WE'RE SURE THAT YOU'LL LOVE US!
Hey there! 
Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. 
Join 93084 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.
Try What the Tech -- It's free!
[Closed] Screen Turn Blue With "Warning Spyware Detected On
Started by
BlueRuby
, Jun 05 2008 09:55 AM
-
This topic is locked
12 replies to this topic
#1
BlueRuby
-
- New Member
-
- 7 posts
New Member
Posted 05 June 2008 - 09:55 AM
Register to Remove
#2
BlueRuby
-
- New Member
-
- 7 posts
New Member
Posted 05 June 2008 - 12:01 PM
Please Help!!!! Cockroach starts to appear on the screen.......... Thanks in Advance!!!!!
#3
BlueRuby
-
- New Member
-
- 7 posts
New Member
Posted 06 June 2008 - 08:07 AM
No one wants to help me?? Am I doing something wrong??? Please advise.....
#4
BlueRuby
-
- New Member
-
- 7 posts
New Member
Posted 09 June 2008 - 08:17 AM
I have Dell Window XP and realized there are others on this forum that has the same problem. Can someone please help?
#5
jpshortstuff
-
- Authentic Member
-
- 5,710 posts
Teacher Emeritus
Posted 12 June 2008 - 05:43 AM
Hi, and Welcome to WhatTheTech 
My name is jpshortstuff. I would be glad to take a look at your log and help you with solving any malware problems. HijackThis logs can take a while to research, so please be patient and I'd be grateful if you would note the following:
Sorry about the delay in responding
If you still need help, scan again with HijackThis, and "copy/paste" a new log file into this thread.
Then I will analyze your log and sort out a fix for you
Also please describe how your computer behaves at the moment.
I need to see another log from HijackThis.
My name is jpshortstuff. I would be glad to take a look at your log and help you with solving any malware problems. HijackThis logs can take a while to research, so please be patient and I'd be grateful if you would note the following:
- I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
- The fixes are specific to your problem and should only be used for the issues on this machine.
- Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
- It's often worth reading through these instructions and printing them for ease of reference.
- If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
- Please reply to this thread. Do not start a new topic.
Sorry about the delay in responding
If you still need help, scan again with HijackThis, and "copy/paste" a new log file into this thread.
Then I will analyze your log and sort out a fix for you
Also please describe how your computer behaves at the moment.
I need to see another log from HijackThis.
- Run Hijackthis.
- Click on Open the Misc Tools section.
- Next click on Open uninstall manager.
- Press the Save list button.
- Save the file to your desktop, with the default name of uninstall_list
- Copy & Paste the entire contents of that file in your in your next post.
Proud Graduate of the TC/WTT Classroom
At weekends (GMT) I may not be able to reply promptly due to various commitments. Please be patient and I will respond as soon as I can.My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here
Need help remembering those important computer maintenance tasks? Let SCars do it for you.
#6
BlueRuby
-
- New Member
-
- 7 posts
New Member
Posted 12 June 2008 - 10:03 AM
Thank You for the reply!!!!!
Update for Windows XP (KB931836)
Update for Windows XP (KB932823-v3)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
URGE
Verizon Online DSL
Viewpoint Manager (Remove Only)
VobSub v2.23 (Remove Only)
Windows Defender Signatures
Windows Installer 3.1 (KB893803)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Live Outlook Toolbar (Windows Live Toolbar)
Windows Live Sign-in Assistant
Windows Live Toolbar
Windows Live Toolbar
Windows Live Toolbar Extension (Windows Live Toolbar)
Windows Live Toolbar Feed Detector (Windows Live Toolbar)
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
Windows XP Service Pack 2
WinRAR archiver
WordPerfect Office 11
x264 Revision 333 x264.nl (remove only)
XviD Video Codec 24.2.2003-11:00 (uManiac's build)
#7
jpshortstuff
-
- Authentic Member
-
- 5,710 posts
Teacher Emeritus
Posted 12 June 2008 - 10:14 AM
Hi, you seem to be missing most of your uninstall list there, please could you try and post it again?
Also, I need to see the main log from HijackThis - please click "Do A System Scan And Save a Logfile" and post the resulting log.
Thanks.
Proud Graduate of the TC/WTT Classroom
At weekends (GMT) I may not be able to reply promptly due to various commitments. Please be patient and I will respond as soon as I can.My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here
Need help remembering those important computer maintenance tasks? Let SCars do it for you.
#8
BlueRuby
-
- New Member
-
- 7 posts
New Member
Posted 12 June 2008 - 10:22 PM
Malwarebytes' Anti-Malware 1.14
Database version: 824
12:45:44 2008-06-04
mbam-log-6-4-2008 (12-45-44).txt
Scan type: Quick Scan
Objects scanned: 36812
Time elapsed: 6 minute(s), 22 second(s)
Memory Processes Infected: 1
Memory Modules Infected: 5
Registry Keys Infected: 11
Registry Values Infected: 1
Registry Data Items Infected: 2
Folders Infected: 14
Files Infected: 22
Memory Processes Infected:
C:\Program Files\AXPDefender\AXPDefender.exe (Rogue.AdvancedXPDefender) -> Unloaded process successfully.
Memory Modules Infected:
C:\Program Files\AXPDefender\AXPDefenderSkin.dll (Rogue.AdvancedXPDefender) -> Unloaded module successfully.
C:\Program Files\AXPDefender\MFC71.dll (Rogue.AdvancedXPDefender) -> Unloaded module successfully.
C:\Program Files\AXPDefender\MFC71ENU.DLL (Rogue.AdvancedXPDefender) -> Unloaded module successfully.
C:\Program Files\AXPDefender\msvcp71.dll (Rogue.AdvancedXPDefender) -> Unloaded module successfully.
C:\Program Files\AXPDefender\msvcr71.dll (Rogue.AdvancedXPDefender) -> Unloaded module successfully.
Registry Keys Infected:
HKEY_CLASSES_ROOT\Interface\{04a38f6b-006f-4247-ba4c-02a139d5531c} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{3c2d2a1e-031f-4397-9614-87c932a848e0} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{2b96d5cc-c5b5-49a5-a69d-cc0a30f9028c} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx.1 (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AXPDefender (Rogue.AdvancedXPDefender) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\AXPDefender (Rogue.AdvancedXPDefender) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sysrest.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sysrest.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sysrest.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\AXPDefender (Rogue.AdvancedXPDefender) -> Quarantined and deleted successfully.
Registry Data Items Infected:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\NoDispBackgroundPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\NoDispScrSavPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Folders Infected:
C:\Program Files\AXPDefender (Rogue.AdvancedXPDefender) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Advanced XP Defender (Rogue.AdvancedXPDefender) -> Quarantined and deleted successfully.
C:\Documents and Settings\HingWah\Application Data\AXPDefender (Rogue.AdvancedXPDefender) -> Quarantined and deleted successfully.
C:\Documents and Settings\HingWah\Application Data\AXPDefender\AXPDefender (Rogue.AdvancedXPDefender) -> Quarantined and deleted successfully.
C:\Documents and Settings\HingWah\Application Data\AXPDefender\AXPDefender\Quarantine (Rogue.AdvancedXPDefender) -> Quarantined and deleted successfully.
C:\Documents and Settings\HingWah\Application Data\AXPDefender\AXPDefender\Quarantine\Autorun (Rogue.AdvancedXPDefender) -> Quarantined and deleted successfully.
C:\Documents and Settings\HingWah\Application Data\AXPDefender\AXPDefender\Quarantine\BrowserObjects (Rogue.AdvancedXPDefender) -> Quarantined and deleted successfully.
C:\Documents and Settings\HingWah\Application Data\AXPDefender\AXPDefender\Quarantine\Packages (Rogue.AdvancedXPDefender) -> Quarantined and deleted successfully.
C:\Documents and Settings\HingWah\Application Data\AXPDefender\AXPDefender\Quarantine\Autorun\HKCU (Rogue.AdvancedXPDefender) -> Quarantined and deleted successfully.
C:\Documents and Settings\HingWah\Application Data\AXPDefender\AXPDefender\Quarantine\Autorun\HKLM (Rogue.AdvancedXPDefender) -> Quarantined and deleted successfully.
C:\Documents and Settings\HingWah\Application Data\AXPDefender\AXPDefender\Quarantine\Autorun\StartMenuAllUsers (Rogue.AdvancedXPDefender) -> Quarantined and deleted successfully.
C:\Documents and Settings\HingWah\Application Data\AXPDefender\AXPDefender\Quarantine\Autorun\StartMenuCurrentUser (Rogue.AdvancedXPDefender) -> Quarantined and deleted successfully.
C:\Documents and Settings\HingWah\Application Data\AXPDefender\AXPDefender\Quarantine\Autorun\HKCU\RunOnce (Rogue.AdvancedXPDefender) -> Quarantined and deleted successfully.
C:\Documents and Settings\HingWah\Application Data\AXPDefender\AXPDefender\Quarantine\Autorun\HKLM\RunOnce (Rogue.AdvancedXPDefender) -> Quarantined and deleted successfully.
Files Infected:
C:\Program Files\AXPDefender\AXPDefender.exe (Rogue.AdvancedXPDefender) -> Quarantined and deleted successfully.
C:\Program Files\Common Files\Real\WeatherBug\MiniBugTransporter.dll (Adware.Minibug) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\blphc32hj0e15a.scr (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Program Files\AXPDefender\AXPDefender.exe.local (Rogue.AdvancedXPDefender) -> Quarantined and deleted successfully.
C:\Program Files\AXPDefender\AXPDefenderSkin.dll (Rogue.AdvancedXPDefender) -> Quarantined and deleted successfully.
C:\Program Files\AXPDefender\database.dat (Rogue.AdvancedXPDefender) -> Quarantined and deleted successfully.
C:\Program Files\AXPDefender\license.txt (Rogue.AdvancedXPDefender) -> Quarantined and deleted successfully.
C:\Program Files\AXPDefender\MFC71.dll (Rogue.AdvancedXPDefender) -> Quarantined and deleted successfully.
C:\Program Files\AXPDefender\MFC71ENU.DLL (Rogue.AdvancedXPDefender) -> Quarantined and deleted successfully.
C:\Program Files\AXPDefender\msvcp71.dll (Rogue.AdvancedXPDefender) -> Quarantined and deleted successfully.
C:\Program Files\AXPDefender\msvcr71.dll (Rogue.AdvancedXPDefender) -> Quarantined and deleted successfully.
C:\Program Files\AXPDefender\Uninstall.exe (Rogue.AdvancedXPDefender) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Advanced XP Defender\Advanced XP Defender.lnk (Rogue.AdvancedXPDefender) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Advanced XP Defender\How to register.lnk (Rogue.AdvancedXPDefender) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Advanced XP Defender\License Agreement.lnk (Rogue.AdvancedXPDefender) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Advanced XP Defender\Register.lnk (Rogue.AdvancedXPDefender) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Advanced XP Defender\Uninstall.lnk (Rogue.AdvancedXPDefender) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Advanced XP Defender.lnk (Rogue.AdvancedXPDefender) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Desktop\AXPDefender.lnk (Rogue.AdvancedXPDefender) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sysrest.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\sysrest32.exe (Rootkit.Agent) -> Delete on reboot.
C:\Documents and Settings\HingWah\Application Data\Microsoft\Internet Explorer\Quick Launch\AXPDefender.lnk (Rogue.AdvancedXPDefender) -> Quarantined and deleted successfully.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:25, on 2008-06-13
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\lphc32hj0e15a.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\hijackthis.exe
N3 - Netscape 7: user_pref("browser.startup.homepage", "https://webbroker10..../logonForm.asp"); (C:\Documents and Settings\HINGWAH\Application Data\Mozilla\Profiles\default\6sj4dmyl.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\HINGWAH\Application Data\Mozilla\Profiles\default\6sj4dmyl.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [lphc32hj0e15a] C:\WINDOWS\system32\lphc32hj0e15a.exe
O4 - HKLM\..\Run: [sysrest32.exe] C:\WINDOWS\system32\sysrest32.exe
O4 - HKLM\..\Run: [Easy SpyRemover] C:\Program Files\Easy SpyRemover\EasySpyRemover.exe /smart
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [Uniblue RegistryBooster2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'Default user')
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...er.cab31267.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...01/mcinsctl.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symant...ex/symdlmgr.cab
O16 - DPF: {75D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin.SecureControl) - http://secure2.comne...iveSecurity.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.c.../cpcScanner.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcaf...,26/mcgdmgr.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_02) -
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zon...er.cab56986.cab
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe (file missing)
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\System32\HPHipm11.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
--
End of file - 7136 bytes
I did both all over again. Thank you and keep me advise please!!
Database version: 824
12:45:44 2008-06-04
mbam-log-6-4-2008 (12-45-44).txt
Scan type: Quick Scan
Objects scanned: 36812
Time elapsed: 6 minute(s), 22 second(s)
Memory Processes Infected: 1
Memory Modules Infected: 5
Registry Keys Infected: 11
Registry Values Infected: 1
Registry Data Items Infected: 2
Folders Infected: 14
Files Infected: 22
Memory Processes Infected:
C:\Program Files\AXPDefender\AXPDefender.exe (Rogue.AdvancedXPDefender) -> Unloaded process successfully.
Memory Modules Infected:
C:\Program Files\AXPDefender\AXPDefenderSkin.dll (Rogue.AdvancedXPDefender) -> Unloaded module successfully.
C:\Program Files\AXPDefender\MFC71.dll (Rogue.AdvancedXPDefender) -> Unloaded module successfully.
C:\Program Files\AXPDefender\MFC71ENU.DLL (Rogue.AdvancedXPDefender) -> Unloaded module successfully.
C:\Program Files\AXPDefender\msvcp71.dll (Rogue.AdvancedXPDefender) -> Unloaded module successfully.
C:\Program Files\AXPDefender\msvcr71.dll (Rogue.AdvancedXPDefender) -> Unloaded module successfully.
Registry Keys Infected:
HKEY_CLASSES_ROOT\Interface\{04a38f6b-006f-4247-ba4c-02a139d5531c} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{3c2d2a1e-031f-4397-9614-87c932a848e0} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{2b96d5cc-c5b5-49a5-a69d-cc0a30f9028c} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx.1 (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AXPDefender (Rogue.AdvancedXPDefender) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\AXPDefender (Rogue.AdvancedXPDefender) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sysrest.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sysrest.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sysrest.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\AXPDefender (Rogue.AdvancedXPDefender) -> Quarantined and deleted successfully.
Registry Data Items Infected:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\NoDispBackgroundPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\NoDispScrSavPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Folders Infected:
C:\Program Files\AXPDefender (Rogue.AdvancedXPDefender) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Advanced XP Defender (Rogue.AdvancedXPDefender) -> Quarantined and deleted successfully.
C:\Documents and Settings\HingWah\Application Data\AXPDefender (Rogue.AdvancedXPDefender) -> Quarantined and deleted successfully.
C:\Documents and Settings\HingWah\Application Data\AXPDefender\AXPDefender (Rogue.AdvancedXPDefender) -> Quarantined and deleted successfully.
C:\Documents and Settings\HingWah\Application Data\AXPDefender\AXPDefender\Quarantine (Rogue.AdvancedXPDefender) -> Quarantined and deleted successfully.
C:\Documents and Settings\HingWah\Application Data\AXPDefender\AXPDefender\Quarantine\Autorun (Rogue.AdvancedXPDefender) -> Quarantined and deleted successfully.
C:\Documents and Settings\HingWah\Application Data\AXPDefender\AXPDefender\Quarantine\BrowserObjects (Rogue.AdvancedXPDefender) -> Quarantined and deleted successfully.
C:\Documents and Settings\HingWah\Application Data\AXPDefender\AXPDefender\Quarantine\Packages (Rogue.AdvancedXPDefender) -> Quarantined and deleted successfully.
C:\Documents and Settings\HingWah\Application Data\AXPDefender\AXPDefender\Quarantine\Autorun\HKCU (Rogue.AdvancedXPDefender) -> Quarantined and deleted successfully.
C:\Documents and Settings\HingWah\Application Data\AXPDefender\AXPDefender\Quarantine\Autorun\HKLM (Rogue.AdvancedXPDefender) -> Quarantined and deleted successfully.
C:\Documents and Settings\HingWah\Application Data\AXPDefender\AXPDefender\Quarantine\Autorun\StartMenuAllUsers (Rogue.AdvancedXPDefender) -> Quarantined and deleted successfully.
C:\Documents and Settings\HingWah\Application Data\AXPDefender\AXPDefender\Quarantine\Autorun\StartMenuCurrentUser (Rogue.AdvancedXPDefender) -> Quarantined and deleted successfully.
C:\Documents and Settings\HingWah\Application Data\AXPDefender\AXPDefender\Quarantine\Autorun\HKCU\RunOnce (Rogue.AdvancedXPDefender) -> Quarantined and deleted successfully.
C:\Documents and Settings\HingWah\Application Data\AXPDefender\AXPDefender\Quarantine\Autorun\HKLM\RunOnce (Rogue.AdvancedXPDefender) -> Quarantined and deleted successfully.
Files Infected:
C:\Program Files\AXPDefender\AXPDefender.exe (Rogue.AdvancedXPDefender) -> Quarantined and deleted successfully.
C:\Program Files\Common Files\Real\WeatherBug\MiniBugTransporter.dll (Adware.Minibug) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\blphc32hj0e15a.scr (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Program Files\AXPDefender\AXPDefender.exe.local (Rogue.AdvancedXPDefender) -> Quarantined and deleted successfully.
C:\Program Files\AXPDefender\AXPDefenderSkin.dll (Rogue.AdvancedXPDefender) -> Quarantined and deleted successfully.
C:\Program Files\AXPDefender\database.dat (Rogue.AdvancedXPDefender) -> Quarantined and deleted successfully.
C:\Program Files\AXPDefender\license.txt (Rogue.AdvancedXPDefender) -> Quarantined and deleted successfully.
C:\Program Files\AXPDefender\MFC71.dll (Rogue.AdvancedXPDefender) -> Quarantined and deleted successfully.
C:\Program Files\AXPDefender\MFC71ENU.DLL (Rogue.AdvancedXPDefender) -> Quarantined and deleted successfully.
C:\Program Files\AXPDefender\msvcp71.dll (Rogue.AdvancedXPDefender) -> Quarantined and deleted successfully.
C:\Program Files\AXPDefender\msvcr71.dll (Rogue.AdvancedXPDefender) -> Quarantined and deleted successfully.
C:\Program Files\AXPDefender\Uninstall.exe (Rogue.AdvancedXPDefender) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Advanced XP Defender\Advanced XP Defender.lnk (Rogue.AdvancedXPDefender) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Advanced XP Defender\How to register.lnk (Rogue.AdvancedXPDefender) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Advanced XP Defender\License Agreement.lnk (Rogue.AdvancedXPDefender) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Advanced XP Defender\Register.lnk (Rogue.AdvancedXPDefender) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Advanced XP Defender\Uninstall.lnk (Rogue.AdvancedXPDefender) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Advanced XP Defender.lnk (Rogue.AdvancedXPDefender) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Desktop\AXPDefender.lnk (Rogue.AdvancedXPDefender) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sysrest.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\sysrest32.exe (Rootkit.Agent) -> Delete on reboot.
C:\Documents and Settings\HingWah\Application Data\Microsoft\Internet Explorer\Quick Launch\AXPDefender.lnk (Rogue.AdvancedXPDefender) -> Quarantined and deleted successfully.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:25, on 2008-06-13
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\lphc32hj0e15a.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\hijackthis.exe
N3 - Netscape 7: user_pref("browser.startup.homepage", "https://webbroker10..../logonForm.asp"); (C:\Documents and Settings\HINGWAH\Application Data\Mozilla\Profiles\default\6sj4dmyl.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\HINGWAH\Application Data\Mozilla\Profiles\default\6sj4dmyl.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [lphc32hj0e15a] C:\WINDOWS\system32\lphc32hj0e15a.exe
O4 - HKLM\..\Run: [sysrest32.exe] C:\WINDOWS\system32\sysrest32.exe
O4 - HKLM\..\Run: [Easy SpyRemover] C:\Program Files\Easy SpyRemover\EasySpyRemover.exe /smart
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [Uniblue RegistryBooster2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'Default user')
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...er.cab31267.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...01/mcinsctl.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symant...ex/symdlmgr.cab
O16 - DPF: {75D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin.SecureControl) - http://secure2.comne...iveSecurity.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.c.../cpcScanner.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcaf...,26/mcgdmgr.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_02) -
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zon...er.cab56986.cab
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe (file missing)
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\System32\HPHipm11.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
--
End of file - 7136 bytes
I did both all over again. Thank you and keep me advise please!!
#9
jpshortstuff
-
- Authentic Member
-
- 5,710 posts
Teacher Emeritus
Posted 14 June 2008 - 10:19 AM
Hi
Identity Theft
It looks like you have been infected by a few Backdoor Trojans.
This allows hackers to remotely control your computer, steal critical system information and Download and Execute files
Its very possible that anything could have been installed on your computer by the remote attacker, including opening other backdoors and installing rootkits. While we can attempt to clean what we see in your logs, we cannot guarantee that your computer will be completely in the clear since we have no way of knowing that has been done to the computer. Your computer could be completely compromised at this moment. It may be prudent to backup your information, reformat, and reinstall.
More information on Remote Access Trojans can be found here.
I suggest you do the following immediately:
If, however, you decide that the computer is not used for any sensitive work, or if you do not wish to reformat at this time, I can help you clean your computer to the best of my abilities. I must remind you that i cannot guarantee that your computer will be completely clean afterwards since we have no way of knowing what has been done to it.
To help you make your decision, here are a few related articles that i suggest you read:
Should you have any questions, please feel free to ask.
Please let me know what you decide to do in your next post.
Thanks.
Identity Theft
It looks like you have been infected by a few Backdoor Trojans.
This allows hackers to remotely control your computer, steal critical system information and Download and Execute files
Its very possible that anything could have been installed on your computer by the remote attacker, including opening other backdoors and installing rootkits. While we can attempt to clean what we see in your logs, we cannot guarantee that your computer will be completely in the clear since we have no way of knowing that has been done to the computer. Your computer could be completely compromised at this moment. It may be prudent to backup your information, reformat, and reinstall.
More information on Remote Access Trojans can be found here.
I suggest you do the following immediately:
- Call all of your banks, credit card companies, financial institutions and inform them that you may be a victim of identity theft and to put a watch on your accounts or change all your account numbers.
- From a clean computer, change *all* your online passwords -- for email, for banks, financial accounts, PayPal, eBay, online companies, any online forums or groups you belong to.
- DO NOT change passwords or do any transactions while using the infected computer because the attacker will get the new passwords and transaction information.
If, however, you decide that the computer is not used for any sensitive work, or if you do not wish to reformat at this time, I can help you clean your computer to the best of my abilities. I must remind you that i cannot guarantee that your computer will be completely clean afterwards since we have no way of knowing what has been done to it.
To help you make your decision, here are a few related articles that i suggest you read:
- Danger: Remote Access Trojans.
- When should I re-format? How should I reinstall?
- How Do I Handle Possible Identify Theft, Internet Fraud and Credit Card Fraud?
Should you have any questions, please feel free to ask.
Please let me know what you decide to do in your next post.
Thanks.
Proud Graduate of the TC/WTT Classroom
At weekends (GMT) I may not be able to reply promptly due to various commitments. Please be patient and I will respond as soon as I can.My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here
Need help remembering those important computer maintenance tasks? Let SCars do it for you.
#10
BlueRuby
-
- New Member
-
- 7 posts
New Member
Posted 14 June 2008 - 11:46 AM
???? How do I get something like that????? I dont run a company or anthing like that..... I havent log on to any credit cards sites or anything like that since it has been infected , you think Im still in danger of idenity theft? Thanks
#11
jpshortstuff
-
- Authentic Member
-
- 5,710 posts
Teacher Emeritus
Posted 14 June 2008 - 01:10 PM
If you don't use this computer for online banking (or similar) at all, then you may be safe from identity theft. If you wish to attempt to clean this computer, then we can do so, but we cannot guarantee that your computer will be fully clean as anything could be done to it while it is compromised.
You mention that you haven't used any banking related sites since you found out you were infected, but have you used any before you knew you were infected? The infection could have already been present and lurking, without giving you the full symptoms.
I would still recommend that you change you passwords for things like email, paypal and anything else that you consider a slight risk if it was compromised (do this from a different computer).
Let me know what you want to do.
Thanks.
You mention that you haven't used any banking related sites since you found out you were infected, but have you used any before you knew you were infected? The infection could have already been present and lurking, without giving you the full symptoms.
I would still recommend that you change you passwords for things like email, paypal and anything else that you consider a slight risk if it was compromised (do this from a different computer).
Let me know what you want to do.
Thanks.
Proud Graduate of the TC/WTT Classroom
At weekends (GMT) I may not be able to reply promptly due to various commitments. Please be patient and I will respond as soon as I can.My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here
Need help remembering those important computer maintenance tasks? Let SCars do it for you.
#12
jpshortstuff
-
- Authentic Member
-
- 5,710 posts
Teacher Emeritus
Posted 17 June 2008 - 03:48 PM
Hi, have you come to a decision on this one?
Proud Graduate of the TC/WTT Classroom
At weekends (GMT) I may not be able to reply promptly due to various commitments. Please be patient and I will respond as soon as I can.My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here
Need help remembering those important computer maintenance tasks? Let SCars do it for you.
#13
Trevuren
-
- Authentic Member
-
- 8,632 posts
Teacher Emeritus
- Interests:Woodworking
Posted 20 June 2008 - 09:58 AM
Due to inactivity this topic will be closed.
If you need help please start a new thread and post a new HJT log
Microsoft MVP Consumer Security 2008 - 2009
The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online.
Want to help others? Join the ClassRoom and learn how.
Proud graduate of TC/WTT Classroom
The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online.
Want to help others? Join the ClassRoom and learn how.
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
