SDfix is a tool for a specific strain of infections and totally save to use.

We wouldn't have members use it otherwise.

Dear forum hosts/experts,

In the first place I want to apologize for my stubborness and lack of confidence in your expertise!
I am truly sorry for it and for any friction I might have caused!

Having said that, I (finally) downloaded Ewido 3.5 (by mistake!), SDfix.zip and eventually Ewido 4.0.
I ran Ewido 3.5 in "Safe Mode" and, without rebooting the system, I ran SDfix.

As you can see from the reports, I ran Ewido 4.0 some hours later in "Safe Mode".

I also ran HiJackThis again, log is also included.

I do want to say: "Thank you all for helping me and for making a believer out of me!"

Thanx!


This is the first log from EWIDO 3.5
-----------------------------------------------------------------------------------------------------------------------------------
ewido anti-malware - Scan rapport
---------------------------------------------------------
+ Gemaakt op: 2:14:06, 19-9-2006
+ Rapport samenvatting: 4A951626
+ Scan resultaten:
C:\Documents and Settings\Irmax\Cookies\irmax@www.burstnet[2].txt -> TrackingCookie.Burstnet : Schoongemaakt met een backup
C:\WINDOWS\explorer..exe -> Trojan.Pakes : Schoongemaakt met een backup
C:\WINDOWS\repair.exe -> Trojan.Pakes : Schoongemaakt met een backup
C:\WINDOWS\system32\entry.dll -> Trojan.Agent.qg : Schoongemaakt met een backup
C:\WINDOWS\system32\mswinup.exe -> Worm.Drefir.c : Schoongemaakt met een backup
C:\WINDOWS\system32\winsvcup.exe -> Worm.Drefir.c : Schoongemaakt met een backup
C:\WINDOWS\system32\winupsvc.exe -> Worm.Drefir.c : Schoongemaakt met een backup

::Einde rapport
-----------------------------------------------------------------------------------------------------------------------------------


This is the second log from EWIDO 4.0
---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------
+ Created at: 12:06:03 19-9-2006
+ Scan result:

D:\Install\98 SE\Twin\CSPassword +\v6.0\cspassword.zip/setup.exe -> Dropper.Agent.vm : Cleaned with backup (quarantined).
C:\Documents and Settings\Irmax\Cookies\irmax@ad1.clickhype[2].txt -> TrackingCookie.Clickhype : Cleaned with backup (quarantined).
C:\Documents and Settings\Irmax\Cookies\irmax@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).

::Report end
-----------------------------------------------------------------------------------------------------------------------------------


This is the log from SDfix
----------------------------------
Stage Two...

Registry Cleaning Finished...

Checking For Malware Files:
----------------------------------

C:\WINDOWS\Setup.exe
C:\WINDOWS\system32\atiphexx.exe

Backing Up and Removing any Files Found...

Final Check:

Remaining Services:
------------------------

Remaining Files:
-------------------


*If Malware was detected, the files are stored in the SDFix\Backup Folder !
*FINISHED*
-----------------------------------------------------------------------------------------------------------------------------------


This is the second log from HiJackThis 1.99.1
Logfile of HijackThis v1.99.1
Scan saved at 18:24:47, on 19-9-2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Tweb\+ Spyware +\Ewido Anti-spyware 4.0\guard.exe
C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe
C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe
C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\Tweb\ZAP\zlclient.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Twin\RAM Def XT\ramdef.exe
C:\Tweb\_SPYWA~1\Ad-Aware\Ad-Watch.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0H 2.EXE
C:\Program Files\InstantTimeZone\InstantTimeZone.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Twin\H-menu\H_menu.exe
C:\Tweb\+ Mailware +\PopTray\PopTray.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Twin\Turbo Navigator\tn.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Tweb\+ Spyware +\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file:///C:/WINDOWS/Homepage/Irmax%20...iew/index.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Irmax
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {206E52E0-D52E-11D4-AD54-0000E86C26F6} - C:\Tweb\FreshDownload\fdcatch.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Tweb\_SPYWA~1\SSD\SDHelper.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: De Telefoongids - {790C1F44-C559-434B-BE18-13C042555D8E} - C:\Tweb\De Telefoongids Zoekbalk\PhoneShell.dll
O3 - Toolbar: FreshDownload Bar - {ED0E8CA5-42FB-4B18-997B-769E0408E79D} - C:\Tweb\FreshDownload\fdiebar.dll
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Tweb\ZAP\zlclient.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo R200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0H 2.EXE /P30 "EPSON Stylus Photo R200 Series" /O6 "USB001" /M "Stylus Photo R200"
O4 - HKLM\..\Run: [SBAutoUpdate] "C:\Tweb\+ Spyware +\SpywareBlaster\sbautoupdate.exe"
O4 - HKLM\..\Run: [RAMDef] C:\Twin\RAM Def XT\ramdef.exe -tray
O4 - HKCU\..\Run: [TClockEx] C:\Twin\TClockEx\TCLOCKEX.EXE
O4 - HKCU\..\Run: [AWMON] "C:\Tweb\_SPYWA~1\Ad-Aware\Ad-Watch.exe"
O4 - HKCU\..\Run: [EPSON Stylus Photo R200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0H 2.EXE /P30 "EPSON Stylus Photo R200 Series" /M "Stylus Photo R200" /EF "HKCU"
O4 - Startup: H-Menu 5.0.lnk = C:\Twin\H-menu\H_menu.exe
O4 - Startup: PopTray.lnk = C:\Tweb\+ Mailware +\PopTray\PopTray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: InstantTimeZone.lnk = C:\Program Files\InstantTimeZone\InstantTimeZone.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FreshDownload - {C6F04A4B-F0AD-4A0E-9338-D5F59C4348EC} - C:\Tweb\FreshDownload\fd.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Telefoongids - {FCA46C9D-25D2-4bbb-810A-EA8B0A1741B4} - C:\Tweb\De Telefoongids Zoekbalk\PhoneShell.dll
O9 - Extra 'Tools' menuitem: De Telefoongids - {FCA46C9D-25D2-4bbb-810A-EA8B0A1741B4} - C:\Tweb\De Telefoongids Zoekbalk\PhoneShell.dll
O15 - Trusted Zone: PC Help Forum.com - Computer Tech Support
O15 - Trusted Zone: Rabobank - Opleidingennet
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Tweb\+ Spyware +\Ewido Anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
-----------------------------------------------------------------------------------------------------------------------------------

Thankx once more and I hope I did everything right (finally)!

With kind regards,

Yes thats all fine.The infection has gone...your good to go....




If you wish to do so, here are a few things that you can do that will help keep your computer a bit more clean and secure..
If you have not already done so, you might want to run Disk Cleanup and run it in each user's profile:
Run Disk Cleanup
Click "Start > Programs > Accessories > System Tools > Disk Cleanup"
Please make sure the following are checked:
-- Downloaded Program Files
-- Temporary Internet Files
-- Recycle Bin
-- Temporary Files
Click "OK" and Disk Cleanup will delete those files for you.

Now that you are clean its now is a good time to flush out your restored files.
To flush the XP System Restore Points:
(Using XP, you must be logged in as Administrator to do this.)
Go to Start>Run and type msconfig Press enter.
When msconfig opens, click the Launch System Restore Button.
On the next page, click the System Restore Settings Link on the left.
Check the box labeled Turn Off System Restore.
Reboot. Go back in and turn System Restore ON. A new Restore Point will be created.
How Do I Protect My Computer Against Future Malware Now I'm Clean.
NOTE:You may have already taken some of these steps.
Update your anti-virus software & Windows operating system on a daily or weekly basis. Microsoft also distributes updates to its operating systems. These updates fix security holes or other problems that make a computer susceptible to security breaches. How to update your Windows operating system
Know What You're Installing
Check the source.
To avoid malware, make sure your software comes from a reputable source. Be particularly suspicious of sponsored software (software that relies on advertising) or software that claims to speed up your Internet connection.
Use Custom Install.
If you feel comfortable with software installation, you can choose Custom Install (as opposed to Typical Install). Custom Install allows you to select only the software components you wish to install, and leave out others (such as potential spyware).
Modify Security Settings (Internet Explorer 6)
To reduce the risk of installing malware, you can set Internet Explorer to high security mode. To do so:
Open Internet Explorer. Go to Tools > Internet Options….
On the Internet Options screen, select the Security tab, then select the Internet icon (if it is not already selected).
Under Security level for this zone, click Default Level. Set the slider to High.
Note: You may have to lower the security level to view certain Web sites.
Next, select the Trusted Sites icon. Under Security level for this zone, click Default Level. Set the slider to Medium.
Click Apply, then OK to save the changes.
Some Recommended Protection Programs
Each tool has its own strengths for identifying and removing specific types of malware. To thoroughly check your computer, its recommend that you use more than one malware removal program. Don't forget to back up your data files before starting a scan!
Some available programs are:
Ad-Aware
SpyBot Search & Destroy
Now that you are clean, to help protect your system I recommend that you get the following free programs:
SpywareBlaster to help prevent spyware from installing.
SpywareGuard to catch and block spyware .
IESpy-Ad to block access to malicious websites so you cannot be redirected to them from an infected site or email.
WinPatrol to monitor any changes that programs make to the registry.
If you do not have a firewall, here is a free one for personal use:
ZoneAlarm
Zone Labs: Home/Office Products
Zone Labs: Product Comparison

Before using or purchasing any Spyware/Malware protection/removal program, always check the Rogue/Suspect Spyware List. It will save you a lot of grief, as well as money if you are thinking of purchasing. Here is the link:
Spyware Warrior: Rogue/Suspect Anti-Spyware Products & Web Sites
If you want to know just how effective your anti-spyware program is, or how well any of the "rogue" programs listed at the above link work, check this for an independent comparison of several anti-spyware programs:
Spyware Warrior: Anti-Spyware Testing (Guide)

Here is a helpful article:
"So how did I get infected in the first place?"

http://www.pchelpforum.com/tutorials...t-your-pc.html

Let us know if we have not resolved your problem. Otherwise, you are good to go.
Happy and Safe Surfing!

Pancake,

Thank you very much for -especially- your patients, and further more for your tips & recommendations!
I already have a lot of the apps you recommend and will certainly visit & read all links you've mentioned.

YES! You all have helped me immensely and I'm very greatful for it!!

With kind regards,

Your welcome...