click Close
DECLINE to Log off or Restart the computer

==Open the SmitfraudFix folder again and double-click smitfraudfix.cmd
Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.

You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".

The tool may need to restart your computer to finish the cleaning process. A text file will appear onscreen, with results from the cleaning process
I'll need to see these later, by default they are also saved at C:\rapport.txt

If a reboot was required, reboot back to safe mode
If it wasn't required, remain in safe mode

==Open Ewido Anti-malware
Click on the Scanner button on the left menu
Select Complete System Scan
*If Ewido finds something it will prompt you with "Infected Object found"
Ensure the following are Selected
*1. Perform Action = Remove
*2. Create Encrypted Backup in Quarantine (Recommended)
*3. Perform action with all infections
Then click OK
When Ewido has finished it's scan click the "Save Report" button
Save the report to the desktop or someplace you will remember
Exit Ewido
NOTE: When Ewido is running, don't open any other windows, let it run uninterrupted

Do a "System scan only" with Hijackthis and put a check next to these entries:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www./
O2 - BHO: Nothing - {f79fd28e-36ee-4989-aa61-9dd8e30a82fa} - F:\WINDOWS\System32\hp2DA3.tmp

After you have ticked the above entry, close All other open windows
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis

Reboot back to Normal mode
I need to see a few logs please, even if it takes a couple responses

1. Run a Scan and save logfile with Hijackthis and post a fresh log
2. Post the whole report from Ewidos'
3. Post the contents of the log from Smitfraudfix>>Located here F:\rapport.txt

geb · « **Reply #6 on:** May 24, 2006, 09:49:56 PM »

I encountered two problems:

Ewido found a file-C:\windows\temp\host.cab/host.dll that was embedded in c:\windows\temp\host.cab that couldn't be eliminated unless I eliminated the whole file (the later) which I elected to do.

When I ran hijack this in safe mode I didn't see the entries that you asked me to check

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www./
O2 - BHO: Nothing - {f79fd28e-36ee-4989-aa61-9dd8e30a82fa} - F:\WINDOWS\System32\hp2DA3.tmp

This has been really helpful so far. Other files to follow. When I tried posting it all at once the browser hung up.

Here is the hijack this log file:

Logfile of HijackThis v1.99.1
Scan saved at 10:23:07 AM, on 5/24/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
F:\WINDOWS\Explorer.EXE
F:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
F:\WINDOWS\System32\rundll32.exe
F:\WINDOWS\System32\RUNDLL32.EXE
F:\WINDOWS\SOUNDMAN.EXE
F:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
F:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
F:\Program Files\Common Files\Symantec Shared\ccApp.exe
F:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
F:\WINDOWS\AGRSMMSG.exe
F:\Program Files\QuickTime\qttask.exe
F:\PROGRA~1\ACDSYS~1\DEVDET~1\DEVDET~1.EXE
C:\BITWARE\NT\bwprnmon.exe
F:\Program Files\Common Files\Real\Update_OB\realsched.exe
F:\WINDOWS\system32\ntvdm.exe
F:\Program Files\Messenger\msmsgs.exe
F:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
F:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
F:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
F:\Program Files\WinZip\WZQKPICK.EXE
F:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
F:\Program Files\Mozilla Firefox\firefox.exe
F:\WINDOWS\system32\spoolsv.exe
F:\Program Files\ewido\security suite\ewidoctrl.exe
F:\Program Files\Norton AntiVirus\navapsvc.exe
F:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
F:\WINDOWS\System32\nvsvc32.exe
F:\WINDOWS\System32\svchost.exe
F:\Program Files\Belkin Bulldog\upsd.exe
F:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
F:\WINDOWS\System32\wuauclt.exe
F:\WINDOWS\System32\wuauclt.exe
F:\Documents and Settings\B Gollub\Desktop\hijackthis.exe

O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - F:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - F:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - F:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - f:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE F:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE F:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Adobe Photo Downloader] "F:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [LogonStudio] "F:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM
O4 - HKLM\..\Run: [SunJavaUpdateSched] F:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [NeroFilterCheck] F:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ccApp] "F:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] "F:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [QuickTime Task] "F:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Camera Detector] F:\PROGRA~1\ACDSYS~1\DEVDET~1\DEVDET~1.EXE -autorun
O4 - HKLM\..\Run: [bwprnmon.exe] C:\BITWARE\NT\bwprnmon.exe
O4 - HKLM\..\Run: [TkBellExe] "F:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [MSMSGS] "F:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [updateMgr] F:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_5
O4 - Startup: palmOne Registration.lnk = F:\Program Files\palmOne\register.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = F:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = F:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = F:\Program Files\palm\Hotsync.exe
O4 - Global Startup: Microsoft Office.lnk = F:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: QuickBooks Update Agent.lnk = F:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: WinZip Quick Pick.lnk = F:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Google Search - res://f:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://f:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://f:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://f:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://f:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://f:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
O23 - Service: Adobe LM Service - Unknown owner - F:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - F:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - F:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - F:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - F:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - F:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - F:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: UPS - UPSlim Service (UPSlim) - Delta - F:\Program Files\Belkin Bulldog\upsd.exe

ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on:         10:12:07 AM, 5/24/2006
+ Report-Checksum:      9E8669E

+ Scan result:

   C:\WINDOWS\TEMP\host.cab/host.dll -> Adware.BiSpy : Cleaned with backup
   :mozilla.7:C:\WINDOWS\Application Data\Mozilla\Profiles\bgollub\jhaehmkd.slt\cookies.txt -> TrackingCookie.Link4ads : Cleaned with backup
   :mozilla.44:C:\WINDOWS\Application Data\Mozilla\Profiles\bgollub\jhaehmkd.slt\cookies.txt -> TrackingCookie.Bfast : Cleaned with backup
   :mozilla.52:C:\WINDOWS\Application Data\Mozilla\Profiles\bgollub\jhaehmkd.slt\cookies.txt -> TrackingCookie.Admonitor : Cleaned with backup
   :mozilla.56:C:\WINDOWS\Application Data\Mozilla\Profiles\bgollub\jhaehmkd.slt\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup
   :mozilla.62:C:\WINDOWS\Application Data\Mozilla\Profiles\bgollub\jhaehmkd.slt\cookies.txt -> TrackingCookie.Preferences : Cleaned with backup
   :mozilla.83:C:\WINDOWS\Application Data\Mozilla\Profiles\bgollub\jhaehmkd.slt\cookies.txt -> TrackingCookie.Focalink : Cleaned with backup
   :mozilla.90:C:\WINDOWS\Application Data\Mozilla\Profiles\bgollub\jhaehmkd.slt\cookies.txt -> TrackingCookie.Paycounter : Cleaned with backup
   :mozilla.91:C:\WINDOWS\Application Data\Mozilla\Profiles\bgollub\jhaehmkd.slt\cookies.txt -> TrackingCookie.Sextracker : Cleaned with backup
   :mozilla.102:C:\WINDOWS\Application Data\Mozilla\Profiles\bgollub\jhaehmkd.slt\cookies.txt -> TrackingCookie.Commission-junction : Cleaned with backup
   :mozilla.147:C:\WINDOWS\Application Data\Mozilla\Profiles\bgollub\jhaehmkd.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
   :mozilla.149:C:\WINDOWS\Application Data\Mozilla\Profiles\bgollub\jhaehmkd.slt\cookies.txt -> TrackingCookie.Focalink : Cleaned with backup
   :mozilla.172:C:\WINDOWS\Application Data\Mozilla\Profiles\bgollub\jhaehmkd.slt\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
   :mozilla.179:C:\WINDOWS\Application Data\Mozilla\Profiles\bgollub\jhaehmkd.slt\cookies.txt -> TrackingCookie.Sextracker : Cleaned with backup
   :mozilla.180:C:\WINDOWS\Application Data\Mozilla\Profiles\bgollub\jhaehmkd.slt\cookies.txt -> TrackingCookie.Sextracker : Cleaned with backup
   :mozilla.181:C:\WINDOWS\Application Data\Mozilla\Profiles\bgollub\jhaehmkd.slt\cookies.txt -> TrackingCookie.Sexlist : Cleaned with backup
   :mozilla.182:C:\WINDOWS\Application Data\Mozilla\Profiles\bgollub\jhaehmkd.slt\cookies.txt -> TrackingCookie.Sextracker : Cleaned with backup
   :mozilla.183:C:\WINDOWS\Application Data\Mozilla\Profiles\bgollub\jhaehmkd.slt\cookies.txt -> TrackingCookie.Sextracker : Cleaned with backup
   :mozilla.184:C:\WINDOWS\Application Data\Mozilla\Profiles\bgollub\jhaehmkd.slt\cookies.txt -> TrackingCookie.Sexlist : Cleaned with backup
   :mozilla.185:C:\WINDOWS\Application Data\Mozilla\Profiles\bgollub\jhaehmkd.slt\cookies.txt -> TrackingCookie.Sextracker : Cleaned with backup
   :mozilla.187:C:\WINDOWS\Application Data\Mozilla\Profiles\bgollub\jhaehmkd.slt\cookies.txt -> TrackingCookie.Sextracker : Cleaned with backup
   :mozilla.191:C:\WINDOWS\Application Data\Mozilla\Profiles\bgollub\jhaehmkd.slt\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
   :mozilla.193:C:\WINDOWS\Application Data\Mozilla\Profiles\bgollub\jhaehmkd.slt\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
   :mozilla.194:C:\WINDOWS\Application Data\Mozilla\Profiles\bgollub\jhaehmkd.slt\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
   :mozilla.196:C:\WINDOWS\Application Data\Mozilla\Profiles\bgollub\jhaehmkd.slt\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup
   :mozilla.199:C:\WINDOWS\Application Data\Mozilla\Profiles\bgollub\jhaehmkd.slt\cookies.txt -> TrackingCookie.Preferences : Cleaned with backup
   :mozilla.201:C:\WINDOWS\Application Data\Mozilla\Profiles\bgollub\jhaehmkd.slt\cookies.txt -> TrackingCookie.Admonitor : Cleaned with backup
   :mozilla.208:C:\WINDOWS\Application Data\Mozilla\Profiles\bgollub\jhaehmkd.slt\cookies.txt -> TrackingCookie.Valueclick : Cleaned with backup
   :mozilla.211:C:\WINDOWS\Application Data\Mozilla\Profiles\bgollub\jhaehmkd.slt\cookies.txt -> TrackingCookie.Focalink : Cleaned with backup
   C:\WINDOWS.001\Temporary Internet Files\Content.IE5\5KG7T1K5\wbk30F1.TMP -> Dropper.Zerolin : Cleaned with backup
   C:\WINDOWS.001\Temporary Internet Files\Content.IE5\4DQRSD6F\wbkC374.TMP -> Dropper.Zerolin : Cleaned with backup
   C:\WINDOWS.001\Cookies\bruce gollup@atdmt[1].txt -> TrackingCookie.Atdmt : Cleaned with backup
   C:\WINDOWS.001\Cookies\bruce gollup@trafficmp[1].txt -> TrackingCookie.Trafficmp : Cleaned with backup
   C:\WINDOWS.001\Cookies\bruce gollup@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned with backup
   C:\WINDOWS.001\Cookies\bruce gollup@2o7[2].txt -> TrackingCookie.2o7 : Cleaned with backup
   C:\WINDOWS.001\Cookies\bruce [email protected][1].txt -> TrackingCookie.Porngraph : Cleaned with backup
   C:\WINDOWS.001\Cookies\bruce gollup@bluestreak[1].txt -> TrackingCookie.Bluestreak : Cleaned with backup
   C:\WINDOWS.001\Cookies\bruce [email protected][2].txt -> TrackingCookie.Hitbox : Cleaned with backup
   C:\WINDOWS.001\Cookies\bruce [email protected][2].txt -> TrackingCookie.Hitbox : Cleaned with backup
   C:\WINDOWS.001\Cookies\bruce gollup@advertising[1].txt -> TrackingCookie.Advertising : Cleaned with backup
   C:\WINDOWS.001\Cookies\bruce [email protected][2].txt -> TrackingCookie.Hitslink : Cleaned with backup
   C:\WINDOWS.001\Cookies\bruce gollup@abetterinternet[1].txt -> TrackingCookie.Abetterinternet : Cleaned with backup
   C:\WINDOWS.001\Cookies\bruce [email protected][1].txt -> TrackingCookie.Sextracker : Cleaned with backup
   C:\WINDOWS.001\Cookies\bruce gollup@gator[1].txt -> TrackingCookie.Gator : Cleaned with backup
   C:\WINDOWS.001\Cookies\bruce gollup@hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup
   C:\WINDOWS.001\Cookies\bruce [email protected][1].txt -> TrackingCookie.180solutions : Cleaned with backup
   C:\WINDOWS.001\Cookies\bruce gollup@mediaplex[2].txt -> TrackingCookie.Mediaplex : Cleaned with backup
   C:\WINDOWS.001\Cookies\bruce [email protected][2].txt -> TrackingCookie.Hitbox : Cleaned with backup
   C:\WINDOWS.001\Cookies\bruce [email protected][1].txt -> TrackingCookie.Hitbox : Cleaned with backup
   C:\WINDOWS.001\Cookies\bruce [email protected][1].txt -> TrackingCookie.Clickzs : Cleaned with backup
   C:\WINDOWS.001\Cookies\bruce gollup@xxxcounter[1].txt -> TrackingCookie.Xxxcounter : Cleaned with backup
   C:\WINDOWS.001\Cookies\bruce gollup@sexlist[2].txt -> TrackingCookie.Sexlist : Cleaned with backup
   C:\WINDOWS.001\Cookies\bruce [email protected][1].txt -> TrackingCookie.Sextracker : Cleaned with backup
   C:\WINDOWS.001\Cookies\bruce gollup@sextracker[2].txt -> TrackingCookie.Sextracker : Cleaned with backup
   C:\WINDOWS.001\Cookies\bruce [email protected][2].txt -> TrackingCookie.Hitbox : Cleaned with backup
   C:\WINDOWS.001\Cookies\bruce [email protected][2].txt -> TrackingCookie.Coremetrics : Cleaned with backup
   C:\WINDOWS.001\Cookies\bruce [email protected][1].txt -> TrackingCookie.Advertising : Cleaned with backup
   C:\WINDOWS.001\Cookies\bruce [email protected][1].txt -> TrackingCookie.Hitbox : Cleaned with backup
   C:\WINDOWS.001\Cookies\bruce gollup@fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned with backup
   C:\WINDOWS.001\Cookies\bruce gollup@commission-junction[2].txt -> TrackingCookie.Commission-junction : Cleaned with backup
   C:\WINDOWS.001\Cookies\bruce gollup@qksrv[2].txt -> TrackingCookie.Qksrv : Cleaned with backup
   C:\WINDOWS.001\Cookies\bruce gollup@questionmarket[2].txt -> TrackingCookie.Questionmarket : Cleaned with backup
   C:\WINDOWS.001\Cookies\bruce [email protected][3].txt -> TrackingCookie.Coremetrics : Cleaned with backup
   C:\WINDOWS.001\Cookies\bruce gollup@sextracker[3].txt -> TrackingCookie.Sextracker : Cleaned with backup
   C:\WINDOWS.001\Cookies\bruce [email protected][1].txt -> TrackingCookie.Hitbox : Cleaned with backup
   C:\WINDOWS.001\Cookies\bruce [email protected][3].txt -> TrackingCookie.Clickzs : Cleaned with backup
   C:\WINDOWS.001\Cookies\bruce [email protected][2].txt -> TrackingCookie.Sextracker : Cleaned with backup
   C:\WINDOWS.001\Cookies\bruce [email protected][2].txt -> TrackingCookie.Sextracker : Cleaned with backup
   C:\WINDOWS.001\Cookies\bruce gollup@doubleclick[3].txt -> TrackingCookie.Doubleclick : Cleaned with backup
   C:\WINDOWS.001\Cookies\bruce gollup@valueclick[1].txt -> TrackingCookie.Valueclick : Cleaned with backup
   C:\WINDOWS.001\Cookies\bruce gollup@sexlist[1].txt -> TrackingCookie.Sexlist : Cleaned with backup
   C:\WINDOWS.001\Cookies\bruce gollup@bfast[2].txt -> TrackingCookie.Bfast : Cleaned with backup
   C:\WINDOWS.001\Cookies\bruce gollup@clickagents[1].txt -> TrackingCookie.Clickagents : Cleaned with backup
   C:\WINDOWS.001\Cookies\bruce [email protected][1].txt -> TrackingCookie.Adserver : Cleaned with backup
   C:\WINDOWS.001\Cookies\bruce gollup@sexcounter[1].txt -> TrackingCookie.Sexcounter : Cleaned with backup
   C:\WINDOWS.001\Cookies\bruce gollup@advertising[3].txt -> TrackingCookie.Advertising : Cleaned with backup
   C:\WINDOWS.001\Cookies\bruce gollup@2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
   C:\WINDOWS.001\Cookies\bruce [email protected][1].txt -> TrackingCookie.Sextracker : Cleaned with backup
   C:\WINDOWS.001\Cookies\bruce [email protected][1].txt -> TrackingCookie.Sextracker : Cleaned with backup
   C:\WINDOWS.001\Cookies\bruce gollup@paycounter[2].txt -> TrackingCookie.Paycounter : Cleaned with backup
   C:\WINDOWS.001\Cookies\bruce [email protected][1].txt -> TrackingCookie.Sextracker : Cleaned with backup
   C:\WINDOWS.001\Cookies\bruce [email protected][2].txt -> TrackingCookie.Hitbox : Cleaned with backup
   C:\WINDOWS.001\Cookies\bruce gollup@findwhat[1].txt -> TrackingCookie.Findwhat : Cleaned with backup
   C:\WINDOWS.001\Cookies\bruce gollup@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned with backup
   C:\WINDOWS.001\Cookies\bruce gollup@questionmarket[1].txt -> TrackingCookie.Questionmarket : Cleaned with backup
   C:\WINDOWS.001\Cookies\bruce gollup@atdmt[3].txt -> TrackingCookie.Atdmt : Cleaned with backup
   C:\WINDOWS.001\Cookies\bruce gollup@trafficmp[2].txt -> TrackingCookie.Trafficmp : Cleaned with backup
   C:\WINDOWS.001\Cookies\bruce gollup@centrport[1].txt -> TrackingCookie.Centrport : Cleaned with backup
   C:\WINDOWS.001\Cookies\bruce [email protected][2].txt -> TrackingCookie.Hitslink : Cleaned with backup
   C:\WINDOWS.001\Cookies\bruce [email protected][1].txt -> TrackingCookie.Enliven : Cleaned with backup
   C:\WINDOWS.001\Cookies\bruce [email protected][1].txt -> TrackingCookie.Hitbox : Cleaned with backup
   C:\WINDOWS.001\Cookies\bruce [email protected][1].txt -> TrackingCookie.Hitbox : Cleaned with backup
   C:\WINDOWS.001\Cookies\bruce [email protected][2].txt -> TrackingCookie.Sexcounter : Cleaned with backup
   C:\WINDOWS.001\Cookies\bruce [email protected][2].txt -> TrackingCookie.Sextracker : Cleaned with backup
   C:\WINDOWS.001\Cookies\bruce [email protected][2].txt -> TrackingCookie.Sextracker : Cleaned with backup
   C:\WINDOWS.001\Cookies\bruce [email protected][2].txt -> TrackingCookie.Hitbox : Cleaned with backup
   C:\WINDOWS.001\Cookies\bruce gollup@hitbox[3].txt -> TrackingCookie.Hitbox : Cleaned with backup
   C:\WINDOWS.001\Cookies\bruce gollup@gator[2].txt -> TrackingCookie.Gator : Cleaned with backup
   C:\WINDOWS.001\Cookies\bruce [email protected][2].txt -> TrackingCookie.Advertising : Cleaned with backup
   C:\WINDOWS.001\Cookies\bruce gollup@overture[1].txt -> TrackingCookie.Overture : Cleaned with backup
   :mozilla.130:F:\Documents and Settings\All Users\Documents\Backup\Docs\Bgollub\Application Data\Mozilla\Firefox\Profiles\migtc6nv.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
   :mozilla.131:F:\Documents and Settings\All Users\Documents\Backup\Docs\Bgollub\Application Data\Mozilla\Firefox\Profiles\migtc6nv.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
   :mozilla.132:F:\Documents and Settings\All Users\Documents\Backup\Docs\Bgollub\Application Data\Mozilla\Firefox\Profiles\migtc6nv.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
   :mozilla.69:F:\Documents and Settings\All Users\Documents\Backup\Docs\Bruce\Application Data\Mozilla\Firefox\Profiles\e3u3zna4.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
   :mozilla.70:F:\Documents and Settings\All Users\Documents\Backup\Docs\Bruce\Application Data\Mozilla\Firefox\Profiles\e3u3zna4.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
   :mozilla.71:F:\Documents and Settings\All Users\Documents\Backup\Docs\Bruce\Application Data\Mozilla\Firefox\Profiles\e3u3zna4.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
   :mozilla.72:F:\Documents and Settings\All Users\Documents\Backup\Docs\Bruce\Application Data\Mozilla\Firefox\Profiles\e3u3zna4.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
   :mozilla.73:F:\Documents and Settings\All Users\Documents\Backup\Docs\Bruce\Application Data\Mozilla\Firefox\Profiles\e3u3zna4.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
   :mozilla.16:F:\Documents and Settings\Isis\Application Data\Mozilla\Firefox\Profiles\97xp70vt.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
   F:\Program Files\Common Files\Real\WeatherBug\MiniBugTransporter.dll -> Adware.Minibug : Cleaned with backup

::Report End

SmitFraudFix v2.45

Scan done at 7:03:34.98, Wed 05/24/2006
Run from F:\Documents and Settings\B Gollub\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600]

»»»»»»»»»»»»»»»»»»»»»»»» Killing process

»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

F:\WINDOWS\system32\appmagr.dll Deleted
F:\WINDOWS\system32\dcomcfg.exe Deleted
F:\WINDOWS\system32\hp?

.tmp Deleted
F:\WINDOWS\system32\ot.ico Deleted
F:\WINDOWS\system32\regperf.exe Deleted
F:\WINDOWS\system32\simpole.tlb Deleted
F:\WINDOWS\system32\stdole3.tlb Deleted
F:\WINDOWS\system32\ts.ico Deleted
F:\WINDOWS\system32\1024\ Deleted
F:\DOCUME~1\BGOLLU~1\FAVORI~1\Antivirus Test Online.url Deleted
F:\Program Files\Security Toolbar\ Deleted

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files

»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» End

guestolo · « **Reply #7 on:** May 24, 2006, 09:55:31 PM »

Quote

Ewido found a file-C:\windows\temp\host.cab/host.dll that was embedded in c:\windows\temp\host.cab that couldn't be eliminated unless I eliminated the whole file (the later) which I elected to do.

That was fine that you remove the whole archive when you ran Ewido

Did you run Windows CleanUp! before you ran the scan with Ewido?
Cleanup!, after you first install it, on it's first run will prompt to run in demo mode
I forgot to mention to decline to run in demo mode and run the actual cleanup

Do you have either Ad-Aware SE Personal 1.06 or Spybot 1.4 installed?

geb · « **Reply #8 on:** May 27, 2006, 11:53:13 PM »

I did run cleanup before running Ewido.

I don't recall cleanup running in demo mode.

I do have both adware and spybot on my computer.

I really appreciate your help. This has been really great. Any suggestions about how to prevent this in the future?

guestolo · « **Reply #9 on:** May 28, 2006, 12:06:11 AM »

If everything is running better
We should flush all your restore points to ensure you don't restore any nasties that may be sitting idle

msconfig
Click OK
Click the "Launch System Restore" button
On the Left hand side click on "System Restore Settings"
Put a Check in "Turn off System Restore"
Apply it and OK out of there>>Reboot your computer
[/list]
Back in Windows, Go back and take the check out of "Turn off system restore"
This will reenable the System Restore feature and creates a new restore point

[indent][color=\"#CC0000\"]Protect yourself against Future Attacks[/color][/i][/b][/indent]
*Install SpywareBlaster 3.5.1 by JavaCool

After installation, Check for updates and then click the "Enable all protection"
"Check for updates every couple of weeks"
after every update just simply click the "enable protection on all unprotected items"

*Make sure your Anti-Virus software is always kept up to date and actively running in the background

*Make sure your Firewall is enabled and running
A Firewall is also very important
This provides a line of defense against someone who might try to access your computer without your permission

Update and do scan's with your Anti-Spyware programs on a regular basis
In addition: Open Spybot 1.4
Click the "Immunize" button on the left>>>OK at the prompt>>Immunzine at the top green cross
Immunize after every update
Also, in the Immunize area of Spybot, you should put a check in "Enable permanent blocking of bad addresses in IE"

+I would opt to hold onto CleanUp! and Ewido
Ewido will become a limited free version after a couple of weeks
Still, a great scanner to update and run on a monthly basis

Stay safe

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/smile.gif\' class=\'bbc_emoticon\' alt=\'

\' />

guestolo · « **Reply #10 on:** June 13, 2006, 12:08:42 AM »

Since these issues appear resolved, I'll lock this topic
Take care

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/smile.gif\' class=\'bbc_emoticon\' alt=\'

\' />

TheTechGuide Forum

News:

Author Topic: help with adware.stoppopupadsnow (Read 524 times)

geb

help with adware.stoppopupadsnow

guestolo

help with adware.stoppopupadsnow

geb

help with adware.stoppopupadsnow

guestolo

help with adware.stoppopupadsnow

geb

help with adware.stoppopupadsnow

guestolo

help with adware.stoppopupadsnow

geb

help with adware.stoppopupadsnow

guestolo

help with adware.stoppopupadsnow

geb

help with adware.stoppopupadsnow

guestolo

help with adware.stoppopupadsnow

guestolo

help with adware.stoppopupadsnow