|
|
|
|
|||||
|
|
|
|
|
|
|||
| Welcome
to Tech Support Forum home to more then 136,000 problems solved. Issues
have included: Spyware, Malware, Virus Issues, Windows, Microsoft,
Linux, Networking, Security, Hardware, and Gaming Getting your
problem solved is as easy as: 1. Registering for a free account 2. Asking your question 3. Receiving an answer Registered members: * See fewer ads. * And much more..
|
| Want to know how to post a question? click here | Having problems with spyware and pop-ups? First Steps |
|
|||||||
| Resolved HJT Threads Resolved spyware and popup issues. |
|
|
Thread Tools |
10-23-2007, 01:53 PM
|
#1 (permalink) | |
|
Registered User
Join Date: Oct 2007
Location: Shropshire
Posts: 7
OS: xp sp2
|
Unwanted popups
My daughter brought her computer round "daddyyyyy..." those of you with kids will recognise the tone of voice.
Random popups appearing while browsing. Running XP SP2, fully updated. Norton has expired. Used Norton removal tool. Loaded Avast - scanned - removed 12 viruses. Loaded Adaware SE - scanned - removed 210 potential threats. Followed steps 1 - 5. Note - Step 2 is a problem with Avast - I had to disable avast before Panda would run. Attached Panda report and Extra.txt as requested and main.txt pasted below. Panda reported 2 viruses, re-ran Avst and they werer detected and removed. Any advice appreciated. Allan Quote:
|
|
|
     |
|
10-23-2007, 03:52 PM
|
#2 (permalink) |
|
Registered User
Join Date: Oct 2007
Location: Shropshire
Posts: 7
OS: xp sp2
|
Avast and DSS / Active Scan
Just a heads up.
With Avast on my system Pandasoft Active Scan is rejected as a virus. Temporarily stop Avast (4.7) and it downloads and runs. Then downloaded DSS - no problems. Later re-enabled Avast and ran a virus scan and detected viruses / adware in Active Scan and DSS |
|
|
|
|
10-25-2007, 08:48 AM
|
#3 (permalink) |
|
Registered User
Join Date: Oct 2007
Location: Shropshire
Posts: 7
OS: xp sp2
|
Re: Unwanted popups - better but still a problem
did some more work on his. Loaded and ran SpybotSD
detected and removed Messenger Skinner, Pest Trap Spy Sheriff, SpywareBot, Spyware-Secure, Vario-Antivirus, LiveSVC.Wintrim. That has NEARLY fixed it. All unwanted popups have disappeared. However it still pops up a new blank IE window at random intervals, so I suspect the software that seeds the URI has gone, but the software that causes the popup is still present. re-ran Active scan - attached. New hijack log below Any ideas appreciated? Anyone know what boaciuh.exe is? Allan Deckard's System Scanner v20071014.68 Run by Helen on 2007-10-24 22:26:38 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- HijackThis (run as Helen.exe) ----------------------------------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 22:26:40, on 24/10/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\sm56hlpr.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Real\RealPlayer\RealPlay.exe C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe C:\APPS\Powercinema\PCMService.exe C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Google\Google Updater\GoogleUpdater.exe C:\Program Files\Microsoft Office\Office10\msoffice.exe C:\Program Files\EPSON\ESM2\eEBSVC.exe C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe c:\APPS\Powercinema\Kernel\TV\CLSched.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\wuauclt.exe D:\Documents and Settings\Helen\Desktop\dss.exe C:\PROGRA~1\TRENDM~1\HIJACK~1\Helen.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://C:\APPS\IE\offline\uk.htm R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER O4 - HKLM\..\Run: [Vade Retro Outlook Express] "C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe" O4 - HKLM\..\Run: [DetectorApp] C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [PCMService] "c:\APPS\Powercinema\PCMService.exe" O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32" O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe" O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNOTIFY.EXE O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: EPSON Background Monitor.lnk = C:\Program Files\EPSON\ESM2\STMS.exe O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-gb\msntabres.dll.mui/229?b1ba3174a34d4744887ab0ea717d3d19 O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-gb\msntabres.dll.mui/230?b1ba3174a34d4744887ab0ea717d3d19 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\uk.htm O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1154427904140 O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing) O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe O23 - Service: CyberLink Media Library Service - Cyberlink - c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\EPSON\ESM2\eEBSVC.exe O23 - Service: F - Sysinternals - www.sysinternals.com - D:\DOCUME~1\Helen\LOCALS~1\Temp\F.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe O23 - Service: USBDeviceService - Unknown owner - C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe -- End of file - 10432 bytes -- Files created between 2007-09-24 and 2007-10-24 ----------------------------- 2007-10-24 22:19:09 0 --a------ C:\WINDOWS\system32\BIUVKITZ 2007-10-24 19:17:09 684377 --a------ C:\WINDOWS\unins000.exe <Not Verified; ; Inno Setup> 2007-10-24 19:17:09 3440 --a------ C:\WINDOWS\unins000.dat 2007-10-24 19:09:09 0 d-------- D:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2007-10-23 20:29:59 0 d-------- C:\Program Files\Trend Micro 2007-10-23 20:28:37 0 d-------- D:\Deckard 2007-10-23 19:22:18 0 d-------- C:\WINDOWS\system32\ActiveScan 2007-10-23 18:46:08 0 d-------- D:\Documents and Settings\All Users\Application Data\Lavasoft 2007-10-23 18:46:08 0 d-------- C:\Program Files\Lavasoft 2007-10-23 18:45:41 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard 2007-10-23 18:43:30 0 d-------- C:\Program Files\Alwil Software 2007-10-10 21:00:08 0 d-------- D:\Documents and Settings\Helen\Application Data\AntiSpyware -- Find3M Report --------------------------------------------------------------- 2007-10-24 22:22:34 12 --a------ C:\WINDOWS\bthservsdp.dat 2007-10-24 20:51:09 0 d-------- C:\Program Files\Windows Live Toolbar 2007-10-23 18:45:41 0 d-------- C:\Program Files\Common Files 2007-10-23 18:42:31 0 d-------- C:\Program Files\Common Files\Symantec Shared 2007-10-04 19:53:08 0 d--h----- C:\Program Files\InstallShield Installation Information 2007-10-01 17:43:20 0 d-------- C:\Program Files\Google -- Registry Dump --------------------------------------------------------------- *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [04/08/2004 14:00] "PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [04/08/2004 14:00] "SMSERIAL"="sm56hlpr.exe" [18/10/2005 12:14 C:\WINDOWS\sm56hlpr.exe] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [28/04/2006 00:47] "nwiz"="nwiz.exe" [28/04/2006 00:47 C:\WINDOWS\system32\nwiz.exe] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [28/04/2006 00:47] "High Definition Audio Property Page Shortcut"="HDAShCut.exe" [07/01/2005 17:07 C:\WINDOWS\system32\HdAShCut.exe] "RTHDCPL"="RTHDCPL.EXE" [09/12/2005 16:49 C:\WINDOWS\RTHDCPL.exe] "Alcmtr"="ALCMTR.EXE" [03/05/2005 18:43 C:\WINDOWS\Alcmtr.exe] "RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [20/07/2006 12:33] "Vade Retro Outlook Express"="C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe" [04/10/2004 13:03] "DetectorApp"="C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe" [20/10/2005 06:15] "ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [] "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [] "PCMService"="c:\APPS\Powercinema\PCMService.exe" [23/02/2006 12:08] "IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [04/08/2004 14:00] "TrueImageMonitor.exe"="C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe" [27/12/2005 11:32] "Acronis Scheduler2 Service"="C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe" [27/12/2005 11:32] "BluetoothAuthenticationAgent"="bthprops.cpl" [04/08/2004 14:00 C:\WINDOWS\system32\bthprops.cpl] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11/05/2007 03:06] "boaciuh"="c:\windows\system32\boaciuh.exe" [23/10/2007 18:17] "ALUAlert"="C:\Program Files\Symantec\LiveUpdate\ALUNOTIFY.EXE" [] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [06/09/2007 11:06] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [04/08/2004 14:00] "BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" [] "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe" [] "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [31/08/2007 16:46] D:\Documents and Settings\All Users\Start Menu\Programs\Startup\ EPSON Background Monitor.lnk - C:\Program Files\EPSON\ESM2\STMS.exe [07/06/1999 11:11:18] Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [12/07/2007 21:48:55] Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [13/02/2001 01:01:04] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] "Authentication Packages"= msv1_0 relog_ap [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows installer] C:\winstall.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bthsvcs BthServ [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4364425c-2136-11db-8124-806d6172696f}] AutoRun\command- E:\bootcd\wintools\autorun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a3c3afac-818c-11dc-a15a-00038a000015}] AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL techstick.exe -- End of Deckard's System Scanner: finished at 2007-10-24 22:27:02 ------------ Last edited by Ried : 10-25-2007 at 10:16 AM. Reason: removed quote tags for easier review |
|
|
|
|
10-25-2007, 10:24 AM
|
#4 (permalink) |
|
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
Join Date: Jan 2005
Location: Ohio
Posts: 20,048
OS: WinXP and Vista
|
Re: Unwanted popups
Hello Allan and welcome,
Please do not post multiple threads for essentially the same issue. It's not unusual for AV programs to 'flag' tools that we use as they've yet to add them to their database whitelist. Avast will 'detect' Panda simply because Panda does not encrypt it's database. Every virus can be identified, because it contains some unique signatures. Antiviral programs have their own database of those signatures (virus definition file). When an antiviral program scans a file for viruses, it compares all the signatures (of all viruses) in the database with the signatures in that file. If the signatures match (they are the same), the file is marked as infected. Since Panda Antivirus does not encrypt (hide) its virus database, the signatures inside are clearly "visible" to other antiviral programs, and they end up detecting this file as infected (but there is actually no virus inside - only the signatures are the same). Now that we've begun, please do not do any more fixing on your end or it will only serve to make my job more difficult.  Please copy this page to Notepad and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions. It's IMPORTANT to carry out the instructions in the sequence listed below. *************************************************** Download Combofix and save it to your desktop. **Note: It is important that it is saved directly to your desktop** -------------------------------------------------------------------- 1. Close any open browsers. 2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. -------------------------------------------------------------------- Double click on combofix.exe & follow the prompts. When finished, it will produce a report for you at C:\ComboFix.txt, which I will need in your next reply for further review. Note: Do not mouseclick combofix's window while it's running. That may cause it to stall ------------------------------------------------------- Please download SmitfraudFix (by S!Ri) to your Desktop. Double-click smitfraudfix.exe to start the tool.
Please include both reports in your next reply so we can continue.
__________________
 "It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Last edited by Ried : 10-25-2007 at 10:30 AM. |
|
|
|
|
10-25-2007, 12:45 PM
|
#5 (permalink) |
|
Registered User
Join Date: Oct 2007
Location: Shropshire
Posts: 7
OS: xp sp2
|
Re: Unwanted popups
From this point I am hands off.
Interesting to see combofic deleted the boaciuh.exe I spotted. Look forward to hearing from you further. I am keen to get this PC back up as my daughter needs access to her PhD thesis she is working on. However I am going away tomorrow, Friday, for a weekend break and will not be back until Snday evening UK time. Combofix Report ComboFix 07-10-25.4 - Helen 2007-10-25 19:35:24.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.566 [GMT 1:00] Running from: D:\Documents and Settings\Helen\Desktop\ComboFix.exe * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\pack.epk C:\WINDOWS\system32\boaciuh.dat c:\windows\system32\boaciuh.exe c:\WINDOWS\system32\boaciuh_nav.dat c:\WINDOWS\system32\boaciuh_navps.dat D:\Documents and Settings\Helen\Application Data\install.dat D:\Documents and Settings\Helen\ResErrors.log . ((((((((((((((((((((((((( Files Created from 2007-09-25 to 2007-10-25 ))))))))))))))))))))))))))))))) . 2007-10-25 19:34 51,200 --a------ C:\WINDOWS\NirCmd.exe 2007-10-24 19:17 684,377 --a------ C:\WINDOWS\unins000.exe 2007-10-24 19:17 3,440 --a------ C:\WINDOWS\unins000.dat 2007-10-24 19:09 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2007-10-23 20:29 <DIR> d-------- C:\Program Files\Trend Micro 2007-10-23 19:22 <DIR> d-------- C:\WINDOWS\system32\ActiveScan 2007-10-23 18:46 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\Lavasoft 2007-10-23 18:46 <DIR> d-------- C:\Program Files\Lavasoft 2007-10-23 18:45 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard 2007-10-23 18:43 <DIR> d-------- C:\Program Files\Alwil Software 2007-10-23 18:43 801,144 --a------ C:\WINDOWS\system32\aswBoot.exe 2007-10-23 18:43 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr 2007-10-23 18:43 94,416 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys 2007-10-23 18:43 92,848 --a------ C:\WINDOWS\system32\drivers\aswmon.sys 2007-10-23 18:43 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys 2007-10-23 18:43 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys 2007-10-23 18:43 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys 2007-10-11 19:56 584,192 --------- C:\WINDOWS\system32\dllcache\rpcrt4.dll 2007-10-10 21:00 <DIR> d-------- D:\Documents and Settings\Helen\Application Data\AntiSpyware . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-10-25 15:51 --------- d-----w D:\Documents and Settings\All Users\Application Data\Google Updater 2007-10-25 15:51 --------- d-----w C:\Program Files\Google 2007-10-24 19:51 --------- d-----w C:\Program Files\Windows Live Toolbar 2007-10-23 17:42 --------- d-----w C:\Program Files\Common Files\Symantec Shared 2007-10-04 18:53 --------- d--h--w C:\Program Files\InstallShield Installation Information 2007-08-22 13:12 96,256 ------w C:\WINDOWS\system32\dllcache\inseng.dll 2007-08-22 13:12 658,944 ------w C:\WINDOWS\system32\dllcache\wininet.dll 2007-08-22 13:12 615,424 ------w C:\WINDOWS\system32\dllcache\urlmon.dll 2007-08-22 13:12 55,808 ------w C:\WINDOWS\system32\dllcache\extmgr.dll 2007-08-22 13:12 532,480 ------w C:\WINDOWS\system32\dllcache\mstime.dll 2007-08-22 13:12 474,112 ------w C:\WINDOWS\system32\dllcache\shlwapi.dll 2007-08-22 13:12 449,024 ------w C:\WINDOWS\system32\dllcache\mshtmled.dll 2007-08-22 13:12 39,424 ------w C:\WINDOWS\system32\dllcache\pngfilt.dll 2007-08-22 13:12 357,888 ------w C:\WINDOWS\system32\dllcache\dxtmsft.dll 2007-08-22 13:12 3,058,176 ------w C:\WINDOWS\system32\dllcache\mshtml.dll 2007-08-22 13:12 251,392 ------w C:\WINDOWS\system32\dllcache\iepeers.dll 2007-08-22 13:12 205,312 ------w C:\WINDOWS\system32\dllcache\dxtrans.dll 2007-08-22 13:12 16,384 ------w C:\WINDOWS\system32\dllcache\jsproxy.dll 2007-08-22 13:12 151,040 ------w C:\WINDOWS\system32\dllcache\cdfview.dll 2007-08-22 13:12 146,432 ------w C:\WINDOWS\system32\dllcache\msrating.dll 2007-08-22 13:12 1,494,528 ------w C:\WINDOWS\system32\dllcache\shdocvw.dll 2007-08-22 13:12 1,054,208 ------w C:\WINDOWS\system32\dllcache\danim.dll 2007-08-22 13:12 1,022,976 ------w C:\WINDOWS\system32\dllcache\browseui.dll 2007-08-21 10:30 18,432 ------w C:\WINDOWS\system32\dllcache\iedw.exe 2007-08-21 06:15 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll 2007-08-21 06:15 683,520 ------w C:\WINDOWS\system32\dllcache\inetcomm.dll 2007-07-30 18:19 92,504 ----a-w C:\WINDOWS\system32\dllcache\cdm.dll 2007-07-30 18:19 92,504 ----a-w C:\WINDOWS\system32\cdm.dll 2007-07-30 18:19 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll 2007-07-30 18:19 549,720 ----a-w C:\WINDOWS\system32\dllcache\wuapi.dll 2007-07-30 18:19 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe 2007-07-30 18:19 53,080 ----a-w C:\WINDOWS\system32\dllcache\wuauclt.exe 2007-07-30 18:19 43,352 ----a-w C:\WINDOWS\system32\wups2.dll 2007-07-30 18:19 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll 2007-07-30 18:19 325,976 ----a-w C:\WINDOWS\system32\dllcache\wucltui.dll 2007-07-30 18:19 271,224 ----a-w C:\WINDOWS\system32\mucltui.dll 2007-07-30 18:19 207,736 ----a-w C:\WINDOWS\system32\muweb.dll 2007-07-30 18:19 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll 2007-07-30 18:19 203,096 ----a-w C:\WINDOWS\system32\dllcache\wuweb.dll 2007-07-30 18:19 1,712,984 ----a-w C:\WINDOWS\system32\wuaueng.dll 2007-07-30 18:19 1,712,984 ----a-w C:\WINDOWS\system32\dllcache\wuaueng.dll 2007-07-30 18:18 33,624 ----a-w C:\WINDOWS\system32\wups.dll 2007-07-30 18:18 33,624 ----a-w C:\WINDOWS\system32\dllcache\wups.dll 2006-08-14 21:27 73,440 ----a-w D:\Documents and Settings\Helen\Application Data\GDIPFONTCACHEV1.DAT . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 14:00] "PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 14:00] "SMSERIAL"="sm56hlpr.exe" [2005-10-18 12:14 C:\WINDOWS\sm56hlpr.exe] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-04-28 00:47] "nwiz"="nwiz.exe" [2006-04-28 00:47 C:\WINDOWS\system32\nwiz.exe] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-04-28 00:47] "High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 17:07 C:\WINDOWS\system32\HdAShCut.exe] "RTHDCPL"="RTHDCPL.EXE" [2005-12-09 16:49 C:\WINDOWS\RTHDCPL.exe] "RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2006-07-20 12:33] "Vade Retro Outlook Express"="C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe" [2004-10-04 13:03] "DetectorApp"="C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe" [2005-10-20 06:15] "PCMService"="c:\APPS\Powercinema\PCMService.exe" [2006-02-23 12:08] "IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-04 14:00] "TrueImageMonitor.exe"="C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe" [2005-12-27 11:32] "Acronis Scheduler2 Service"="C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe" [2005-12-27 11:32] "BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 14:00 C:\WINDOWS\system32\bthprops.cpl] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-09-06 11:06] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00] "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-12 21:48] D:\Documents and Settings\All Users\Start Menu\Programs\Startup\ EPSON Background Monitor.lnk - C:\Program Files\EPSON\ESM2\STMS.exe [1999-06-07 11:11:18] Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-07-12 21:48:55] Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] "Authentication Packages"= msv1_0 relog_ap [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows installer] R0 snapman;Acronis Snapshots Manager;C:\WINDOWS\system32\DRIVERS\snapman.sys R0 timounter;Acronis TrueImage Backup Archive Explorer;C:\WINDOWS\system32\DRIVERS\timntr.sys R2 tifsfilter;Acronis TrueImage FS Filter;C:\WINDOWS\system32\DRIVERS\tifsfilt.sys R3 NGSSLDrv;VPN Tunnel NGSSLDrv Adapter;C:\WINDOWS\system32\DRIVERS\NGSSLDrv.sys S3 F;F;D:\DOCUME~1\Helen\LOCALS~1\Temp\F.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a3c3afac-818c-11dc-a15a-00038a000015}] AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL techstick.exe *Newly Created Service* - CATCHME . Contents of the 'Scheduled Tasks' folder "2007-10-10 20:00:24 C:\WINDOWS\Tasks\AntiSpyware Scheduled Scan.job" - C:\Program Files\AntiSpywareApp\AntiSpyware.exe "2007-10-25 18:35:00 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job" "2007-10-25 18:30:00 C:\WINDOWS\Tasks\Extended Warranty.job" - C:\APPS\SMP\PBCARNOT.EXE "2007-10-25 18:30:00 C:\WINDOWS\Tasks\Master CD_DVD Creator.job" - C:\Apps\SMP\MCDCHECK.EXE "2006-08-01 08:22:41 C:\WINDOWS\Tasks\Registration reminder 1.job" - C:\WINDOWS\system32\OOBE\oobebaln.exe . ************************************************************************** catchme 0.3.1232 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-10-25 19:36:16 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-10-25 19:36:36 . --- E O F --- SmitFraud report SmitFraudFix v2.241 Scan done at 19:37:54.42, 25/10/2007 Run from D:\Documents and Settings\Helen\Desktop\SmitfraudFix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT The filesystem type is NTFS Fix run in normal mode »»»»»»»»»»»»»»»»»»»»»»»» Process C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\EPSON\ESM2\eEBSVC.exe C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe c:\APPS\Powercinema\Kernel\TV\CLSched.exe C:\WINDOWS\sm56hlpr.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Real\RealPlayer\RealPlay.exe C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe C:\APPS\Powercinema\PCMService.exe C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Google\Google Updater\GoogleUpdater.exe C:\Program Files\Microsoft Office\Office10\msoffice.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\cmd.exe »»»»»»»»»»»»»»»»»»»»»»»» hosts »»»»»»»»»»»»»»»»»»»»»»»» D:\ »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32 »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles »»»»»»»»»»»»»»»»»»»»»»»» D:\Documents and Settings\Helen »»»»»»»»»»»»»»»»»»»»»»»» D:\Documents and Settings\Helen\Application Data »»»»»»»»»»»»»»»»»»»»»»»» Start Menu »»»»»»»»»»»»»»»»»»»»»»»» D:\DOCUME~1\Helen\FAVORI~1 »»»»»»»»»»»»»»»»»»»»»»»» Desktop »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files »»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys »»»»»»»»»»»»»»»»»»»»»»»» Desktop Components [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0] "Source"="about:Home" "SubscribedURL"="about:Home" "FriendlyName"="My Current Home Page" »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs !!!Attention, following keys are not inevitably infected!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="" »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System !!!Attention, following keys are not inevitably infected!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "System"="" »»»»»»»»»»»»»»»»»»»»»»»» Rustock »»»»»»»»»»»»»»»»»»»»»»»» DNS Description: Realtek RTL8139/810x Family Fast Ethernet NIC - Packet Scheduler Miniport DNS Server Search Order: 10.0.0.1 HKLM\SYSTEM\CCS\Services\Tcpip\..\{2A4E8448-A854-4BF3-8314-3B81469A0AE1}: DhcpNameServer=10.0.0.1 HKLM\SYSTEM\CS1\Services\Tcpip\..\{2A4E8448-A854-4BF3-8314-3B81469A0AE1}: DhcpNameServer=10.0.0.1 HKLM\SYSTEM\CS3\Services\Tcpip\..\{2A4E8448-A854-4BF3-8314-3B81469A0AE1}: DhcpNameServer=10.0.0.1 HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=10.0.0.1 HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=10.0.0.1 HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=10.0.0.1 »»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection »»»»»»»»»»»»»»»»»»»»»»»» End Last edited by Ried : 10-25-2007 at 05:52 PM. Reason: removed quote tags for easier review |
|
|
|
|
10-25-2007, 05:59 PM
|
#7 (permalink) |
|
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
Join Date: Jan 2005
Location: Ohio
Posts: 20,048
OS: WinXP and Vista
|
Re: Unwanted popups
Hello Allan,
Thanks for that info.  All that remains are the cookies reported in your second Panda scan. Those are easily cleaned by clearing your cookies in IE. Launch Internet Explorer>Tools>Internet Options>Delete Cookies These logs are coming up clean now. Have the pop ups ceased? How is the system behaving? |
|
|
|
|
10-26-2007, 06:54 AM
|
#9 (permalink) |
|
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
Join Date: Jan 2005
Location: Ohio
Posts: 20,048
OS: WinXP and Vista
|
Re: Unwanted popups
Nice work, tsrplatelayer--you made my end nice an easy.  If there aren't any more problems, please continue with these final instructions and helpful links: Reset hidden/system files and folders Click Start. * Open My Computer. * Select the Tools menu and click Folder Options. * Select the View tab. * Deselect the Show hidden files and folders option. * Select the Hide file extensions for known types option. * Select the Hide protected operating system files option. Click Yes to confirm. Click OK. Ensure Windows Auto Update is Enabled *Go to Start>Run - type wuaucpl.cpl *Tick on the checkbox - "Automatically download the updates, and install them on the schedule that I specify". Click on "OK". Create a new System Restore point Click Start >> Run - type SYSDM.CPL & press Enter * Select the System Restore Tab * Tick on the checkbox - "Turn off System Restore on all drives" Click Apply * Then untick the same checkbox & click OK This will flush out previous restore points (which contain the infections) and create a new restore point. ************************************************************************************** To help protect your computer in the future I recommend that you get the following free programs if you do not already have them: McAfee Site Advisor--free version. The folks there check out websites and based on their findings, rate it as Safe, Unknown, Caution, or Bad. SpywareBlaster 3.5.1 to help prevent s |
