Angelwings609
asked on
Spyware, Virus, Worm ???
Don't know anything about this kind of stuff, just know my comp is acting weird and noticed new files..... Have ran Ad-Aware still didnt help. Anyway, how do I know if there's something on my comp that shouldn't be? Any answers given in dummy form would be greatly appreciated.
ASKER
Also, a new file that is bugging me is:
Name: brdg Class
In Folder: C:\WINDOWS\Downloaded Program Files
(I got this after going to www.cracks.am to get a keygen for Musicmatch Jukebox 8.2)
Name: brdg Class
In Folder: C:\WINDOWS\Downloaded Program Files
(I got this after going to www.cracks.am to get a keygen for Musicmatch Jukebox 8.2)
Hi Angelwings609,
You can start with an online virusscan like:
http://www3.ca.com/virusinfo/virusscan.aspx
Even run this if you allready have a virusscanner on your computer as some virusses disable yours.
Also, use this tool and post the logfile to identify what is running on your computer (don't remove anything, most things are needed to run windows)
http://www.spychecker.com/program/hijackthis.html
Greetings,
LucF
You can start with an online virusscan like:
http://www3.ca.com/virusinfo/virusscan.aspx
Even run this if you allready have a virusscanner on your computer as some virusses disable yours.
Also, use this tool and post the logfile to identify what is running on your computer (don't remove anything, most things are needed to run windows)
http://www.spychecker.com/program/hijackthis.html
Greetings,
LucF
oops, didn't see your log before I posted...
Please use this tool:
http://www.spychecker.com/program/coolwebshredder.html
afterwards, post another log
http://www.spychecker.com/program/coolwebshredder.html
afterwards, post another log
ASKER
lol While I'm at it, what is Java Runtime Environment? It's also in downloaded program files... Do I need it?
ASKER
http://www3.ca.com/threatinfo/virusinfo/scan.aspx
Scan Results: Scan Completed. 29596 files scanned. No viruses found.
Scan Results: Scan Completed. 29596 files scanned. No viruses found.
ASKER
About to do the other thing.....
At least, that's good news. :)
Have you ran CoolWebShredder yet?
Have you ran CoolWebShredder yet?
What do you mean?
ASKER
Done!
Your system was completely clean.
Windows XP (5.01.2600 SP1)
CWShredder v1.53.2
Your system was completely clean.
Windows XP (5.01.2600 SP1)
CWShredder v1.53.2
I find it strange that it sais your computer is clean:
http://securityresponse.symantec.com/avcenter/venc/data/adware.winfavorites.html
http://securityresponse.symantec.com/avcenter/venc/data/adware.winfavorites.html
ASKER
Have done everything you said, did it help?
Get rid of these:
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-
O2 - BHO: (no name) - {71ED4FBA-4024-4bbe-91DC-9
O2 - BHO: (no name) - {9C691A33-7DDA-4C2F-BE4C-C
O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINDOWS\Downloaded Program Files\bridge.dll",Load
O16 - DPF: {9C691A33-7DDA-4C2F-BE4C-C
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-
O2 - BHO: (no name) - {71ED4FBA-4024-4bbe-91DC-9
O2 - BHO: (no name) - {9C691A33-7DDA-4C2F-BE4C-C
O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINDOWS\Downloaded Program Files\bridge.dll",Load
O16 - DPF: {9C691A33-7DDA-4C2F-BE4C-C
Seems like we're cross-typing... :)
I tought CWS would be able to get rid of the bridge bug... seems like it can't.
I tought CWS would be able to get rid of the bridge bug... seems like it can't.
Sorry, I missed one line:
O4 - HKLM\..\Run: [cyvbeqbl] C:\WINDOWS\System32\iegfnu
O4 - HKLM\..\Run: [cyvbeqbl] C:\WINDOWS\System32\iegfnu
ASKER
K, did what you said, 6 in total and here is new log:
Logfile of HijackThis v1.97.3
Scan saved at 7:57:33 AM, on 21/03/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.e
C:\WINDOWS\system32\winlog
C:\WINDOWS\system32\servic
C:\WINDOWS\system32\lsass.
C:\WINDOWS\system32\svchos
C:\WINDOWS\System32\svchos
C:\WINDOWS\system32\spools
C:\WINDOWS\System32\CTsvcC
C:\WINDOWS\System32\MsPMSP
C:\Program Files\McAfee\McAfee VirusScan\VsStat.exe
C:\Program Files\McAfee\McAfee VirusScan\Vshwin32.exe
C:\Program Files\Common Files\Network Associates\McShield\Mcshie
C:\WINDOWS\Explorer.EXE
C:\Program Files\McAfee\McAfee VirusScan\Avconsol.exe
C:\WINDOWS\System32\CTHELP
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdi
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\PestPatrol\PPControl
C:\PROGRA~1\PESTPA~1\PPMem
C:\PROGRA~1\PESTPA~1\Cooki
C:\WINDOWS\System32\iegfnu
C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\PROGRA~1\HEWLET~1\HPSHA
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Scott\My Documents\My Downloads\HijackThis.exe
R1 - HKCU\Software\Microsoft\In
R1 - HKCU\Software\Microsoft\In
R0 - HKCU\Software\Microsoft\In
R0 - HKLM\Software\Microsoft\In
R1 - HKLM\Software\Microsoft\In
R1 - HKLM\Software\Microsoft\In
R1 - HKLM\Software\Microsoft\In
R0 - HKLM\Software\Microsoft\In
R1 - HKCU\Software\Microsoft\In
R0 - HKCU\Software\Microsoft\In
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-7
O2 - BHO: (no name) - {AE7CD045-E861-484f-8273-0
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-0
O3 - Toolbar: (no name) - {71ED4FBA-4024-4bbe-91DC-9
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROG
O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [McAfee Guardian] "C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdi
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [PestPatrol Control Center] C:\Program Files\PestPatrol\PPControl
O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMem
O4 - HKLM\..\Run: [CookiePatrol] C:\PROGRA~1\PESTPA~1\Cooki
O4 - HKCU\..\Run: [McAfee.InstantUpdate.Moni
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2
O9 - Extra button: Research (HKLM)
O16 - DPF: {7B297BFD-85E4-4092-B2AF-1
O17 - HKLM\System\CCS\Services\T
Logfile of HijackThis v1.97.3
Scan saved at 7:57:33 AM, on 21/03/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.e
C:\WINDOWS\system32\winlog
C:\WINDOWS\system32\servic
C:\WINDOWS\system32\lsass.
C:\WINDOWS\system32\svchos
C:\WINDOWS\System32\svchos
C:\WINDOWS\system32\spools
C:\WINDOWS\System32\CTsvcC
C:\WINDOWS\System32\MsPMSP
C:\Program Files\McAfee\McAfee VirusScan\VsStat.exe
C:\Program Files\McAfee\McAfee VirusScan\Vshwin32.exe
C:\Program Files\Common Files\Network Associates\McShield\Mcshie
C:\WINDOWS\Explorer.EXE
C:\Program Files\McAfee\McAfee VirusScan\Avconsol.exe
C:\WINDOWS\System32\CTHELP
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdi
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\PestPatrol\PPControl
C:\PROGRA~1\PESTPA~1\PPMem
C:\PROGRA~1\PESTPA~1\Cooki
C:\WINDOWS\System32\iegfnu
C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\PROGRA~1\HEWLET~1\HPSHA
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Scott\My Documents\My Downloads\HijackThis.exe
R1 - HKCU\Software\Microsoft\In
R1 - HKCU\Software\Microsoft\In
R0 - HKCU\Software\Microsoft\In
R0 - HKLM\Software\Microsoft\In
R1 - HKLM\Software\Microsoft\In
R1 - HKLM\Software\Microsoft\In
R1 - HKLM\Software\Microsoft\In
R0 - HKLM\Software\Microsoft\In
R1 - HKCU\Software\Microsoft\In
R0 - HKCU\Software\Microsoft\In
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-7
O2 - BHO: (no name) - {AE7CD045-E861-484f-8273-0
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-0
O3 - Toolbar: (no name) - {71ED4FBA-4024-4bbe-91DC-9
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROG
O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [McAfee Guardian] "C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdi
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [PestPatrol Control Center] C:\Program Files\PestPatrol\PPControl
O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMem
O4 - HKLM\..\Run: [CookiePatrol] C:\PROGRA~1\PESTPA~1\Cooki
O4 - HKCU\..\Run: [McAfee.InstantUpdate.Moni
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2
O9 - Extra button: Research (HKLM)
O16 - DPF: {7B297BFD-85E4-4092-B2AF-1
O17 - HKLM\System\CCS\Services\T
ASKER
Just curious about the blazefind thing, what is it? It changed to my homepage, I fixed it by changing settings back to my regular one........
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
K, did & all the blaze crap is gone... Think you got rid of all the stuff I wanted gone, lol now just gotta figure out how to award you your points. lol And thank you VERY much for all of your help.
;)Angie
;)Angie
Glad to help Angie.
Take care,
LucF
Take care,
LucF
ASKER
lol Now I have a new prob that doesn't belong in this thread! Off to find right topic to post in.
Thank you again,
;)Angie
Thank you again,
;)Angie
Maybe I can help with that also...
ASKER
Logfile of HijackThis v1.97.3
Scan saved at 7:04:06 AM, on 21/03/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.e
C:\WINDOWS\system32\winlog
C:\WINDOWS\system32\servic
C:\WINDOWS\system32\lsass.
C:\WINDOWS\system32\svchos
C:\WINDOWS\System32\svchos
C:\WINDOWS\system32\spools
C:\WINDOWS\System32\CTsvcC
C:\WINDOWS\System32\MsPMSP
C:\Program Files\McAfee\McAfee VirusScan\VsStat.exe
C:\Program Files\McAfee\McAfee VirusScan\Vshwin32.exe
C:\Program Files\Common Files\Network Associates\McShield\Mcshie
C:\WINDOWS\Explorer.EXE
C:\Program Files\McAfee\McAfee VirusScan\Avconsol.exe
C:\WINDOWS\System32\CTHELP
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdi
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\PestPatrol\PPControl
C:\PROGRA~1\PESTPA~1\PPMem
C:\PROGRA~1\PESTPA~1\Cooki
C:\WINDOWS\System32\iegfnu
C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\PROGRA~1\HEWLET~1\HPSHA
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Scott\My Documents\My Downloads\HijackThis.exe
R1 - HKCU\Software\Microsoft\In
R1 - HKCU\Software\Microsoft\In
R0 - HKCU\Software\Microsoft\In
R0 - HKLM\Software\Microsoft\In
R1 - HKCU\Software\Microsoft\In
R0 - HKCU\Software\Microsoft\In
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-7
O2 - BHO: (no name) - {71ED4FBA-4024-4bbe-91DC-9
O2 - BHO: (no name) - {9C691A33-7DDA-4C2F-BE4C-C
O2 - BHO: (no name) - {AE7CD045-E861-484f-8273-0
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-0
O3 - Toolbar: (no name) - {71ED4FBA-4024-4bbe-91DC-9
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROG
O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [McAfee Guardian] "C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdi
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [PestPatrol Control Center] C:\Program Files\PestPatrol\PPControl
O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMem
O4 - HKLM\..\Run: [CookiePatrol] C:\PROGRA~1\PESTPA~1\Cooki
O4 - HKLM\..\Run: [cyvbeqbl] C:\WINDOWS\System32\iegfnu
O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINDOWS\Downloaded Program Files\bridge.dll",Load
O4 - HKCU\..\Run: [McAfee.InstantUpdate.Moni
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2
O9 - Extra button: Research (HKLM)
O16 - DPF: {9C691A33-7DDA-4C2F-BE4C-C
O17 - HKLM\System\CCS\Services\T