Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93104 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

I Have Spyware And I Don't Know How To Get Rid Of It


  • This topic is locked This topic is locked
11 replies to this topic

#1 Jordan_Inc

Jordan_Inc

    Authentic Member

  • Authentic Member
  • PipPip
  • 41 posts

Posted 12 June 2007 - 05:14 PM

i have spyware and it shows up every time in my Internet Explorer, but its fine in firefox. but whenever i open up IE, there would be all these pop-up IE windows and all this carp**.

i have the following softwares:

NOD32 Anti Virus
Spyware Doctor
Spy Sweeper
Ad Muncher


none of them could get rid of it
and i know its coming from res://C:WINDOWSsystem32shdoclc.dll

but i cant get rid of it still. my shdoclc.dll is infected or something i believe









Logfile of HijackThis v1.99.1
Scan saved at 4:03:41 PM, on 6/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Ad Muncher\AdMunch.exe
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe
C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\about.htm
O4 - HKLM\..\Run: [Ad Muncher] "C:\Program Files\Ad Muncher\AdMunch.exe" /bt
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [StatusClient] "C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe" /auto
O4 - HKLM\..\Run: [TomcatStartup] "C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe"
O4 - HKLM\..\Run: [Creative WebCam Tray] "C:\Program Files\Creative\Shared Files\CAMTRAY.EXE"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [AIM] "C:\Program Files\AIM\aim.exe" -cnetwait.odl
O8 - Extra context menu item: Block frame with Ad Muncher - http://www.admuncher...d=menu_ie_frame
O8 - Extra context menu item: Block image with Ad Muncher - http://www.admuncher...d=menu_ie_image
O8 - Extra context menu item: Block link with Ad Muncher - http://www.admuncher...id=menu_ie_link
O8 - Extra context menu item: Don't filter page with Ad Muncher - http://www.admuncher...menu_ie_exclude
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Report page to the Ad Muncher developers - http://www.admuncher...=menu_ie_report
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: fccyxyv - fccyxyv.dll (file missing)
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Net Agent - Unknown owner - C:\WINDOWS\dls0523pmw.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

    Advertisements

Register to Remove


#2 Gary R

Gary R

    MRU Administrator

  • MRU Teachers
  • 1,510 posts

Posted 13 June 2007 - 01:47 AM

Looking over your log, back ASAP.

#3 Gary R

Gary R

    MRU Administrator

  • MRU Teachers
  • 1,510 posts

Posted 13 June 2007 - 01:56 AM

Hi Jordan Inc,

I'm Gary R, I'll be glad to help you with your computer problems.

Please observe these rules while we work:
  • Perform all actions in the order given.
  • If you don't know, stop and ask! Don't keep going on.
  • Please reply to this thread. Do not start a new topic.
  • Stick with it till you're given the all clear.
  • Remember, absence of symptoms does not mean the infection is all gone.
If you can do these things, everything should go smoothly.
  • Please note you'll need to have Administrator priviledges to perform the fixes. (XP accounts are Administrator by default)
  • Download combofix.exe by sUBs
  • Alternate Download
  • Double click combofix.exe & follow the prompts.
  • When finished, it will produce a log for you. Post that log in your next reply please.
Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

You appear to have one of the Vundo varients, this one hides from HijackThis, so it is necessary to re-name it so we can see what's being hidden.
  • Go to C:\Program Files\Hijackthis\HijackThis.exe
  • Rename HijackThis.exe to FredFlintstone.exe
  • Run a new scan with HJT (FredFlintstone) and send me the new log please, along with the Combofix log..


#4 Jordan_Inc

Jordan_Inc

    Authentic Member

  • Authentic Member
  • PipPip
  • 41 posts

Posted 14 June 2007 - 09:28 PM

thanks gary, heres my two logs:



ComboFix Log:

ComboFix 07-06-13.3 - C:\Documents and Settings\Jondan\Desktop\ComboFix.exe
"Jondan" - 2007-06-14 19:50:46 - Service Pack 2 NTFS


(((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\vtsts.dll
C:\WINDOWS\system32\ststv.ini
C:\WINDOWS\system32\rttss.bak2
C:\WINDOWS\system32\rttss.ini
C:\WINDOWS\system32\rttss.ini2
C:\WINDOWS\system32\rttss.tmp


* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Program Files\MSN\vikojibo.html
C:\Tempb9
C:\Tempb9\tmpTF.log
C:\Temp\tn3
C:\WINDOWS\764.exe
C:\WINDOWS\b122.exe
C:\WINDOWS\cs_cache.ini
C:\WINDOWS\dls0523pmw.exe
C:\WINDOWS\installer\25370d.msi
C:\WINDOWS\rau001978.exe
C:\WINDOWS\system32\drivers\core.cache.dsk
C:\WINDOWS\system32\drivers\core.sys
C:\WINDOWS\system32\l6x1E2Fy.exe
C:\WINDOWS\system32\owinpndt.exe
C:\WINDOWS\system32\pog
C:\WINDOWS\system32\T3
C:\WINDOWS\system32\T4
C:\WINDOWS\system32\T4\amst5.exe
C:\WINDOWS\system32\wmvds32.dll
C:\WINDOWS\tasks\At1.job
C:\WINDOWS\tasks\At10.job
C:\WINDOWS\tasks\At11.job
C:\WINDOWS\tasks\At12.job
C:\WINDOWS\tasks\At13.job
C:\WINDOWS\tasks\At14.job
C:\WINDOWS\tasks\At15.job
C:\WINDOWS\tasks\At16.job
C:\WINDOWS\tasks\At17.job
C:\WINDOWS\tasks\At18.job
C:\WINDOWS\tasks\At19.job
C:\WINDOWS\tasks\At2.job
C:\WINDOWS\tasks\At20.job
C:\WINDOWS\tasks\At21.job
C:\WINDOWS\tasks\At22.job
C:\WINDOWS\tasks\At23.job
C:\WINDOWS\tasks\At24.job
C:\WINDOWS\tasks\At3.job
C:\WINDOWS\tasks\At4.job
C:\WINDOWS\tasks\At5.job
C:\WINDOWS\tasks\At6.job
C:\WINDOWS\tasks\At7.job
C:\WINDOWS\tasks\At8.job
C:\WINDOWS\tasks\At9.job
C:\WINDOWS\wr.txt


((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\LEGACY_CORE
-------\LEGACY_NET_AGENT
-------\LEGACY_WINDOWS_OVERLAY_COMPONENTS
-------\core
-------\Net Agent


((((((((((((((((((((((((( Files Created from 2007-05-15 to 2007-06-15 )))))))))))))))))))))))))))))))


2007-06-14 19:48 49,152 --a------ C:\WINDOWS\nircmd.exe
2007-06-12 15:57 <DIR> d-------- C:\DOCUME~1\Lake\APPLIC~1\Webroot
2007-06-11 23:48 <DIR> d-------- C:\Program Files\SpywareBlaster
2007-06-11 22:46 <DIR> d-------- C:\Program Files\Bazooka Scanner
2007-06-11 20:23 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2007-06-11 20:23 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com
2007-06-11 20:13 <DIR> d-------- C:\DOCUME~1\Jondan\APPLIC~1\Help
2007-06-10 23:30 0 --a------ C:\WINDOWS\system32\Ultra.dll
2007-06-10 23:17 <DIR> d-------- C:\Program Files\SoftwareDoctor
2007-06-10 22:39 1,165 --a------ C:\WINDOWS\mozver.dat
2007-06-10 22:15 39,713 --a------ C:\WINDOWS\WpAJTrYf67HazytRD.exe
2007-06-10 22:12 <DIR> d-------- C:\DOCUME~1\Jondan\APPLIC~1\Creative
2007-06-10 21:38 91,577 -ra------ C:\WINDOWS\system32\drivers\P0620Vid.sys
2007-06-10 21:38 81,920 -ra------ C:\WINDOWS\CtDrvIns.exe
2007-06-10 21:38 69,632 -ra------ C:\WINDOWS\system32\p0620sti.dll
2007-06-10 21:38 65,536 -ra------ C:\WINDOWS\system32\CtCamMgr.dll
2007-06-10 21:38 40,960 -ra------ C:\WINDOWS\system32\P0620Hwx.dll
2007-06-10 21:38 32,768 -ra------ C:\WINDOWS\system32\P0620Pin.dll
2007-06-10 21:38 20,480 -ra------ C:\WINDOWS\system32\P0620Srv.exe
2007-06-10 21:38 20,480 -ra------ C:\WINDOWS\P0620Cfg.exe
2007-06-10 21:38 126,976 -ra------ C:\WINDOWS\system32\P0620Vfw.dll
2007-06-10 21:37 <DIR> d-------- C:\Program Files\Creative
2007-06-10 21:35 <DIR> d--h----- C:\Program Files\InstallShield Installation Information
2007-06-10 21:35 <DIR> d-------- C:\Program Files\Common Files\InstallShield
2007-06-10 21:33 <DIR> d-------- C:\Program Files\Hewlett-Packard
2007-06-10 21:26 212 -ra------ C:\WINDOWS\system32\HPBVNSTP.DAT
2007-06-10 21:26 196,608 -ra------ C:\WINDOWS\system32\HPBVNSTP.DLL
2007-06-10 20:58 <DIR> d-------- C:\DOCUME~1\Jondan\APPLIC~1\Tenebril
2007-06-10 20:51 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Tenebril
2007-06-10 20:50 180,224 --a-s---- C:\WINDOWS\system32\archlib.dll
2007-06-10 20:50 <DIR> d-------- C:\WINDOWS\system32\tenarchlib
2007-06-10 20:39 <DIR> d-------- C:\Program Files\545 Studios
2007-06-10 20:34 <DIR> d-------- C:\DOCUME~1\Jondan\APPLIC~1\Aim
2007-06-10 20:33 <DIR> d-------- C:\Program Files\AWS
2007-06-10 20:31 344,064 --a------ C:\WINDOWS\system32\msvcr70.dll
2007-06-10 20:31 <DIR> d-------- C:\Program Files\Viewpoint
2007-06-10 20:31 <DIR> d-------- C:\Program Files\AOD
2007-06-10 20:31 <DIR> d-------- C:\Program Files\AIM
2007-06-10 20:31 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Viewpoint
2007-06-10 19:47 22,080 --a------ C:\WINDOWS\system32\drivers\sshrmd.sys
2007-06-10 19:47 21,056 --a------ C:\WINDOWS\system32\drivers\sskbfd.sys
2007-06-10 19:47 20,544 --a------ C:\WINDOWS\system32\drivers\SSFS0509.sys
2007-06-10 19:47 144,960 --a------ C:\WINDOWS\system32\drivers\ssidrv.sys
2007-06-10 19:47 <DIR> d-------- C:\DOCUME~1\LOCALS~1\APPLIC~1\Webroot
2007-06-10 19:46 <DIR> d-------- C:\Program Files\Webroot
2007-06-10 19:46 <DIR> d-------- C:\DOCUME~1\Jondan\APPLIC~1\Webroot
2007-06-10 19:46 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Webroot
2007-06-10 18:57 <DIR> d-------- C:\Program Files\Microsoft Works
2007-06-10 18:47 <DIR> dr-h----- C:\MSOCache
2007-06-10 17:59 0 --a------ C:\WINDOWS\nsreg.dat
2007-06-10 17:49 <DIR> d-------- C:\WINDOWS\Prefetch
2007-06-10 17:43 <DIR> d-------- C:\Program Files\Online Services
2007-06-10 17:40 27,165 --a------ C:\WINDOWS\system32\drivers\fetnd5.sys
2007-06-10 17:37 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll
2007-06-10 17:37 13,312 --a------ C:\WINDOWS\system32\irclass.dll
2007-06-10 17:05 <DIR> d-------- C:\WINDOWS\setup.pss
2007-06-10 16:55 18,432 --a------ C:\WINDOWS\sysrlb32.exe
2007-06-10 16:47 <DIR> d-------- C:\Program Files\Spyware Doctor
2007-06-10 16:34 512,096 --a------ C:\WINDOWS\system32\drivers\amon.sys
2007-06-10 16:34 299,392 --a------ C:\WINDOWS\system32\imon.dll
2007-06-10 16:34 15,424 --a------ C:\WINDOWS\system32\drivers\nod32drv.sys
2007-06-10 16:08 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2007-06-10 16:08 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2007-06-10 16:08 <DIR> d-------- C:\WINDOWS\system32\PreInstall
2007-06-10 16:05 <DIR> d-------- C:\Program Files\Ad Muncher
2007-06-10 15:57 <DIR> d--hs---- C:\UWA7P
2007-06-10 15:56 89,088 --a------ C:\WINDOWS\system32\atl71.dll
2007-06-10 15:56 8,704 --a------ C:\WINDOWS\system32\SpOrder.dll
2007-06-10 15:56 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll
2007-06-10 15:56 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll
2007-06-10 15:56 24,064 --a------ C:\WINDOWS\system32\msxml3a.dll
2007-06-10 15:56 1,060,864 --a------ C:\WINDOWS\system32\mfc71.dll
2007-06-10 15:56 <DIR> dr------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SalesMonitor
2007-06-10 15:56 <DIR> d-------- C:\Program Files\Common Files\WinAntiVirus Pro 2007
2007-06-10 15:56 <DIR> d-------- C:\DOCUME~1\Jondan\APPLIC~1\WinAntiVirus Pro 2007
2007-06-10 15:56 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\WinAntiVirus Pro 2007
2007-06-10 15:55 4 --a------ C:\WINDOWS\system32\stfv.bin
2007-06-10 15:51 12 --a------ C:\WINDOWS\system32\sl.bin
2007-06-10 15:50 9,984 --a------ C:\WINDOWS\system32\WER8274.DLL
2007-06-10 15:50 32,000 --a------ C:\WINDOWS\cdsm32.dll
2007-06-10 15:50 30,464 --a------ C:\WINDOWS\system32\MSIXU.DLL
2007-06-10 15:50 28,160 --a------ C:\WINDOWS\saiemod.dll
2007-06-10 15:50 25,600 --a------ C:\WINDOWS\vxddsk.exe
2007-06-10 15:50 24,320 --a------ C:\WINDOWS\swin32.dll
2007-06-10 15:50 22,784 --a------ C:\WINDOWS\bokja.exe
2007-06-10 15:50 22,528 --a------ C:\WINDOWS\system32\vxddsk.exe
2007-06-10 15:50 16,896 --a------ C:\WINDOWS\system32\wml.exe
2007-06-10 15:50 15,360 --a------ C:\WINDOWS\wml.exe
2007-06-10 15:50 14,080 --a------ C:\WINDOWS\pbar.dll
2007-06-10 15:50 12 --a------ C:\WINDOWS\system32\gtv_sd.bin
2007-06-10 15:50 10,496 --a------ C:\WINDOWS\satmat.exe
2007-06-10 15:44 <DIR> d--h----- C:\WINDOWS\ShellNew
2007-06-10 15:43 930 --a------ C:\WINDOWS\system32\winpfz32.sys
2007-06-10 15:43 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft Help
2007-06-10 15:36 105,434 --a------ C:\WINDOWS\qwr67.exe
2007-06-10 15:36 <DIR> d-------- C:\WINDOWS\system32\TQ0
2007-06-10 15:36 <DIR> d-------- C:\WINDOWS\system32\T7
2007-06-10 15:36 <DIR> d-------- C:\WINDOWS\system32\T6
2007-06-10 15:36 <DIR> d-------- C:\WINDOWS\system32\T1QaSQ
2007-06-10 15:36 <DIR> d-------- C:\Temp\x2b


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))



((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Ad Muncher"="C:\Program Files\Ad Muncher\AdMunch.exe" [2006-10-28 00:37]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-06-10 16:33]
"SoundMan"="SOUNDMAN.EXE" [2003-08-15 00:34 C:\WINDOWS\SOUNDMAN.EXE]
"@"="" []
"StatusClient"="C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe" [2002-12-16 16:51]
"TomcatStartup"="C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe" [2003-03-31 19:28]
"Creative WebCam Tray"="C:\Program Files\Creative\Shared Files\CAMTRAY.EXE" [2004-07-30 11:04]
"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2007-03-01 19:55]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AIM"="C:\Program Files\AIM\aim.exe" [2004-06-07 13:53]

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
Source= C:\Program Files\MSN\vikojibo.html
FriendlyName=

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\fccyxyv]
fccyxyv.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\WebrootSpySweeperService]

*Newly Created Service* - HTTPFILTER

**************************************************************************

catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-06-14 20:00:00
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-06-14 20:00:58 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-06-14 20:00

--- E O F ---





HJT Log:

Logfile of HijackThis v1.99.1
Scan saved at 8:26:05 PM, on 6/14/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Ad Muncher\AdMunch.exe
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe
C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\AIM\aim.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hijackthis\FredFlintstone.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\about.htm
O4 - HKLM\..\Run: [Ad Muncher] "C:\Program Files\Ad Muncher\AdMunch.exe" /bt
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [StatusClient] "C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe" /auto
O4 - HKLM\..\Run: [TomcatStartup] "C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe"
O4 - HKLM\..\Run: [Creative WebCam Tray] "C:\Program Files\Creative\Shared Files\CAMTRAY.EXE"
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKCU\..\Run: [AIM] "C:\Program Files\AIM\aim.exe" -cnetwait.odl
O8 - Extra context menu item: Block frame with Ad Muncher - http://www.admuncher...d=menu_ie_frame
O8 - Extra context menu item: Block image with Ad Muncher - http://www.admuncher...d=menu_ie_image
O8 - Extra context menu item: Block link with Ad Muncher - http://www.admuncher...id=menu_ie_link
O8 - Extra context menu item: Don't filter page with Ad Muncher - http://www.admuncher...menu_ie_exclude
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Report page to the Ad Muncher developers - http://www.admuncher...=menu_ie_report
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: fccyxyv - fccyxyv.dll (file missing)
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe



#5 Gary R

Gary R

    MRU Administrator

  • MRU Teachers
  • 1,510 posts

Posted 15 June 2007 - 01:16 AM

OK looking better, but still some work to do.

Run a scan with HJT and when finished check the following items (if found).

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\about.htm

O20 - Winlogon Notify: fccyxyv - fccyxyv.dll (file missing)



Now close all open windows and click Fix Checked to remove them.

THEN

Please do an online scan with Kaspersky Online Scanner

Note: You must be using Internet Explorer as your browser as it will be necessary to install an Active X component to your computer.

Important If you have previously used Kaspersky Online Scanner (before 8th Aug 2006), you will have to uninstall the old version using Add/Remove Programs in Control Panel before you can use the new version.

Click on Kaspersky Online Scanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then start to download the latest definition files.
  • Once the scanner is installed and the definitions downloaded, click Next.
  • Now click on Scan Settings.
  • In the scan settings make sure that the following are selected:
    • Scan using the following Anti-Virus database:
      • Extended (If available otherwise Standard)
    • Scan Options:
      • Scan Archives
      • Scan Mail Bases
  • Click OK.
  • Now under select a target to scan select My Computer.
  • The scan will take a while so be patient and let it run. Once the scan is complete it will display if your system has been infected.
  • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
Note: The Kaspersky online scanner is not yet fully compatible with IE7. You may get returned to a window without the Accept/Decline buttons after allowing the ActiveX control. The buttons are there - you just can't see them! Click on the zoom button (bottom, right of the window) and change it from 100% to 75%. You should now see the buttons. Reset to 100% once the license has been accepted.

IMPORTANT
  • It is unclear from your log whether or not you have a firewall installed.
  • If you have one running, please disregard this.
  • If it is disabled, please enable it.
  • If you are using the firewall that comes with Windows, or Service Pack 2, you should replace it. It doesn't monitor outgoing traffic, so anything on your computer can 'phone home' at will.
Below is a list of some free firewalls (in no order of preference).It is important to note that you should only have one firewall installed at a time, but you can download to your Desktop and install each in turn to see which one you prefer.

Also let me know how your computer is running now.

#6 Jordan_Inc

Jordan_Inc

    Authentic Member

  • Authentic Member
  • PipPip
  • 41 posts

Posted 15 June 2007 - 11:37 PM

i have followed your instructions and ran the Kaspersky Online Scanner. i think my computer is running fine now, the pop-ups don't come out now, but my NOD32 Anti-Virus detector can still detect some trojan viruses from time to time.

here's the information from the Kaspersky Online Scanner:

KASPERSKY ONLINE SCANNER REPORT
Friday, June 15, 2007 10:37:32 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.93.0
Kaspersky Anti-Virus database last update: 16/06/2007
Kaspersky Anti-Virus database records: 347362

Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true

Scan Target My Computer
A:\
C:\
D:\
F:\
G:\

Scan Statistics
Total number of scanned objects 73312
Number of viruses found 16
Number of infected objects 37
Number of suspicious objects 0
Duration of the scan process 04:30:36

Infected Object Name Virus Name Last Action
C:\Documents and Settings\Jondan\Application Data\Aim\XxJordanIncxX\cert8.db Object is locked skipped

C:\Documents and Settings\Jondan\Application Data\Aim\XxJordanIncxX\key3.db Object is locked skipped

C:\Documents and Settings\Jondan\Application Data\Mozilla\Firefox\Profiles\ubmuzuaw.default\cert8.db Object is locked skipped

C:\Documents and Settings\Jondan\Application Data\Mozilla\Firefox\Profiles\ubmuzuaw.default\history.dat Object is locked skipped

C:\Documents and Settings\Jondan\Application Data\Mozilla\Firefox\Profiles\ubmuzuaw.default\key3.db Object is locked skipped

C:\Documents and Settings\Jondan\Application Data\Mozilla\Firefox\Profiles\ubmuzuaw.default\parent.lock Object is locked skipped

C:\Documents and Settings\Jondan\Application Data\Mozilla\Firefox\Profiles\ubmuzuaw.default\search.sqlite Object is locked skipped

C:\Documents and Settings\Jondan\Application Data\Mozilla\Firefox\Profiles\ubmuzuaw.default\urlclassifier2.sqlite Object is locked skipped

C:\Documents and Settings\Jondan\Application Data\Webroot\Spy Sweeper\Logs70615180145.ses Object is locked skipped

C:\Documents and Settings\Jondan\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\Jondan\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\Jondan\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\Jondan\Local Settings\Application Data\Mozilla\Firefox\Profiles\ubmuzuaw.default\Cache\_CACHE_001_ Object is locked skipped

C:\Documents and Settings\Jondan\Local Settings\Application Data\Mozilla\Firefox\Profiles\ubmuzuaw.default\Cache\_CACHE_002_ Object is locked skipped

C:\Documents and Settings\Jondan\Local Settings\Application Data\Mozilla\Firefox\Profiles\ubmuzuaw.default\Cache\_CACHE_003_ Object is locked skipped

C:\Documents and Settings\Jondan\Local Settings\Application Data\Mozilla\Firefox\Profiles\ubmuzuaw.default\Cache\_CACHE_MAP_ Object is locked skipped

C:\Documents and Settings\Jondan\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Jondan\Local Settings\History\History.IE5\MSHist012007061520070616\index.dat Object is locked skipped

C:\Documents and Settings\Jondan\Local Settings\Temp\jar_cache48101.tmp Object is locked skipped

C:\Documents and Settings\Jondan\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Jondan\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\Jondan\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Data\settings.dat Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS016701DF-776F-4FD0-B5C1-3A619213304D.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS039F1929-3B14-49FF-9BE8-5E2837B2EFC2.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS0B331FF4-37C7-4EE1-8876-DE3C1BA2BF37.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS0B9DE8F3-2AD0-4B75-94D7-8808C3B063D6.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS11A48156-6740-4CDA-A260-A9C2748A512B.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS11B80962-7B32-4335-91E2-B8AEE9EF78AB.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS13A37E24-C461-4F81-BC2B-590CB7AD0AA1.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS141239F7-B4D2-4A6B-8975-3220F510EA5D.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS1F75AF6D-5F0E-4317-AC15-6CEA785DE9A7.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS20E6CC1B-91DB-4495-9A3C-549BDADE4BA5.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS21442753-975F-49E4-96F4-EFE764D8A9C5.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS22E34927-EA99-4F18-9AB8-C17163F92B2F.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS23495A33-7169-420D-BEFC-BF56FC1C7F16.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS273E3811-3103-476A-B1CF-BFD7C4C264D1.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS2832420D-CF2D-4A47-B639-01386B7EBF57.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS28487E2C-D756-4EEB-81E5-3BF8974AD8F2.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS2A9AB872-4D53-4A40-B499-259BCA978567.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS3049202A-A62A-4F97-B786-C42D9FAEA0E1.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS3A1310FC-3E41-458B-9D0C-9199DA59837B.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS3B54AB0F-759C-4A1D-82EB-272C07693796.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS3BDFB16A-7513-4E5C-BF17-356060E06A0B.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS3C8EED33-D528-4219-9160-E7636EBA730F.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS40E7273A-F2C8-48E0-9520-CBCB2223B705.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS4532964F-AAB4-4353-8FD9-7A59C1160C78.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS488BB308-DEBC-472D-8BCB-54B209FB4EA3.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS56F22E1B-01C3-45D6-8EB3-C106A4757A3B.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS592325A1-B9E9-4D5A-9B15-CF28B828C038.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS5E4D6E90-B083-4972-A4EB-087E080EE8B9.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS5F3E2749-A927-4B55-8036-0E70C7A90247.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS5FA5D155-94EA-4C87-B686-BABFBF3520AE.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS6038E485-605D-4827-ABBE-8A082F5896CA.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS629FECDB-B080-4654-BBCB-9179D4993181.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS63994123-C7F2-4B09-A3E9-58983A15B087.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS668D28EE-6622-4F2D-B55E-8C6DE5FA144B.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS6751AC5E-025E-403A-823F-12A71A12F362.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS678C2C70-B818-42FD-81F6-69C710A29357.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS699F2CC3-1B8E-4FEB-9E16-9AD8670DFDF7.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS6AB583F4-8D29-487E-A410-6585EB1C2819.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS6AF7F447-F58B-4AEC-84EB-F66AE96DBBD7.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS7133E63A-EDDB-4765-9985-81920E424474.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS727AF629-E179-48A4-9176-78CFA2C3D9EB.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS75909D19-100C-4E23-A17C-178FAFB2B200.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS77AA66B3-2A56-43F3-B42F-E469211A3707.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS789ADA00-F222-427D-B2F1-B51361A7BDA7.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS7AC591F6-1117-487C-B8DA-120B6F19503A.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS83765706-894F-4230-B68D-982B7FEB9221.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS8635A88E-10F1-4B7D-95B1-43AFACB76FF9.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS88FCB6AB-4D69-4E52-9CD3-7F6E86137DA4.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS89C8D773-236B-4DCB-B919-CB7A30AFFBA1.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS983A1A38-121F-49A6-AA3B-D3010365DCDF.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS99736639-D7C0-4613-86DD-668B560F062F.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS9E920F71-7D10-474E-A36E-47CA043B1FAA.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSA2D99093-2F2D-4425-8166-9DDF136778FC.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSA5047CBB-103B-44E4-BD04-C40234048AEF.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSA665FF62-B257-4CA4-9A8B-09C445B22074.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSA7B7B249-37C5-4D79-8184-12DDE5B5D8AF.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSAFC78915-524B-438F-9C59-E3E2B3FE6D83.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSB4241E77-3CFA-405E-876B-1107C3D7E16E.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSB6B0B602-9891-4EC5-B943-F7FF97467C7A.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSB7E242D7-B5AE-4DFC-A7A7-BDDA38FD9458.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSBA1E8AFC-85AD-4013-96B1-197C9A06DBE3.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSBB42B52F-8F2D-419F-8F06-7E5600DA8D0E.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSC059B521-3E36-4767-AE2F-C2D3C8CEA9E6.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSC494FD5B-95ED-4E31-935E-8D0008D222A6.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSC57D9AE7-421B-4B0F-B1D6-0D9DDB213F8A.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSCA76072F-26B1-4E76-9B43-EBE765280105.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSD130378A-02D8-438B-A537-98749D594BF4.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSD1E77AFA-2AC9-4AE0-BD59-9AE1C58972B5.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSD1F637E7-D06B-4C54-B09C-A243B8308BBD.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSD22733EC-A139-4167-B8BD-BF6238668740.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSD3778640-2F39-4404-BC9C-C8476089208B.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSD3CC6B9C-8EFE-4EF4-94BE-BCF46513B1A4.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSD40004F7-6AF4-4313-A0DB-2CC4B05C5661.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSD8ADDE1E-60B9-4873-9735-3BB3EE560F2F.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSD8E7DD67-0F1E-495E-B368-7E4AF0EEB38F.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSDEE8E89B-3597-4EC5-BBF2-E2A7D42DDDA7.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSEC160788-945D-46C2-BC47-EE1CDA6B7637.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSED608A9D-BF5C-4A11-9246-BC6A128C1C06.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSEE0AD547-7193-4DF6-B910-D050EB0FAA3B.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSEE7D819D-2A5C-41C9-A77A-3B2B959CAEC2.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSF2038219-2614-4251-AF8F-F2152E371CF7.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSF255853E-8778-4E69-AF5F-47B4B159F90D.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSF34B0412-2057-4870-A242-3CF598C3E405.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSF4A2771C-F464-4B18-BF8A-3A91FD8E5131.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSF4AD5DA5-8E4B-493A-86B8-0C0D768A43FB.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSF532D33D-DE89-4B80-B36A-4D41CA4A73FE.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSF757C649-4093-4C24-83C9-6DB0D21223E0.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSF86F9EFD-4A34-4FC2-9B5A-4EE9E52F8C45.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSF95BB4C4-7B09-44C4-B7B8-56BF0F7B742D.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSFBE6D100-00BD-4970-B8C8-3F8DC2573CD6.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSFE87956A-A7E9-43C9-B6EE-57101DD89125.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

C:\Program Files\ESET\cache\CACHE.NDB Object is locked skipped

C:\Program Files\ESET\infectedWIUVJCA.NQF Infected: Trojan-Downloader.Win32.VB.asx skipped

C:\Program Files\ESET\infected\15DLESCA.NQF Infected: not-a-virus:AdWare.Win32.Virtumonde.fp skipped

C:\Program Files\ESET\infected\ITW2HIBA.NQF Infected: Trojan-Dropper.Win32.Agent.mu skipped

C:\Program Files\ESET\infected\KBVJAACA.NQF Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped

C:\Program Files\ESET\infected\N5SKS0CA.NQF/stream/data0004 Infected: not-a-virus:AdWare.Win32.Softomate.u skipped

C:\Program Files\ESET\infected\N5SKS0CA.NQF/stream Infected: not-a-virus:AdWare.Win32.Softomate.u skipped

C:\Program Files\ESET\infected\N5SKS0CA.NQF NSIS: infected - 2 skipped

C:\Program Files\ESET\infected\N5SKS0CA.NQF PE-Crypt.XorPE: infected - 2 skipped

C:\Program Files\ESET\infected\TR0M0FBA.NQF Infected: not-a-virus:AdWare.Win32.Virtumonde.fp skipped

C:\Program Files\ESET\logs\virlog.dat Object is locked skipped

C:\Program Files\ESET\logs\warnlog.dat Object is locked skipped

C:\Program Files\Webroot\Spy Sweeper\Masters\Masters.const Object is locked skipped

C:\Program Files\Webroot\Spy Sweeper\Masters\Masters.mst Object is locked skipped

C:\Program Files\Webroot\Spy Sweeper\Masters.base Object is locked skipped

C:\QooBox\Quarantine\C\WINDOWS\dls0523pmw.exe.vir Infected: Trojan-Downloader.Win32.Zlob.bqw skipped

C:\QooBox\Quarantine\C\WINDOWS\system32\owinpndt.exe.vir Infected: not-a-virus:AdWare.Win32.ZenoSearch.r skipped

C:\QooBox\Quarantine\C\WINDOWS\system32\T4\amst5.exe.vir Infected: Trojan-Dropper.Win32.Agent.bfr skipped

C:\QooBox\Quarantine\catchme2007-06-14_195955.20.zip/core.sys Infected: Rootkit.Win32.Agent.eq skipped

C:\QooBox\Quarantine\catchme2007-06-14_195955.20.zip ZIP: infected - 1 skipped

C:\sti.log Object is locked skipped

C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

C:\System Volume Information\_restore{DD16E6C7-96C7-46E5-BC32-F4597A8EBB08}\RP12\A0011049.exe Infected: Trojan-Dropper.Win32.Agent.bfr skipped

C:\System Volume Information\_restore{DD16E6C7-96C7-46E5-BC32-F4597A8EBB08}\RP12\A0011050.exe/stream/data0004 Infected: not-a-virus:AdWare.Win32.Softomate.u skipped

C:\System Volume Information\_restore{DD16E6C7-96C7-46E5-BC32-F4597A8EBB08}\RP12\A0011050.exe/stream Infected: not-a-virus:AdWare.Win32.Softomate.u skipped

C:\System Volume Information\_restore{DD16E6C7-96C7-46E5-BC32-F4597A8EBB08}\RP12\A0011050.exe NSIS: infected - 2 skipped

C:\System Volume Information\_restore{DD16E6C7-96C7-46E5-BC32-F4597A8EBB08}\RP12\A0011052.exe Infected: Trojan-Downloader.Win32.Zlob.bqw skipped

C:\System Volume Information\_restore{DD16E6C7-96C7-46E5-BC32-F4597A8EBB08}\RP12\A0011055.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.r skipped

C:\System Volume Information\_restore{DD16E6C7-96C7-46E5-BC32-F4597A8EBB08}\RP12\A0011056.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.fp skipped

C:\System Volume Information\_restore{DD16E6C7-96C7-46E5-BC32-F4597A8EBB08}\RP12\A0011151.exe Object is locked skipped

C:\System Volume Information\_restore{DD16E6C7-96C7-46E5-BC32-F4597A8EBB08}\RP12\change.log Object is locked skipped

C:\System Volume Information\_restore{DD16E6C7-96C7-46E5-BC32-F4597A8EBB08}\RP6\A0000975.exe/data0004 Infected: not-a-virus:AdWare.Win32.TTC.a skipped

C:\System Volume Information\_restore{DD16E6C7-96C7-46E5-BC32-F4597A8EBB08}\RP6\A0000975.exe NSIS: infected - 1 skipped

C:\System Volume Information\_restore{DD16E6C7-96C7-46E5-BC32-F4597A8EBB08}\RP9\A0003353.dll Infected: not-a-virus:AdWare.Win32.TTC.a skipped

C:\System Volume Information\_restore{DD16E6C7-96C7-46E5-BC32-F4597A8EBB08}\RP9\A0003354.dll Infected: Trojan.Win32.BHO.ab skipped

C:\System Volume Information\_restore{DD16E6C7-96C7-46E5-BC32-F4597A8EBB08}\RP9\A0004309.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\qwr67.exe/data0004 Infected: not-a-virus:AdWare.Win32.TTC.a skipped

C:\WINDOWS\qwr67.exe NSIS: infected - 1 skipped

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

C:\WINDOWS\Sti_Trace.log Object is locked skipped

C:\WINDOWS\sysrlb32.exe Infected: Trojan.Win32.VB.azo skipped

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\default Object is locked skipped

C:\WINDOWS\system32\config\default.LOG Object is locked skipped

C:\WINDOWS\system32\config\ODiag.evt Object is locked skipped

C:\WINDOWS\system32\config\OSession.evt Object is locked skipped

C:\WINDOWS\system32\config\SAM Object is locked skipped

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\system32\config\software Object is locked skipped

C:\WINDOWS\system32\config\software.LOG Object is locked skipped

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\system Object is locked skipped

C:\WINDOWS\system32\config\system.LOG Object is locked skipped

C:\WINDOWS\system32\h323log.txt Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

C:\WINDOWS\wiadebug.log Object is locked skipped

C:\WINDOWS\wiaservc.log Object is locked skipped

C:\WINDOWS\WindowsUpdate.log Object is locked skipped

D:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\a49f5c10b4e7d3aaec54e5b37a8374fd_de04b381-1a66-49ce-ab2d-fcb874b4763a Object is locked skipped

D:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp Object is locked skipped

D:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Dr Watson\user.dmp Object is locked skipped

D:\My Downloads\SmitfraudFix.zip/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped

D:\My Downloads\SmitfraudFix.zip ZIP: infected - 1 skipped

D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

D:\System Volume Information\_restore{CB6C49DA-EDF7-44D2-BE9A-1980ED7C533E}\RP717\A0390716.exe Object is locked skipped

D:\System Volume Information\_restore{CB6C49DA-EDF7-44D2-BE9A-1980ED7C533E}\RP754\A0415302.exe Infected: Trojan-Downloader.Win32.Small.cqs skipped

D:\System Volume Information\_restore{CB6C49DA-EDF7-44D2-BE9A-1980ED7C533E}\RP760\A0415894.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped

D:\System Volume Information\_restore{CB6C49DA-EDF7-44D2-BE9A-1980ED7C533E}\RP771\A0426516.exe/WISE0023.BIN/clientax.dll Infected: not-a-virus:AdWare.Win32.180Solutions.ao skipped

D:\System Volume Information\_restore{CB6C49DA-EDF7-44D2-BE9A-1980ED7C533E}\RP771\A0426516.exe/WISE0023.BIN Infected: not-a-virus:AdWare.Win32.180Solutions.ao skipped

D:\System Volume Information\_restore{CB6C49DA-EDF7-44D2-BE9A-1980ED7C533E}\RP771\A0426516.exe WiseSFX: infected - 2 skipped

D:\System Volume Information\_restore{CB6C49DA-EDF7-44D2-BE9A-1980ED7C533E}\RP771\A0426516.exe WiseSFX Dropper: infected - 2 skipped

D:\System Volume Information\_restore{CB6C49DA-EDF7-44D2-BE9A-1980ED7C533E}\RP772\A0426573.dll Object is locked skipped

D:\System Volume Information\_restore{DD16E6C7-96C7-46E5-BC32-F4597A8EBB08}\RP12\change.log Object is locked skipped

Scan process completed.



#7 Gary R

Gary R

    MRU Administrator

  • MRU Teachers
  • 1,510 posts

Posted 16 June 2007 - 12:57 AM

OK, couple of files to take care of.

You've got some encrypted backup files created by Nod32 and Combofix as well, neither are a threat to you.

Also, your System Restore files are infected. Provided you don't do a System Restore you can't be re-infected from them, we'll clear them out before we're finished. For the time being we'll leave them alone. I clean them out last of all just in case we have any unexpected problems, better an infected restore point than no restore point.

Download OTMoveIt by OldTimer to your Desktop.
  • Double click OTMoveIt.exe to launch it.
  • Copy/Paste the contents of the box below into the left hand pane of OTMoveIt.

C:\WINDOWS\qwr67.exe
C:\WINDOWS\sysrlb32.exe

  • Click the Move It button.
  • The list will be processed and the results will appear in the right hand pane.
  • If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
  • When finished click Exit to exit the programme.
  • A log C:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log will be created (where mmddyyyy_hhmmss are numbers giving date and time the log was created).
  • Post the log back here please.


#8 Jordan_Inc

Jordan_Inc

    Authentic Member

  • Authentic Member
  • PipPip
  • 41 posts

Posted 16 June 2007 - 08:58 PM

C:\WINDOWS\qwr67.exe moved successfully.
C:\WINDOWS\sysrlb32.exe moved successfully.

Created on 06/16/2007 19:58:23


thats all it says in the text document

Edited by Jordan_Inc, 16 June 2007 - 09:00 PM.


#9 Gary R

Gary R

    MRU Administrator

  • MRU Teachers
  • 1,510 posts

Posted 17 June 2007 - 12:18 AM

Excellent, that's all I wanted to know.

OK, just a little housekeeping to do now.

Let's clear out the programmes we've been using to clean up your computer, they are not suitable for general malware removal and could cause damage if used inappropriately.
  • Double click OTMoveIt.exe to launch the programme.
  • Click on the CleanUp! button.
  • OTMoveIt will download a list from the Internet, if your firewall or other defensive programmes alerts you, allow it access.
  • You will be prompted to allow the clean up procedure, click Yes
  • When finished exit out of OTMoveIt
  • Now delete OTMoveIt.exe
please delete these folders as well.

C:\_OTMoveIt
C:\QooBox


Are you still noticing any problems?, because it appears your system is all clean. If not, it's time to secure your system to prevent against further intrusions.

THESE STEPS ARE VERY IMPORTANT

Lets reset system restore
Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs changing those files. This is the only way to clean these files: You will lose all previous restore points which are likely to be infected. Please note you need Administrator Access to clean the restore points.
  • Turn off System Restore.
    • On the Desktop, right-click My Computer.
    • Click Properties.
    • Click the System Restore tab.
    • Check Turn off System Restore.
    • Click Apply, and then click OK.
  • Reboot.
  • Turn ON System Restore.
    • On the Desktop, right-click My Computer.
    • Click Properties.
    • Click the System Restore tab.
    • UN-Check *Turn off System Restore*.
    • Click Apply, and then click OK.
  • NOTE: only do this ONCE, NOTon a regular basis
We need to re hide system files.

To do so, please follow the steps below:
  • Double-click My Computer.
  • Click the Tools menu, and then click Folder Options.
  • Click the View tab.
  • Put a check by "Hide file extensions for known file types."
  • Under the "Hidden files" folder, select "Do not show hidden files and folders."
  • Check "Hide protected operating system files."
  • Click Apply, and then click OK.

Updating Windows and Internet Explorer

IMPORTANT: You need to update Windows and Internet Explorer to protect your computer from the malware that is around on the Internet. Please go to the windows update site to get the critical updates.

If you're running Microsoft Office, or any portion thereof, go to Microsoft's Office Update site and make sure you have at least all the critical updates installed. (Free at Microsoft Office Update).

Make your Internet Explorer more secure
  • From within Internet Explorer click on Tools > Options > Security > Internet > Custom Level.
  • Make sure these options are set as follows:
    • Download signed ActiveX controls to Prompt
    • Download unsigned ActiveX controls to Disable
    • Initialize and script ActiveX controls not marked as safe to Disable
    • Installation of desktop items to Prompt
    • Launching programs and files in an IFRAME to Prompt
    • Navigate sub-frames across different domains to Prompt
  • When all these settings have been made, click on the OK button.
  • If it prompts you as to whether or not you want to save the settings, press the Yes button.
  • Press the Apply button and then the OK to exit the Internet Properties page.
The following are free programs that are designed to keep your computer clean. A brief description is included with each item, click on name to go to download site.
  • Adaware SE Personal
    Adaware is a free program. It scans for known spyware on your computer. These scans should be run at least once every two weeks. For more information, see this tutorial
  • Spybot S & D
    Spybot is a scanner like Adaware. It scans for spyware and other malicious programs. It is important to have both Adaware and Spybot on your computer because each program provides unique detection and protection measures. Spybot has preventitive tools that stop programs from even installing on your computer.
    To see how to set this up as well as more spybot features, see here
  • SpywareBlaster
    Spyware blaster is a program that stops known malicious activex controls from installing on your computer. It works by changing settings in your registry. It makes "kill bits" in the registry, so that certain activex controls can't install.
    If you don't know what activex controls are, see here
  • IE Spyad
    It puts many bad webpages on your restricted zones LIST. This means that you can still view the "bad" webpages, but the webpages can't do certain things (such as use javascripts and cookies). Use IE Spyad for single account computers, and IE Spyad 2 for multi account computers.
  • Hosts file:
    • Every version of windows has a hosts file as part of them.
    • In a very basic sense, they are used to locate webpages.
    • We can customize a hosts file so that it blocks certain webpages.
    • However, it can slow down certain computers.
    • This is why using a hosts file is optional!!
    • Make sure you read the instructions on how to install the hosts file, here.
  • If you decide to download the hosts file, the slowdown problems can usually be avoided by following these steps:
    • Click the start button (at the lower left hand corner of your screen)
    • Click run
    • In the dialog box, type services.msc
    • hit enter, then locate dns client
    • Highlight it, then double-click it.
    • On the dropdown box, change the setting from automatic to manual.
    • Click ok
  • Use an Anti Virus Software - It's very important that your computer has an anti-virus software running. This alone can save you a lot of trouble with malware in the future. See this link for a LISTing of some, on line & their stand-alone anti virus programs:
    Computer Safety On line - LIST of free Anti virus programs
  • Use a Firewall - I cannot stress enough how important it is that you use a Firewall on your computer. Without a firewall your computer is susceptible to being hacked and taken over. Simply using a Firewall in its default configuration can lower your risk greatly. For more info, check this webpage out.
    See here to choose one.
  • Site Advisor This is a utility that can be downloaded and installed. It loads an icon to the taskbar of your browser (versions for IE and Firefox), indicating the trustworthiness of the site you are on. Green for safe, Red for suspicious. Click on the icon to access details that SiteAdvisor has about the site.

Just a final reminder for you.
  • UPDATE UPDATE UPDATE!!! Make sure you do this about every 1-2 weeks.
  • Run Spybot and Adaware regularly. (Once a week minimum)
  • It is important that you visit http://www.windowsupdate.com regularly. This will ensure you always have the latest security updates installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
Stand up and be Counted.

NOW is the time you can start to hit back at the people who infected you.
Posted Image
Please take the time to go and complain - that forum has a topic for your infection which is Vundo....... (if not, post in the Is your infection not listed here? topic). Please post as a reply, you do not need to register to do so (but you can if you wish). It will also have a list of other places you can go to to register your complaint, depending on the country you are resident in. Please read the topics and complain, it is only with such complaints to goverment or government agencies that something will get done.


Once again, please post and tell me how things are going with your system... problems etc.

Gary R

The above is a general post I give when someone's computer is clean. Obviously you have already taken care of some of the issues mentioned, but it is important that you read through them, and address any that you may have missed.

Keep secure.

Gary R

#10 Jordan_Inc

Jordan_Inc

    Authentic Member

  • Authentic Member
  • PipPip
  • 41 posts

Posted 17 June 2007 - 02:21 PM

thanks a lot for your help! ive done everything you told me to. and my computer works fine now. thanks a lot

#11 Gary R

Gary R

    MRU Administrator

  • MRU Teachers
  • 1,510 posts

Posted 17 June 2007 - 11:43 PM

You're welcome, always glad when we can help.

This topic is now closed.

If you are the originator of this topic, and you need it re-opened please pm a moderator, including a link to this topic.


If you have been helped and wish to donate to help with the costs of this volunteer site, please read Tom Coyote Donations

Gary R

#12 Gary R

Gary R

    MRU Administrator

  • MRU Teachers
  • 1,510 posts

Posted 17 June 2007 - 11:44 PM

Since this issue appears to be resolved ... this Topic has been closed. Glad we could be of assistance.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.

Coyote's Installed programs for prevention:

http://forums.tomcoy...showtopic=31418

The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online.

Visit the CoyoteStore http://TomCoyote.org/coyotestore.php

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users