Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93099 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

HELP! Is all I can say


  • This topic is locked This topic is locked
49 replies to this topic

#16 GREENEYESINWINDER

GREENEYESINWINDER

    Authentic Member

  • Authentic Member
  • PipPip
  • 50 posts

Posted 01 March 2006 - 06:00 AM

Well it never finished. So ran it this morning. Here it is. Still getting those "your computer is infected" popups in my information task bar, and still running at CPU usage 100%. ******** 6:12 AM: | Start of Session, Wednesday, March 01, 2006 | 6:12 AM: Spy Sweeper started 6:12 AM: Sweep initiated using definitions version 623 6:12 AM: Starting Memory Sweep 6:14 AM: Memory Sweep Complete, Elapsed Time: 00:01:43 6:14 AM: Starting Registry Sweep 6:14 AM: Registry Sweep Complete, Elapsed Time:00:00:07 6:14 AM: Starting Cookie Sweep 6:14 AM: Found Spy Cookie: 2o7.net cookie 6:14 AM: hp_administrator@2o7[1].txt (ID = 1957) 6:14 AM: Found Spy Cookie: about cookie 6:14 AM: hp_administrator@about[1].txt (ID = 2037) 6:14 AM: Found Spy Cookie: pointroll cookie 6:14 AM: hp_administrator@ads.pointroll[2].txt (ID = 3148) 6:14 AM: Found Spy Cookie: falkag cookie 6:14 AM: hp_administrator@as-us.falkag[2].txt (ID = 2650) 6:14 AM: Found Spy Cookie: ask cookie 6:14 AM: hp_administrator@ask[1].txt (ID = 2245) 6:14 AM: Found Spy Cookie: casalemedia cookie 6:14 AM: hp_administrator@casalemedia[2].txt (ID = 2354) 6:14 AM: Found Spy Cookie: ru4 cookie 6:14 AM: hp_administrator@edge.ru4[2].txt (ID = 3269) 6:14 AM: Found Spy Cookie: go.com cookie 6:14 AM: hp_administrator@go[1].txt (ID = 2728) 6:14 AM: hp_administrator@msnportal.112.2o7[1].txt (ID = 1958) 6:14 AM: Found Spy Cookie: overture cookie 6:14 AM: hp_administrator@overture[1].txt (ID = 3105) 6:14 AM: hp_administrator@psc.disney.go[1].txt (ID = 2729) 6:14 AM: Found Spy Cookie: statcounter cookie 6:14 AM: hp_administrator@statcounter[1].txt (ID = 3447) 6:14 AM: Found Spy Cookie: tacoda cookie 6:14 AM: hp_administrator@tacoda[1].txt (ID = 6444) 6:14 AM: Found Spy Cookie: tribalfusion cookie 6:14 AM: hp_administrator@tribalfusion[1].txt (ID = 3589) 6:14 AM: Found Spy Cookie: tripod cookie 6:14 AM: hp_administrator@tripod[1].txt (ID = 3591) 6:14 AM: Found Spy Cookie: techtarget cookie 6:14 AM: hp_administrator@whatis.techtarget[2].txt (ID = 3500) 6:14 AM: hp_administrator@windows.about[1].txt (ID = 2038) 6:14 AM: hp_administrator@www.disney.go[1].txt (ID = 2729) 6:14 AM: Cookie Sweep Complete, Elapsed Time: 00:00:01 6:14 AM: Starting File Sweep 6:25 AM: File Sweep Complete, Elapsed Time: 00:11:08 6:25 AM: Full Sweep has completed. Elapsed time 00:13:08 6:25 AM: Traces Found: 18 6:38 AM: Removal process initiated 6:38 AM: Quarantining All Traces: 2o7.net cookie 6:38 AM: Quarantining All Traces: about cookie 6:38 AM: Quarantining All Traces: ask cookie 6:38 AM: Quarantining All Traces: casalemedia cookie 6:38 AM: Quarantining All Traces: falkag cookie 6:38 AM: Quarantining All Traces: go.com cookie 6:38 AM: Quarantining All Traces: overture cookie 6:38 AM: Quarantining All Traces: pointroll cookie 6:38 AM: Quarantining All Traces: ru4 cookie 6:38 AM: Quarantining All Traces: statcounter cookie 6:38 AM: Quarantining All Traces: tacoda cookie 6:38 AM: Quarantining All Traces: techtarget cookie 6:38 AM: Quarantining All Traces: tribalfusion cookie 6:38 AM: Quarantining All Traces: tripod cookie 6:38 AM: Removal process completed. Elapsed time 00:00:02 ******** 6:12 AM: | Start of Session, Wednesday, March 01, 2006 | 6:12 AM: Spy Sweeper started 6:12 AM: | End of Session, Wednesday, March 01, 2006 |

    Advertisements

Register to Remove


#17 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 01 March 2006 - 06:47 AM

Make sure you reboot and post a new HJT log please.

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 


#18 GREENEYESINWINDER

GREENEYESINWINDER

    Authentic Member

  • Authentic Member
  • PipPip
  • 50 posts

Posted 01 March 2006 - 07:10 AM

Here you go.

Logfile of HijackThis v1.99.1
Scan saved at 8:06:26 AM, on 3/1/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\HijackThis\HijackThis.exe
C:\WINDOWS\system32\hphmon06.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\ps2.exe
C:\WINDOWS\system32\rundll32.exe
c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Registry Mechanic\regmech.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...lion&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.h...lion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...lion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.h...lion&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...lion&pf=desktop
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\regmech.exe /QS
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: wkcalrem.LNK = C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com...p/PCPitStop.CAB
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1141148115437
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1140990637796
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {EFAEF0E4-F044-4D57-9900-1C3FF18524C9} (AV Class) - http://pcpitstop.com...irus/PitPav.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

#19 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 01 March 2006 - 04:21 PM

Go here and run this scan. Let me know what it finds.
Microsoft - Malicious Software Removal Tool
http://www.microsoft...ve/default.mspx


Download this one and let me know if it finds anything.
RootkitRevealer
http://www.sysintern...itRevealer.html

When it's done, go to file->save
save the logfile to the desktop, and then paste the contents here.

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 


#20 GREENEYESINWINDER

GREENEYESINWINDER

    Authentic Member

  • Authentic Member
  • PipPip
  • 50 posts

Posted 01 March 2006 - 06:41 PM

Ok, Malicious Spyware found nothing. This is all the second one found C:\Documents and Settings\All Users\Start Menu\Programs\Math Advantage \Pre-Calculus & Calculus.lnk 3/1/2006 1:36 PM 1.38 KB Hidden from Windows API. C:\Documents and Settings\All Users\Start Menu\Programs\Math Advantage \Quick Tour.lnk 3/1/2006 1:36 PM 1.09 KB Hidden from Windows API. C:\Documents and Settings\All Users\Start Menu\Programs\Math Advantage \QuickTime Setup.lnk 3/1/2006 1:36 PM 360 bytes Hidden from Windows API. C:\Documents and Settings\All Users\Start Menu\Programs\Math Advantage \Readme.lnk 3/1/2006 1:36 PM 502 bytes Hidden from Windows API. C:\Documents and Settings\All Users\Start Menu\Programs\Math Advantage\Pre-Calculus & Calculus.lnk 3/1/2006 1:36 PM 1.38 KB Visible in Windows API, but not in MFT or directory index. C:\Documents and Settings\All Users\Start Menu\Programs\Math Advantage\Quick Tour.lnk 3/1/2006 1:36 PM 1.09 KB Visible in Windows API, but not in MFT or directory index. C:\Documents and Settings\All Users\Start Menu\Programs\Math Advantage\QuickTime Setup.lnk 3/1/2006 1:36 PM 360 bytes Visible in Windows API, but not in MFT or directory index. C:\Documents and Settings\All Users\Start Menu\Programs\Math Advantage\Readme.lnk 3/1/2006 12:27 PM 502 bytes Visible in Windows API, but not in MFT or directory index. D: 0 bytes Error mounting volume

#21 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 01 March 2006 - 07:30 PM

Download Blacklight Beta from here:
http://www.f-secure....light/try.shtml
  • Hit I accept. It will take you to download page.
  • Download blbeta.exe and save it to the Desktop.
  • Once saved... double click blbeta.exe to install the program.
  • Click accept agreement and Click scan
    This app too may fire off a warning from antivirus. Let the driver load.
    Wait for it to finish.
  • If it displays any items...don't do anything with them yet. Just hit exit (close)
  • It will drop a log on Desktop that starts with fsbl....big number
Please post contents of log.

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 


#22 GREENEYESINWINDER

GREENEYESINWINDER

    Authentic Member

  • Authentic Member
  • PipPip
  • 50 posts

Posted 02 March 2006 - 01:23 PM

Here you go. 03/02/06 14:17:59 [Info]: BlackLight Engine 1.0.33 initialized 03/02/06 14:17:59 [Info]: OS: 5.1 build 2600 (Service Pack 2) 03/02/06 14:17:59 [Note]: 7019 4 03/02/06 14:17:59 [Note]: 7005 0 03/02/06 14:18:12 [Note]: 7006 0 03/02/06 14:18:12 [Note]: 7011 1492 03/02/06 14:18:12 [Note]: FSRAW library version 1.7.1015 03/02/06 14:19:45 [Note]: 7007 0

#23 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 02 March 2006 - 04:29 PM

Click Start->Settings ->Control Panel Click Administrative Tools Click Services Double click Services Scroll down and highlight "Messenger" Right-click the highlighted line and choose Properties. Click the STOP button. Select Disable or Manual in the Startup Type scroll bar Click OK Has the "Your computer is infected! Stopped?

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 


#24 GREENEYESINWINDER

GREENEYESINWINDER

    Authentic Member

  • Authentic Member
  • PipPip
  • 50 posts

Posted 02 March 2006 - 09:38 PM

The stop button was already depressed. I could only click start, so therefore did nothing. Yes, still getting the pop-up balloon from the information task bar that says your computer is infected, some times it says your computer is at high risk.

#25 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 02 March 2006 - 09:46 PM

You may want to print out these instructions for reference, since you will have to restart your computer during the fix.

Please download AproposFix from here:
http://swandog46.gee.../aproposfix.exe

Save it to your desktop but do NOT run it yet.

Then please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.


Once in Safe Mode, please double-click aproposfix.exe and unzip it to the desktop. Open the aproposfix folder on your desktop and run RunThis.bat. Follow the prompts.

When the tool is finished, please reboot back into normal mode, and post a new HijackThis log, along with the entire contents of the log.txt file in the aproposfix folder.

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 

    Advertisements

Register to Remove


#26 GREENEYESINWINDER

GREENEYESINWINDER

    Authentic Member

  • Authentic Member
  • PipPip
  • 50 posts

Posted 02 March 2006 - 10:01 PM

Here you go.

aproposfix log:

Log of AproposFix v1.1

************

Running from directory:
C:\Documents and Settings\HP_Administrator\Desktop\aproposfix

************



Registry entries found:


************

No service found!

Removing hidden folder:
No folder found!

Deleting files:


Backing up files:
Done!

Removing registry entries:

REGEDIT4


Done!

Finished!


New HiJackThis log

Logfile of HijackThis v1.99.1
Scan saved at 10:56:09 PM, on 3/2/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\hphmon06.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\ps2.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...lion&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.h...lion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...lion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.h...lion&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...lion&pf=desktop
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\regmech.exe /QS
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: wkcalrem.LNK = C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com...p/PCPitStop.CAB
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1141148115437
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1140990637796
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {EFAEF0E4-F044-4D57-9900-1C3FF18524C9} (AV Class) - http://pcpitstop.com...irus/PitPav.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

#27 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 02 March 2006 - 10:03 PM

Please do not delete anything unless instructed to.

Double-click My Computer.
Click the Tools menu, and then click Folder Options.
Click the View tab.
Clear "Hide file extensions for known file types."
Under the "Hidden files" folder, select "Show hidden files and folders."
Clear "Hide protected operating system files."
Click Apply, and then click OK.


Even if you've already run these, make SURE they're up-to-date and run per instructions.

Make sure you have the up-to-date versions of Spybot V 1.4 and Ad-aware SE Build 1.06 . All are free and available below.

Download Spybot, install and update. Then download Ad-aware, install, and update.

Spybot:

Install the program and launch it.

Go to Start > Programs >Spybot > Search & Destroy and choose Spybot S&D

Close ALL windows except Spybot S&D
Click the button to "Search for Updates" and download and install the Updates.
Next click the button "Check for Problems"
When Spybot is complete, it will be showing "RED" (RED) entries "BLACK" entries and "GREEN" (GREEN) entries in the window
Put a check mark beside the RED (RED) entries ONLY.
Choose "Fix Selected Problems" and allow Spybot to fix the RED (RED) entries.

Ad-Aware FULL SCAN:

Install the program and launch it.

1. Launch Ad-Aware SE and run the WebUpdate feature. (Click on the Globe icon > Click connect > Click OK > Click Finish.)
2. Set up the Configurations as follows:
-- Click the Gear wheel at the top of the Ad-Aware window
-- Click General > Safety & Settings: Check (Green) all three.
-- Click Tweak > Cleaning Engine > UNcheck "Always try to unload modules before deletion".
3. Click "Proceed"
4. Click "Scan Now"
5. Deselect "Search for negligible risk entries" as negligible risk entries (MRU's) are not considered to be a threat.
6. Select "Search for low-risk threats"
7. Run the scanner using the Full Scan (Perform full system scan) mode.
8. When the scan has completed, select Next.
9. In the Scanning Results window, select the "Scan Summary" tab.
10. Check the box next to each "target family" you wish to remove.
11. Click next > Click OK.

Empty Recycle Bin

Reboot and "copy/paste" a new log file into this thread.
Also please describe how your computer behaves at the moment.

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 


#28 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 02 March 2006 - 10:06 PM

I'm headed to bed. Will take this up tomorrow.

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 


#29 GREENEYESINWINDER

GREENEYESINWINDER

    Authentic Member

  • Authentic Member
  • PipPip
  • 50 posts

Posted 02 March 2006 - 10:44 PM

Here you go.

New SpyBot log

--- Report generated: 2006-03-02 23:12 ---

Windows.ActiveDesktop: User settings (Registry change, fixed)
HKEY_USERS\S-1-5-21-42621864-382322188-3993276631-1008\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoHTMLWallPaper!=W=1

Common Dialogs: History (37 files) (Registry key, nothing done)
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU

Log: Activity: SchedLgU.Txt (Backup file, nothing done)
C:\WINDOWS\SchedLgU.Txt

Log: Activity: imsins.log (Backup file, nothing done)
C:\WINDOWS\imsins.log

Log: Activity: ntbtlog.txt (Backup file, nothing done)
C:\WINDOWS\ntbtlog.txt

Log: Install: comsetup.log (Backup file, nothing done)
C:\WINDOWS\comsetup.log

Log: Install: ocgen.log (Backup file, nothing done)
C:\WINDOWS\ocgen.log

Log: Install: setupact.log (Backup file, nothing done)
C:\WINDOWS\setupact.log

Log: Install: setupapi.log (Backup file, nothing done)
C:\WINDOWS\setupapi.log

Log: Install: wmsetup.log (Backup file, nothing done)
C:\WINDOWS\wmsetup.log

Log: Shutdown: System32\wbem\logs\wbemess.lo_ (Backup file, nothing done)
C:\WINDOWS\System32\wbem\logs\wbemess.lo_

Log: Shutdown: System32\wbem\logs\wbemess.log (Backup file, nothing done)
C:\WINDOWS\System32\wbem\logs\wbemess.log

Log: Shutdown: System32\wbem\logs\wbemprox.log (Backup file, nothing done)
C:\WINDOWS\System32\wbem\logs\wbemprox.log

Log: Shutdown: System32\wbem\logs\wmiadap.log (Backup file, nothing done)
C:\WINDOWS\System32\wbem\logs\wmiadap.log

Log: Shutdown: System32\wbem\logs\wmiprov.log (Backup file, nothing done)
C:\WINDOWS\System32\wbem\logs\wmiprov.log

Adobe Acrobat Reader 6: Recent file #1 (Registry key, nothing done)
HKEY_USERS\S-1-5-21-42621864-382322188-3993276631-1008\Software\Adobe\Acrobat Reader\6.0\AVGeneral\cRecentFiles\c1

Internet Explorer: Typed URL list (13 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-42621864-382322188-3993276631-1008\Software\Microsoft\Internet Explorer\TypedURLs

Internet Explorer: Download directory (Registry change, nothing done)
HKEY_USERS\S-1-5-21-42621864-382322188-3993276631-1008\Software\Microsoft\Internet Explorer\Download Directory!=

MS Management Console: Recent command list (2 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-42621864-382322188-3993276631-1008\Software\Microsoft\Microsoft Management Console\Recent File List

MS Media Player: Recent file list (1 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-42621864-382322188-3993276631-1008\Software\Microsoft\MediaPlayer\Player\RecentFileList

MS Media Player: Last opened playlist (Registry value, nothing done)
HKEY_USERS\S-1-5-21-42621864-382322188-3993276631-1008\Software\Microsoft\MediaPlayer\Preferences\LastPlaylist

MS Media Player: Last selected track index (Registry value, nothing done)
HKEY_USERS\S-1-5-21-42621864-382322188-3993276631-1008\Software\Microsoft\MediaPlayer\Preferences\LastPlaylistIndex

MS Media Player: Anonymous ID (Registry change, nothing done)
HKEY_USERS\S-1-5-21-42621864-382322188-3993276631-1008\Software\Microsoft\MediaPlayer\Preferences\SendUserGUID!=B=0

MS Direct3D: Most recent application (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Direct3D\MostRecentApplication\Name!=

MS Direct3D: Most recent application (Registry change, nothing done)
HKEY_USERS\S-1-5-21-42621864-382322188-3993276631-1008\Software\Microsoft\Direct3D\MostRecentApplication\Name!=

MS DirectDraw: Most recent application (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication\Name!=

MS DirectInput: Most recent application (Registry change, nothing done)
HKEY_USERS\S-1-5-21-42621864-382322188-3993276631-1008\Software\Microsoft\DirectInput\MostRecentApplication\Name!=

MS DirectInput: Most recent application ID (Registry change, nothing done)
HKEY_USERS\S-1-5-21-42621864-382322188-3993276631-1008\Software\Microsoft\DirectInput\MostRecentApplication\Id!=

MS Office 11.0 (Excel): Recent file list (4 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-42621864-382322188-3993276631-1008\Software\Microsoft\Office\11.0\Excel\Recent Files

MS Office 11.0 (Word): Recent file list (Registry value, nothing done)
HKEY_USERS\S-1-5-21-42621864-382322188-3993276631-1008\Software\Microsoft\Office\11.0\Word\Data\Settings

MS Regedit: Recent open key (Registry change, nothing done)
HKEY_USERS\S-1-5-21-42621864-382322188-3993276631-1008\Software\Microsoft\Windows\CurrentVersion\Applets\Regedit\LastKey!=

MS Search Assistant: Typed search terms history (Registry key, nothing done)
HKEY_USERS\S-1-5-21-42621864-382322188-3993276631-1008\Software\Microsoft\Search Assistant\ACMru

Windows.OpenWith: Open with list - .AVI extension (2 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-42621864-382322188-3993276631-1008\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.AVI\OpenWithList

Windows Explorer: Recent wallpaper list (247 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-42621864-382322188-3993276631-1008\Software\Microsoft\Windows\CurrentVersion\Explorer\Wallpaper\MRU

Windows Explorer: Run history (13 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-42621864-382322188-3993276631-1008\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU

Windows Explorer: Stream history (20 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-42621864-382322188-3993276631-1008\Software\Microsoft\Windows\CurrentVersion\Explorer\StreamMRU

Windows Explorer: User Assistant history IE (9 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-42621864-382322188-3993276631-1008\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count

Windows Explorer: User Assistant history files (137 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-42621864-382322188-3993276631-1008\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count

Windows Explorer: Last visited history (2 files) (Registry key, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\LastVisitedMRU

Windows Explorer: Last visited history (12 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-42621864-382322188-3993276631-1008\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\LastVisitedMRU

Windows Explorer: Last visited history (2 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\LastVisitedMRU

Windows Explorer: Recent file global history (Registry key, nothing done)
HKEY_USERS\S-1-5-21-42621864-382322188-3993276631-1008\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs

Windows Media SDK: Computer name (Registry change, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows Media\WMSDK\General\ComputerName!=ComputerName

Windows Media SDK: Computer name (Registry change, nothing done)
HKEY_USERS\S-1-5-21-42621864-382322188-3993276631-1008\Software\Microsoft\Windows Media\WMSDK\General\ComputerName!=ComputerName

Windows Media SDK: Computer name (Registry change, nothing done)
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows Media\WMSDK\General\ComputerName!=ComputerName

Windows Media SDK: Unique ID (Registry change, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows Media\WMSDK\General\UniqueID!={00000000-0000-0000-0000-000000000000}

Windows Media SDK: Unique ID (Registry change, nothing done)
HKEY_USERS\S-1-5-21-42621864-382322188-3993276631-1008\Software\Microsoft\Windows Media\WMSDK\General\UniqueID!={00000000-0000-0000-0000-000000000000}

Windows Media SDK: Unique ID (Registry change, nothing done)
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows Media\WMSDK\General\UniqueID!={00000000-0000-0000-0000-000000000000}

Windows Media SDK: Volume serial number (Registry value, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows Media\WMSDK\General\VolumeSerialNumber

Windows Media SDK: Volume serial number (Registry value, nothing done)
HKEY_USERS\S-1-5-21-42621864-382322188-3993276631-1008\Software\Microsoft\Windows Media\WMSDK\General\VolumeSerialNumber

Windows Media SDK: Volume serial number (Registry value, nothing done)
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows Media\WMSDK\General\VolumeSerialNumber

Cookie: Cookie (61) (Cookie, nothing done)


Cache: Cache (6082) (Cache, nothing done)



--- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---

2005-05-31 blindman.exe (1.0.0.1)
2005-05-31 SpybotSD.exe (1.4.0.3)
2005-05-31 TeaTimer.exe (1.4.0.2)
2005-11-06 unins000.exe (51.41.0.0)
2005-05-31 Update.exe (1.4.0.0)
2005-05-31 advcheck.dll (1.0.2.0)
2005-05-31 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2005-05-31 Tools.dll (2.0.0.2)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2006-02-24 Includes\Cookies.sbi (*)
2006-02-24 Includes\Dialer.sbi (*)
2006-02-24 Includes\Hijackers.sbi (*)
2006-02-24 Includes\Keyloggers.sbi (*)
2006-02-24 Includes\Malware.sbi (*)
2003-03-16 Includes\plugin-ignore.ini
2006-02-24 Includes\PUPS.sbi (*)
2006-02-24 Includes\Revision.sbi (*)
2006-02-24 Includes\Security.sbi (*)
2006-02-24 Includes\Spybots.sbi (*)
2003-03-16 Includes\Temporary.sbi (*)
2005-02-17 Includes\Tracks.uti (*)
2006-02-24 Includes\Trojans.sbi (*)



New Adware log

Ad-Aware SE Build 1.06r1
Logfile Created on:Thursday, March 02, 2006 11:40:51 PM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R94 28.02.2006
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
None
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Ad-Aware SE Settings
===========================
Set : Search for low-risk threats
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects


3-2-2006 11:40:51 PM - Scan started. (Full System Scan)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 512
ThreadCreationTime : 3-3-2006 4:30:41 AM
BasePriority : Normal


#:2 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 576
ThreadCreationTime : 3-3-2006 4:30:47 AM
BasePriority : Normal


#:3 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 600
ThreadCreationTime : 3-3-2006 4:30:48 AM
BasePriority : High

<STOP>

#30 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 03 March 2006 - 03:33 PM

Backup your Registry...
- Press "CTRL - ALT - DEL" keys all at the same time to start "Task Manager"
- In the Task Manager window click on "File", then from the drop-down menu select "New Task (Run...)"
- In the "Create New Task" window enter\type "regedit" (without quotes)
- Once Regedit opens click on the FILE menu and select Export
- Save the file as backup. Save the file somewhere you will remember and not delete.
IMPORTANT: make sure to set the export range to ALL




Click "Start"> "Run"> type in Regedit tap Enter Key

Make sure "My Computer" is highlighted

Click "Edit"> "Find"
Type in dxmpp.dll tap Enter Key.
Right Click on the file if found and select "Delete"

Tap the "F3" Key to find the next entry of the file. Continue using the "F3" Key until it's finished searching.

Do the same for this one:
SpyFalcon

Close Regedit.


Empty Recycle Bin

Reboot and "copy/paste" a new HijackThis log file into this thread.
Also please describe how your computer behaves at the moment.

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users