Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93081 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

[Closed] Help with virus/spyware


  • This topic is locked This topic is locked
4 replies to this topic

#1 wyexile

wyexile

    New Member

  • New Member
  • Pip
  • 2 posts

Posted 05 May 2008 - 09:50 AM

Hi, I would be grateful if someone can help me with this problem.

When I boot up my machine instead of my usual desktop I get a blue screen with the message 'warning spyware has been detected on your PC' and 'click here to scan your pc for spyware'. If I click I get redirected to a website selling spyware removal software. I also get popups from the system tray telling me my laptop is infected with spyware.

I have run adware and removed the files it found but I am still seeing the problem.

Please see below for my hijack this report.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:35:05, on 05/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\nslsvice.exe
C:\WINNT\system32\ibmpmsvc.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\AspenTech\BPE\AfwSecCliSvc.exe
C:\WINNT\system32\bmwebcfg.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINNT\winself.exe
C:\Program Files\Common Files\AspenTech Shared\Portmapper\PORTSERV.EXE
C:\WINNT\system32\RegSrvc.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Passlogix\v-GO SSO\ssoshell.exe
c:\Program Files\SmartPipes\PMAC\sp_SWIns.exe
C:\WINNT\system32\wmsdkns.exe
C:\WINNT\Explorer.EXE
c:\Program Files\AccessManager\Client\sygman.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINNT\System32\TPHDEXLG.EXE
C:\WINNT\system32\TpKmpSVC.exe
C:\WINNT\system32\CCM\CcmExec.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
C:\WINNT\system32\rundll32.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe
C:\WINNT\system32\TpShocks.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\Program Files\Common Files\AspenTech Shared\Toolbar\aspenONEtoolbar.exe
C:\Program Files\Passlogix\v-GO SSO\Helper\Moz\ssomozho.exe
C:\Program Files\Passlogix\v-GO SSO\Helper\Emulator\ssomho.exe
C:\WINNT\system32\igfxtray.exe
C:\Program Files\Passlogix\v-GO SSO\Helper\IE\ssobho.exe
C:\WINNT\system32\hkcmd.exe
C:\WINNT\system32\msiexec.exe
C:\WINNT\system32\igfxpers.exe
C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32Info.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://theedge.rohmhaas.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://theedge.rohmhaas.com
F2 - REG:system.ini: UserInit=C:\WINNT\system32\userinit.exe,C:\Program Files\Passlogix\v-GO SSO\ssoshell.exe /background,C:\WINNT\system32\wmsdkns.exe,
O2 - BHO: (no name) - {00000250-0320-4dd4-be4f-7566d2314352} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {13197ace-6851-45c3-a7ff-c281324d5489} - (no file)
O2 - BHO: (no name) - {15651c7c-e812-44a2-a9ac-b467a2233e7d} - (no file)
O2 - BHO: (no name) - {4e1075f4-eec4-4a86-add7-cd5f52858c31} - (no file)
O2 - BHO: (no name) - {4e7bd74f-2b8d-469e-92c6-ce7eb590a94d} - (no file)
O2 - BHO: (no name) - {5dafd089-24b1-4c5e-bd42-8ca72550717b} - (no file)
O2 - BHO: (no name) - {622cc208-b014-4fe0-801b-874a5e5e403a} - (no file)
O2 - BHO: (no name) - {8674aea0-9d3d-11d9-99dc-00600f9a01f1} - (no file)
O2 - BHO: (no name) - {965a592f-8efa-4250-8630-7960230792f1} - (no file)
O2 - BHO: (no name) - {9c5b2f29-1f46-4639-a6b4-828942301d3e} - (no file)
O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765728274} - (no file)
O2 - BHO: (no name) - {fc3a74e5-f281-4f10-ae1e-733078684f3c} - (no file)
O2 - BHO: (no name) - {ffff0001-0002-101a-a3c9-08002b2f49fb} - (no file)
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINNT\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINNT\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINNT\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINNT\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINNT\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [aspenONE Toolbar] "C:\Program Files\Common Files\AspenTech Shared\Toolbar\aspenONEtoolbar.exe" -auto
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINNT\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINNT\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINNT\system32\igfxpers.exe
O4 - HKLM\..\Run: [Webroot Spy Sweeper, Enterprise Edition] C:\Program Files\Webroot\Enterprise\Spy Sweeper\SpySweeperTray.exe
O4 - HKLM\..\Run: [Broadbandadvisor.exe] "C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe" /AUTORUN
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKUS\S-1-5-21-2059484695-1622420474-1353397897-42016\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-2059484695-1622420474-1353397897-801686\..\Run: [IBM RecordNow!] (User '?')
O4 - HKUS\S-1-5-21-2059484695-1622420474-1353397897-9775\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINNT\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINNT\system32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-21-2059484695-1622420474-1353397897-15012 Startup: Startup.lnk = C:\Program Files\ROH\Support\New User\Customize.vbs (User '?')
O4 - S-1-5-21-2059484695-1622420474-1353397897-9775 Startup: Startup.lnk = C:\Program Files\ROH\Support\New User\Customize.vbs (User '?')
O4 - .DEFAULT User Startup: Startup.lnk = C:\Program Files\ROH\Support\New User\Customize.vbs (User 'Default user')
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: VPN Client.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O10 - Unknown file in Winsock LSP: bmnet.dll
O10 - Unknown file in Winsock LSP: bmnet.dll
O10 - Unknown file in Winsock LSP: bmnet.dll
O14 - IERESET.INF: START_PAGE_URL=http://theedge.rohmhaas.com
O15 - Trusted Zone: *.adobe.com
O15 - Trusted Zone: *.alertdriving.com
O15 - Trusted Zone: *.attexecubill.com
O15 - Trusted Zone: *.bna.com
O15 - Trusted Zone: *.bnatax.com
O15 - Trusted Zone: *.boardvantage.com
O15 - Trusted Zone: rohmhaas.culturalnavigator.com
O15 - Trusted Zone: *.financialcontent.com
O15 - Trusted Zone: *.ftssol.com
O15 - Trusted Zone: *.gov.cn
O15 - Trusted Zone: *.hewitt.com
O15 - Trusted Zone: *.infuzer.com
O15 - Trusted Zone: *.Intechnologies.com
O15 - Trusted Zone: *.lrn.com
O15 - Trusted Zone: *.macromedia.com
O15 - Trusted Zone: *.mymeetings.com
O15 - Trusted Zone: *.placeware.com
O15 - Trusted Zone: *.shockwave.com
O15 - Trusted Zone: *.signkorea.com
O15 - Trusted Zone: *.skillsoft.com
O15 - Trusted Zone: *.smartforce.com
O15 - Trusted Zone: *.smartfresh.com
O15 - Trusted Zone: *.stf.com
O15 - Trusted Zone: *.strategicsourcing.com
O15 - Trusted Zone: *.systemsoftinc.com
O15 - Trusted Zone: *.teamanywhere.com
O15 - Trusted Zone: mdsuars01.usi.net
O15 - Trusted Zone: mdsuars02.usi.net
O15 - Trusted Zone: *.webex.com
O15 - Trusted Zone: *.webridge.com
O15 - Trusted Zone: *.webx.com
O15 - Trusted Zone: *.adobe.com (HKLM)
O15 - Trusted Zone: *.alertdriving.com (HKLM)
O15 - Trusted Zone: *.attexecubill.com (HKLM)
O15 - Trusted Zone: *.bna.com (HKLM)
O15 - Trusted Zone: *.bnatax.com (HKLM)
O15 - Trusted Zone: *.boardvantage.com (HKLM)
O15 - Trusted Zone: rohmhaas.culturalnavigator.com (HKLM)
O15 - Trusted Zone: *.financialcontent.com (HKLM)
O15 - Trusted Zone: *.ftssol.com (HKLM)
O15 - Trusted Zone: *.gov.cn (HKLM)
O15 - Trusted Zone: *.hewitt.com (HKLM)
O15 - Trusted Zone: *.infuzer.com (HKLM)
O15 - Trusted Zone: *.Intechnologies.com (HKLM)
O15 - Trusted Zone: *.lrn.com (HKLM)
O15 - Trusted Zone: *.macromedia.com (HKLM)
O15 - Trusted Zone: *.mymeetings.com (HKLM)
O15 - Trusted Zone: *.placeware.com (HKLM)
O15 - Trusted Zone: *.shockwave.com (HKLM)
O15 - Trusted Zone: *.signkorea.com (HKLM)
O15 - Trusted Zone: *.skillsoft.com (HKLM)
O15 - Trusted Zone: *.smartforce.com (HKLM)
O15 - Trusted Zone: *.smartfresh.com (HKLM)
O15 - Trusted Zone: *.stf.com (HKLM)
O15 - Trusted Zone: *.strategicsourcing.com (HKLM)
O15 - Trusted Zone: *.systemsoftinc.com (HKLM)
O15 - Trusted Zone: *.teamanywhere.com (HKLM)
O15 - Trusted Zone: mdsuars01.usi.net (HKLM)
O15 - Trusted Zone: mdsuars02.usi.net (HKLM)
O15 - Trusted Zone: *.webex.com (HKLM)
O15 - Trusted Zone: *.webridge.com (HKLM)
O15 - Trusted Zone: *.webx.com (HKLM)
O15 - Trusted IP range: 10.1.*.*
O15 - Trusted IP range: 10.2.*.*
O15 - Trusted IP range: 10.3.*.*
O15 - Trusted IP range: 10.4.*.*
O15 - Trusted IP range: 10.5.*.*
O15 - Trusted IP range: 10.1.*.* (HKLM)
O15 - Trusted IP range: 10.2.*.* (HKLM)
O15 - Trusted IP range: 10.3.*.* (HKLM)
O15 - Trusted IP range: 10.4.*.* (HKLM)
O15 - Trusted IP range: 10.5.*.* (HKLM)
O16 - DPF: Sametime MRC 651 - http://stho1.rohmhaa...gRoomClient.cab
O16 - DPF: {05D96F71-87C6-11D3-9BE4-00902742D6E0} (QuickPlace Class) - http://www.teamanywhere.com/qp2.cab
O16 - DPF: {6CEDB6B5-4859-4E3A-BCA2-FB8E565B8AD9} (JNILoader Control) - http://stho1.rohmhaa...STJNILoader.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://rohmhaas.web...bex/ieatgpc.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = rohmhaas.net
O17 - HKLM\Software\..\Telephony: DomainName = rohmhaas.net
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = rohmhaas.net
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AFW Security Client Service (AfwSecCliSvc) - Aspen Technology, Inc. - C:\Program Files\AspenTech\BPE\AfwSecCliSvc.exe
O23 - Service: Access Manager Configuration Service (AMBroker) - MCI, Inc. - c:\Program Files\AccessManager\Client\AMBroker.exe
O23 - Service: Bytemobile Web Configurator (bmwebcfg) - Bytemobile, Inc. - C:\WINNT\system32\bmwebcfg.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Visual Insight DA Plugin (DAPlugin) - MCI, Inc. - c:\Program Files\AccessManager\Client\DAPlugin.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:\WINNT\system32\ibmpmsvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Lotus Notes Single Logon - IBM Corp - C:\WINNT\system32\nslsvice.exe
O23 - Service: MsSecurity Updated (MsSecurity1.209.4) - Unknown owner - C:\WINNT\winself.exe
O23 - Service: NobleNet Portmapper for TCP - Unknown owner - C:\Program Files\Common Files\AspenTech Shared\Portmapper\PORTSERV.EXE
O23 - Service: RegSrvc - Intel Corporation - C:\WINNT\system32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINNT\system32\S24EvMon.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SP Software Installer - Smartpipes, Inc. - c:\Program Files\SmartPipes\PMAC\sp_SWIns.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Visual Insight Dial Analysis (sp_spi_da) - Smartpipes, Inc. - c:\Program Files\SmartPipes\SMOC\spi_da.exe
O23 - Service: SSA Integration Manager (Sygman) - MCI, Inc. - c:\Program Files\AccessManager\Client\sygman.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINNT\System32\TPHDEXLG.EXE
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINNT\system32\TpKmpSVC.exe
O24 - Desktop Component 0: (no name) - About:Home

--
End of file - 14984 bytes

Thanks to anyone who can help.

Edited by wyexile, 05 May 2008 - 09:51 AM.

    Advertisements

Register to Remove


#2 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 06 May 2008 - 05:35 PM

Posted Image

You might want to print these instructions out.

I suggest you do this:

Double-click My Computer.
Click the Tools menu, and then click Folder Options.
Click the View tab.
Clear "Hide file extensions for known file types."
Under the "Hidden files" folder, select "Show hidden files and folders."
Clear "Hide protected operating system files."
Click Apply, and then click OK.


Please do not delete anything unless instructed to.


Next:

Please download the Fix_Protocol reg file from http://downloads.mal...om/Nel/FixP.zip and unzip it to your desktop.
Double click Fix_Protocol_zones_ranges.reg and allow it to merge with the registry.

Reboot your machine for the changes to take effect.


Next:

Please download ATF Cleaner by Atribune.
Download - ATF Cleaner»
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

(If you use FireFox or the Opera browser
To keep saved passwords, click No at the prompt.)

It's normal after running ATF cleaner that the PC will be slower to boot the first time or two.

Next:

Please download Malwarebytes' Anti-Malware to your desktop.

  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
Also "copy/paste" a new HijackThis log file into this thread.

Also please describe how your computer behaves at the moment.

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 


#3 wyexile

wyexile

    New Member

  • New Member
  • Pip
  • 2 posts

Posted 07 May 2008 - 01:18 AM

Many thanks for your reply. The problem is fixed.

#4 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 07 May 2008 - 05:48 AM

Many thanks for your reply. The problem is fixed.

We may have fixed part of the infections.
It's your computer so do as you wish.

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 


#5 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 11 May 2008 - 06:34 PM

Due to inactivity this topic will be closed. If you need help please start a new thread and post a new HJT log

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users