Tech Support Forum banner
Cancel

Multiple infections

1138 Views 1 Reply 2 Participants Last post by  Angelfire777
M
Hello - thank you so much for the helpful service and information.

My computer is a Dell Laptop running Windows XP. Until a few days ago I did not have a virus or spyware protector.

I have been dealing with multiple spyware infections and viruses over the last few days. Specifically:

I have bugs on the screen and the blue and yellow desktop "Warning - spyware has been detected on your PC" message.

Malware Protector 2008 downloaded itself, but I think I was able to remove it.

XP Virus Protector pops up constantly.

A red box entitled "Windows Security Center Warning" pops up constantly.

I now have folders on my desktop entitled "CP Illegal Content" and "BDSM Galleries"

My taskbar is disabled and I was unable to remove the "disable taskbar" file from the registry - it popped back up each time I removed it.

I have gone through the five steps you recommend with some success, though it has taken me many hours to do so, since my computer is extremely slow and freezes often. It is better with Firefox but some of the downloads require Internet Explorer.

I was not able to complete the Panda Scan - my system would freeze at the end each time.

I downloaded purchased versions of Spyware Doctor and Spyhunter when I first encountered these problems. As recommended I uninstalled Spyhunter. I was unable to disable Spyware Doctor for the entire 5 step process because the pop-ups and infections would multiply making it impossible to do anything. Disabling it temporarily resulted in the porn folders mentioned above.

Here is the main.txt data from Deckard:

Deckard's System Scanner v20071014.68
Run by Jaimee on 2008-06-15 20:21:35
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Failed to create restore point; System Restore is disabled (service is not running).


-- Last 5 Restore Point(s) --
23: 2008-06-15 05:00:53 UTC - RP94 - Pre Virus
22: 2008-06-14 02:38:09 UTC - RP93 - Removed Google Toolbar for Internet Explorer
21: 2008-06-14 02:29:39 UTC - RP92 - Removed MyWay Search Assistant
20: 2008-06-14 02:24:55 UTC - RP91 - Removed Get High Speed Internet!
19: 2008-06-14 02:17:35 UTC - RP90 - Removed Bonjour


-- First Restore Point --
1: 2008-06-10 02:28:52 UTC - RP72 - Software Distribution Service 3.0


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 248 MiB (512 MiB recommended).


-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-06-15 20:26:17
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\WLTRYSVC.EXE
C:\WINDOWS\system32\BCMWLTRY.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\444.470
C:\Program Files\Dell\NicConfigSvc\NicConfigSvc.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\iftuyszv.exe
C:\WINDOWS\system32\winupdate.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\system32\WLTRAY.EXE
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mmtask.exe
C:\Program Files\Real\RealPlayer\realplay.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\lphcgtoj0er8a.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\AXPDefender\AXPDefender.exe
C:\Program Files\Apoint\ApntEx.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Documents and Settings\Jaimee\Application Data\xucls.exe
C:\WINDOWS\system32\drivers\svchost.exe
C:\WINDOWS\msoupdater.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Jaimee\Desktop\dss.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://internetsearchservice.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://internetsearchservice.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/search?q=%s
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://internetsearchservice.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://internetsearchservice.com/ie6.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
F0 - win.ini: run=C:\WINDOWS\system32\winupdate.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\iftuyszv.exe,
F3 - REG:win.ini: Run=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\iftuyszv.exe,
O2 - BHO: (no name) - {00110011-4b0b-44d5-9718-90c88817369b} - (no file)
O2 - BHO: &Research - {037C7B8A-151A-49E6-BAED-CC05FCB50328} - C:\WINDOWS\system32\winsrc.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {086ae192-23a6-48d6-96ec-715f53797e85} - (no file)
O2 - BHO: (no name) - {150fa160-130d-451f-b863-b655061432ba} - (no file)
O2 - BHO: {fbe3d7b4-18b6-18fb-9124-c5ca7ba03251} - {15230ab7-ac5c-4219-bf81-6b814b7d3ebf} - C:\WINDOWS\system32\ltrnkpmg.dll
O2 - BHO: (no name) - {17da0c9e-4a27-4ac5-bb75-5d24b8cdb972} - (no file)
O2 - BHO: (no name) - {1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb1} - (no file)
O2 - BHO: (no name) - {1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb2} - (no file)
O2 - BHO: (no name) - {2d38a51a-23c9-48a1-a33c-48675aa2b494} - (no file)
O2 - BHO: (no name) - {2e9caff6-30c7-4208-8807-e79d4ec6f806} - (no file)
O2 - BHO: (no name) - {467faeb2-5f5b-4c81-bae0-2a4752ca7f4e} - (no file)
O2 - BHO: (no name) - {5321e378-ffad-4999-8c62-03ca8155f0b3} - (no file)
O2 - BHO: (no name) - {587dbf2d-9145-4c9e-92c2-1f953da73773} - (no file)
O2 - BHO: (no name) - {6cc1c91a-ae8b-4373-a5b4-28ba1851e39a} - (no file)
O2 - BHO: (no name) - {79369d5c-2903-4b7a-ade2-d5e0dee14d24} - (no file)
O2 - BHO: (no name) - {799a370d-5993-4887-9df7-0a4756a77d00} - (no file)
O2 - BHO: (no name) - {98dbbf16-ca43-4c33-be80-99e6694468a4} - (no file)
O2 - BHO: (no name) - {a55581dc-2cdb-4089-8878-71a080b22342} - (no file)
O2 - BHO: (no name) - {AF962AE6-7744-4090-877A-3C347E48BC8D} - C:\WINDOWS\system32\yayvTjiH.dll
O2 - BHO: (no name) - {b847676d-72ac-4393-bfff-43a1eb979352} - (no file)
O2 - BHO: (no name) - {bc97b254-b2b9-4d40-971d-78e0978f5f26} - (no file)
O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765721306} - (no file)
O2 - BHO: (no name) - {e2ddf680-9905-4dee-8c64-0a5de7fe133c} - (no file)
O2 - BHO: (no name) - {e3eebbe8-9cab-4c76-b26a-747e25ebb4c6} - (no file)
O2 - BHO: (no name) - {e7afff2a-1b57-49c7-bf6b-e5123394c970} - (no file)
O2 - BHO: (no name) - {fcaddc14-bd46-408a-9842-cdbe1c6d37eb} - (no file)
O2 - BHO: (no name) - {fd9bc004-8331-4457-b830-4759ff704c22} - (no file)
O2 - BHO: (no name) - {ff1bf4c7-4e08-4a28-a43f-9d60a9f7a880} - (no file)
O3 - Toolbar: &WinSec Toolbar - {3F5A62E2-51F2-11D3-A075-CC7364CAE42A} - C:\WINDOWS\system32\wscmp.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [Dell Wireless Manager UI] C:\WINDOWS\system32\WLTRAY
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [MMTray] C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [lphcgtoj0er8a] C:\WINDOWS\system32\lphcgtoj0er8a.exe
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [SMshcntoj0er8a] C:\Program Files\shcntoj0er8a\shcntoj0er8a.exe
O4 - HKLM\..\Run: [sysrest32.exe] C:\WINDOWS\system32\sysrest32.exe
O4 - HKLM\..\Run: [AXPDefender] C:\Program Files\AXPDefender\AXPDefender.exe
O4 - HKLM\..\Run: [C:\WINDOWS\system32\kdmie.exe] C:\WINDOWS\system32\kdmie.exe
O4 - HKLM\..\Run: [BM974e9cfa] Rundll32.exe "C:\WINDOWS\system32\emjdgyyh.dll",s
O4 - HKLM\..\RunOnce: [NoIE4StubProcessing] C:\WINDOWS\system32\reg.exe DELETE "HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components" /v "NoIE4StubProcessing" /f
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [Microsoft Windows Adapter 5.1.3214] C:\Documents and Settings\Jaimee\Application Data\xucls.exe
O4 - HKCU\..\Run: [SVCHOST.EXE] C:\WINDOWS\system32\drivers\svchost.exe
O4 - HKCU\..\Run: [msoupdater] C:\WINDOWS\msoupdater.exe
O4 - HKCU\..\Run: [ieupdate] "C:\WINDOWS\system32\ieupdates.exe"
O4 - Startup: DW_Start.lnk = C:\WINDOWS\system32\jrwnw64o.exe
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableTaskMgr=1
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableTaskMgr=1
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (file missing)
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.imageservr.com (HKLM)
O15 - Trusted Zone: *.imageservr.com (HKCU)
O20 - Winlogon Notify: cbXNEXOE - C:\WINDOWS\system32\cbXNEXOE.dll (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_0.EXE
O23 - Service: MsSecurity Updated (MsSecurity1.209.4) - Unknown owner - C:\WINDOWS\444.470
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NicConfigSvc\NicConfigSvc.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\system32\WLTRYSVC.EXE


--
End of file - 11534 bytes

-- File Associations -----------------------------------------------------------

.ini - inifile - shell\open\command - C:\WINDOWS\SYSTEM32\NOTEPAD.EXE %1
.txt - txtfile - shell\open\command - C:\WINDOWS\SYSTEM32\NOTEPAD.EXE %1


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 APPDRV - c:\windows\system32\drivers\appdrv.sys <Not Verified; Dell Inc; Application Driver>
R1 omci (OMCI WDM Device Driver) - c:\windows\system32\drivers\omci.sys <Not Verified; Dell Inc; OMCI Driver>
R1 tcpipp - c:\windows\system32\drivers\tcpipp.sys
R2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.2.0.3) - c:\windows\system32\drivers\aegisp.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.2.0.3>
R2 ASCTRM - c:\windows\system32\drivers\asctrm.sys <Not Verified; Windows (R) 2000 DDK provider; Windows (R) 2000 DDK driver>
R3 DSproct - c:\program files\dellsupport\gtaction\triggers\dsproct.sys <Not Verified; Gteko Ltd.; processt>

S3 sysrest.sys - c:\windows\system32\sysrest.sys
S3 TnIDriver - c:\docume~1\jaimee\locals~1\temp\tni22.tmp (file missing)
S3 wanatw (WAN Miniport (ATW)) - c:\windows\system32\drivers\wanatw4.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 MsSecurity1.209.4 (MsSecurity Updated) - c:\windows\444.470 service
R2 NICCONFIGSVC - c:\program files\dell\nicconfigsvc\nicconfigsvc.exe <Not Verified; Dell Inc.; NicConfigSvc>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-06-14 21:51:58 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2008-05-15 and 2008-06-15 -----------------------------

2008-06-15 19:21:45 0 d-------- C:\ie-spyad_zo
2008-06-15 19:08:21 118784 --a------ C:\WINDOWS\system32\MSSTDFMT.DLL <Not Verified; Microsoft Corporation; MSSTDFMT Object Library>
2008-06-15 19:08:17 0 d-------- C:\Program Files\SpywareBlaster
2008-06-15 18:42:49 0 d-------- C:\WINDOWS\LastGood
2008-06-15 14:12:01 0 d-------- C:\Program Files\Panda Security
2008-06-15 14:03:40 255488 --a------ C:\WINDOWS\system32\winsrc.dll
2008-06-15 14:03:33 59392 --a------ C:\WINDOWS\system32\ieupdates.exe
2008-06-15 14:03:31 59392 --a------ C:\WINDOWS\system32\update32.exe
2008-06-15 13:59:18 242176 --a------ C:\WINDOWS\system32\wscmp.dll
2008-06-15 13:57:31 118784 --a------ C:\WINDOWS\msoupdater.exe <MSOUPD~1.EXE>
2008-06-15 13:54:16 39936 --a------ C:\WINDOWS\system32\drivers\svchost.exe
2008-06-15 13:48:54 0 d-------- C:\Documents and Settings\Jaimee\Application Data\AXPDefender
2008-06-15 11:56:13 0 d-------- C:\Program Files\AXPDefender
2008-06-15 01:43:11 24832 --a------ C:\WINDOWS\window.exe
2008-06-15 01:43:10 17920 --a------ C:\WINDOWS\svchost32.exe <SVCHOS~1.EXE>
2008-06-15 01:43:10 11264 --a------ C:\WINDOWS\rundll16.exe
2008-06-15 01:43:10 8960 --a------ C:\WINDOWS\quicken.exe
2008-06-15 01:43:10 26368 --a------ C:\WINDOWS\notepad32.exe <NOTEPA~1.EXE>
2008-06-15 01:43:09 22784 --a------ C:\WINDOWS\msupdate.exe
2008-06-15 01:43:09 20992 --a------ C:\WINDOWS\mssys.exe
2008-06-15 01:43:08 27648 --a------ C:\WINDOWS\msconfd.dll
2008-06-15 01:43:08 29440 --a------ C:\WINDOWS\internet.exe
2008-06-15 01:43:07 9472 --a------ C:\WINDOWS\iexplorer.exe <IEXPLO~1.EXE>
2008-06-15 01:43:07 14592 --a------ C:\WINDOWS\iedll.exe
2008-06-15 01:43:07 11520 --a------ C:\WINDOWS\editpad.exe
2008-06-14 23:19:45 0 d---s---- C:\Documents and Settings\Jodi\Cookies
2008-06-14 23:19:45 0 dr-h----- C:\Documents and Settings\Jodi\Application Data
2008-06-14 23:19:45 0 d-------- C:\Documents and Settings\Jodi\Application Data\Symantec
2008-06-14 23:19:45 0 d-------- C:\Documents and Settings\Jodi\Application Data\Sun
2008-06-14 23:19:45 0 d---s---- C:\Documents and Settings\Jodi\Application Data\Microsoft
2008-06-14 23:19:45 0 d-------- C:\Documents and Settings\Jodi\Application Data\Jasc Software Inc
2008-06-14 23:19:45 0 d-------- C:\Documents and Settings\Jodi\Application Data\Identities
2008-06-14 23:19:44 0 d--h----- C:\Documents and Settings\Jodi\Templates
2008-06-14 23:19:44 0 dr------- C:\Documents and Settings\Jodi\Start Menu
2008-06-14 23:19:44 0 dr-h----- C:\Documents and Settings\Jodi\SendTo
2008-06-14 23:19:44 0 dr-h----- C:\Documents and Settings\Jodi\Recent
2008-06-14 23:19:44 0 d--h----- C:\Documents and Settings\Jodi\PrintHood
2008-06-14 23:19:44 786432 --ah----- C:\Documents and Settings\Jodi\NTUSER.DAT
2008-06-14 23:19:44 0 d--h----- C:\Documents and Settings\Jodi\NetHood
2008-06-14 23:19:44 0 dr------- C:\Documents and Settings\Jodi\My Documents
2008-06-14 23:19:44 0 d--h----- C:\Documents and Settings\Jodi\Local Settings
2008-06-14 23:19:44 0 dr------- C:\Documents and Settings\Jodi\Favorites
2008-06-14 23:19:44 0 d-------- C:\Documents and Settings\Jodi\Desktop
2008-06-14 22:29:51 52736 --a------ C:\WINDOWS\system32\blphcgtoj0er8a.scr <Not Verified; Peter's Productions; Bugs!>
2008-06-14 22:05:31 81408 --a------ C:\WINDOWS\system32\glhmxtxk.dll
2008-06-14 22:03:49 98816 --a------ C:\WINDOWS\system32\ltrnkpmg.dll
2008-06-14 22:03:18 90112 --a------ C:\WINDOWS\system32\emjdgyyh.dll
2008-06-14 22:00:28 15328 --a------ C:\WINDOWS\system32\sysrest.sys
2008-06-14 00:12:36 0 d-------- C:\Program Files\Common Files\Download Manager
2008-06-13 23:18:13 0 d-------- C:\Documents and Settings\All Users\Application Data\PC Tools
2008-06-13 22:29:08 0 d-------- C:\Program Files\Enigma Software Group
2008-06-13 21:29:30 0 --ahs---- C:\Documents and Settings\Jaimee\Application Data\0048532c7b08b38ae23279bed5630d44def499b2a00ba1e2bc.dat
2008-06-13 21:27:07 0 d-------- C:\Documents and Settings\Jaimee\Application Data\Zinaps2008
2008-06-13 21:25:04 0 d-------- C:\Program Files\Common Files\PC Tools
2008-06-13 21:16:53 14336 --a------ C:\Documents and Settings\Jaimee\Application Data\xucls.exe
2008-06-13 19:15:25 0 d-------- C:\Documents and Settings\Jaimee\Application Data\shcntoj0er8a
2008-06-13 17:49:03 0 d-------- C:\Documents and Settings\Jaimee\Application Data\Mozilla
2008-06-13 17:26:46 52736 --a------ C:\WINDOWS\system32\yayvUKax.dll
2008-06-13 17:03:58 89088 --a------ C:\WINDOWS\system32\wwkvkprw.dll
2008-06-13 09:05:04 95232 --a------ C:\WINDOWS\b152.exe
2008-06-09 22:17:59 0 d-------- C:\Documents and Settings\Jaimee\Application Data\Google
2008-06-09 21:43:31 91648 --a------ C:\WINDOWS\system32\uakqingj.dll
2008-06-09 21:28:39 720067 --ahs---- C:\WINDOWS\system32\HijTvyay.ini2
2008-06-09 21:27:59 347136 -----n--- C:\WINDOWS\system32\yayvTjiH.dll
2008-06-09 21:10:12 0 d-------- C:\WINDOWS\system32\1510
2008-06-09 21:09:24 55808 --a------ C:\WINDOWS\portsv.exe
2008-06-09 21:09:15 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-09 21:03:54 0 d-------- C:\Program Files\Spyware Doctor
2008-06-09 21:03:54 0 d-------- C:\Documents and Settings\Jaimee\Application Data\PC Tools
2008-06-09 21:03:16 0 d-------- C:\Documents and Settings\All Users\Application Data\Google
2008-06-09 21:01:56 0 d-------- C:\Program Files\Google
2008-06-09 20:38:08 0 d---s---- C:\Documents and Settings\Jaimee\UserData
2008-06-09 20:25:02 92160 --a------ C:\WINDOWS\system32\lphcgtoj0er8a.exe
2008-06-09 20:21:20 88961 --a------ C:\WINDOWS\system32\mysidesearch_sidebar_uninstall.exe
2008-06-09 20:20:38 298316 --a------ C:\WINDOWS\system32\gside.exe
2008-06-09 20:13:33 24832 --a------ C:\WINDOWS\y.exe
2008-06-09 20:13:33 26112 --a------ C:\WINDOWS\xplugin.dll
2008-06-09 20:13:32 30720 --a------ C:\WINDOWS\x.exe
2008-06-09 20:13:31 31744 --a------ C:\WINDOWS\winmgnt.exe
2008-06-09 20:13:30 23552 --a------ C:\WINDOWS\winajbm.dll
2008-06-09 20:13:30 11776 --a------ C:\WINDOWS\win64.exe
2008-06-09 20:13:30 18432 --a------ C:\WINDOWS\win32e.exe
2008-06-09 20:13:30 9472 --a------ C:\WINDOWS\waol.exe
2008-06-09 20:13:30 15616 --a------ C:\WINDOWS\users32.exe
2008-06-09 20:13:29 12032 --a------ C:\WINDOWS\time.exe
2008-06-09 20:13:29 23808 --a------ C:\WINDOWS\systemcritical.exe <SYSTEM~1.EXE>
2008-06-09 20:13:29 31232 --a------ C:\WINDOWS\systeem.exe
2008-06-09 20:13:28 23296 --a------ C:\WINDOWS\svcinit.exe
2008-06-09 20:13:27 32512 --a------ C:\WINDOWS\sistem.exe
2008-06-09 20:13:26 11520 --a------ C:\WINDOWS\searchword.dll <SEARCH~1.DLL>
2008-06-09 20:13:25 30208 --a------ C:\WINDOWS\qttasks.exe
2008-06-09 20:13:24 15360 --a------ C:\WINDOWS\olehelp.exe
2008-06-09 20:13:23 32512 --a------ C:\WINDOWS\mtwirl32.dll
2008-06-09 20:13:23 30208 --a------ C:\WINDOWS\mswsc20.dll
2008-06-09 20:13:22 15872 --a------ C:\WINDOWS\mswsc10.dll
2008-06-09 20:13:21 29696 --a------ C:\WINDOWS\msspi.dll
2008-06-09 20:13:20 30976 --a------ C:\WINDOWS\loader.exe
2008-06-09 20:13:19 8704 --a------ C:\WINDOWS\inetinf.exe
2008-06-09 20:13:18 26624 --a------ C:\WINDOWS\helpcvs.exe
2008-06-09 20:13:18 13312 --a------ C:\WINDOWS\gfmnaaa.dll
2008-06-09 20:13:17 19968 --a------ C:\WINDOWS\funny.exe
2008-06-09 20:13:17 21504 --a------ C:\WINDOWS\funniest.exe
2008-06-09 20:13:17 23040 --a------ C:\WINDOWS\explorer32.exe <EXPLOR~1.EXE>
2008-06-09 20:13:16 18176 --a------ C:\WINDOWS\explore.exe
2008-06-09 20:13:16 22528 --a------ C:\WINDOWS\dnsrelay.dll
2008-06-09 20:13:16 9216 --a------ C:\WINDOWS\directx32.exe <DIRECT~1.EXE>
2008-06-09 20:13:15 29440 --a------ C:\WINDOWS\ctrlpan.dll
2008-06-09 20:13:15 19968 --a------ C:\WINDOWS\ctfmon32.exe
2008-06-09 20:13:15 18176 --a------ C:\WINDOWS\cpan.dll
2008-06-09 20:13:14 14592 --a------ C:\WINDOWS\clrssn.exe
2008-06-09 20:13:14 16128 --a------ C:\WINDOWS\avpcc.dll
2008-06-09 20:13:14 25856 --a------ C:\WINDOWS\accesss.exe
2008-06-09 20:09:31 347136 --a------ C:\WINDOWS\system32\ljJDSmJa.dll
2008-06-09 20:08:02 0 d-------- C:\Documents and Settings\NetworkService\Application Data\Macromedia
2008-06-09 20:07:43 0 d-------- C:\Documents and Settings\NetworkService\Application Data\Adobe
2008-06-09 20:07:18 859 --a------ C:\WINDOWS\system32\winpfz33.sys
2008-06-09 20:06:18 0 d-------- C:\Documents and Settings\Jaimee\Application Data\?icrosoft
2008-06-09 20:05:24 52736 --a------ C:\WINDOWS\system32\geBuVOEu.dll
2008-06-09 20:04:59 200778 --a------ C:\WINDOWS\system32\pcntskdm.exe
2008-06-09 20:04:52 401975 --a------ C:\WINDOWS\system32\g94.exe
2008-06-09 20:04:50 0 dr------- C:\Documents and Settings\NetworkService\Favorites
2008-06-09 20:04:26 4 --a------ C:\WINDOWS\system32\hljwugsf.bin
2008-06-09 20:04:15 0 d--hs---- C:\WINDOWS\SmFpbWVl
2008-06-09 20:04:12 87513 --a------ C:\WINDOWS\system32\iftuyszv.exe <Not Verified; Microsoft; XML Media>
2008-06-09 20:04:12 87513 --a------ C:\WINDOWS\lfn.exe <Not Verified; Microsoft; XML Media>
2008-06-09 20:03:57 86144 --a------ C:\WINDOWS\system32\drivers\tcpipp.sys
2008-06-09 20:03:48 0 d-------- C:\WINDOWS\system32\xnet2
2008-06-09 20:03:48 0 d-------- C:\WINDOWS\system32\tz
2008-06-09 20:03:48 0 d-------- C:\WINDOWS\system32\brem
2008-06-09 20:03:48 0 d-------- C:\WINDOWS\system32\3057
2008-06-09 20:03:30 0 d-------- C:\WINDOWS\system32\vntiho01
2008-06-09 20:03:30 0 d-------- C:\Temp
2008-06-09 19:58:45 0 d-------- C:\WINDOWS\Sun
2008-05-26 20:30:14 0 d-------- C:\WINDOWS\system32\824223
2008-05-20 07:09:19 0 d-------- C:\Documents and Settings\All Users\Application Data\SupportSoft
2008-05-20 07:07:24 0 d-------- C:\Program Files\Dell Support Center
2008-05-20 07:06:41 0 d-------- C:\Program Files\Common Files\supportsoft
2008-05-19 20:48:08 0 d-------- C:\Documents and Settings\Jaimee\Application Data\Apple Computer
2008-05-19 20:47:02 0 d-------- C:\Program Files\iPod
2008-05-19 20:46:40 0 d-------- C:\Program Files\iTunes
2008-05-19 20:44:15 0 d-------- C:\Program Files\QuickTime
2008-05-19 20:43:59 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-05-19 20:35:09 0 d-------- C:\Program Files\Apple Software Update
2008-05-19 20:32:55 0 d------c- C:\WINDOWS\system32\DRVSTORE
2008-05-19 20:30:57 0 d-------- C:\Program Files\Common Files\Apple
2008-05-19 20:30:23 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-05-16 22:57:47 0 d-------- C:\Program Files\Windows Media Connect 2
2008-05-16 22:55:13 0 d-------- C:\WINDOWS\system32\drivers\UMDF
2008-05-16 22:52:42 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2008-05-16 22:47:36 0 d-------- C:\Program Files\Netflix


-- Find3M Report ---------------------------------------------------------------

2008-06-14 00:12:36 0 d-------- C:\Program Files\Common Files
2008-06-13 21:55:07 33 --a------ C:\Documents and Settings\Jaimee\Application Data\install.ini
2008-06-09 22:10:40 0 d-------- C:\Documents and Settings\Jaimee\Application Data\?icrosoft
2008-05-20 19:50:54 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-05-20 19:49:04 0 d-------- C:\Program Files\Symantec
2008-05-19 21:44:03 0 d-------- C:\Program Files\Common Files\AOL
2008-05-12 05:43:37 68096 --a------ C:\WINDOWS\b155.exe
2008-05-02 23:25:05 0 d-------- C:\Documents and Settings\Jaimee\Application Data\Viewpoint


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00110011-4b0b-44d5-9718-90c88817369b}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{037C7B8A-151A-49E6-BAED-CC05FCB50328}]
06/15/2008 02:03 PM 255488 --a------ C:\WINDOWS\system32\winsrc.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{086ae192-23a6-48d6-96ec-715f53797e85}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{150fa160-130d-451f-b863-b655061432ba}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{15230ab7-ac5c-4219-bf81-6b814b7d3ebf}]
06/14/2008 10:03 PM 98816 --a------ C:\WINDOWS\system32\ltrnkpmg.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{17da0c9e-4a27-4ac5-bb75-5d24b8cdb972}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb1}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb2}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2d38a51a-23c9-48a1-a33c-48675aa2b494}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2e9caff6-30c7-4208-8807-e79d4ec6f806}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{467faeb2-5f5b-4c81-bae0-2a4752ca7f4e}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5321e378-ffad-4999-8c62-03ca8155f0b3}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{587dbf2d-9145-4c9e-92c2-1f953da73773}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6cc1c91a-ae8b-4373-a5b4-28ba1851e39a}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{79369d5c-2903-4b7a-ade2-d5e0dee14d24}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{799a370d-5993-4887-9df7-0a4756a77d00}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{98dbbf16-ca43-4c33-be80-99e6694468a4}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a55581dc-2cdb-4089-8878-71a080b22342}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AF962AE6-7744-4090-877A-3C347E48BC8D}]
06/09/2008 09:28 PM 347136 --------- C:\WINDOWS\system32\yayvTjiH.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b847676d-72ac-4393-bfff-43a1eb979352}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bc97b254-b2b9-4d40-971d-78e0978f5f26}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{cf021f40-3e14-23a5-cba2-717765721306}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e2ddf680-9905-4dee-8c64-0a5de7fe133c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e3eebbe8-9cab-4c76-b26a-747e25ebb4c6}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e7afff2a-1b57-49c7-bf6b-e5123394c970}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fd9bc004-8331-4457-b830-4759ff704c22}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ff1bf4c7-4e08-4a28-a43f-9d60a9f7a880}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [09/13/2004 04:33 PM]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [02/15/2005 03:02 PM]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [02/15/2005 03:02 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [11/19/2003 05:48 PM]
"PCMService"="C:\Program Files\Dell\Media Experience\PCMService.exe" [04/11/2004 08:15 PM]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [03/04/2005 11:26 AM]
"Dell Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY" []
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [02/23/2005 04:19 PM]
"MMTray"="C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" [09/14/2004 08:50 AM]
"mmtask"="C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe" [09/14/2004 08:50 AM]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [08/18/2005 06:36 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [03/28/2008 11:37 PM]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [12/06/2004 01:05 AM]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [07/27/2004 04:50 PM]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [07/27/2004 04:50 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [03/30/2008 10:36 AM]
"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [11/15/2007 09:24 AM]
"lphcgtoj0er8a"="C:\WINDOWS\system32\lphcgtoj0er8a.exe" [06/09/2008 08:25 PM]
"ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [04/10/2008 03:14 PM]
"SMshcntoj0er8a"="C:\Program Files\shcntoj0er8a\shcntoj0er8a.exe" []
"sysrest32.exe"="C:\WINDOWS\system32\sysrest32.exe" []
"AXPDefender"="C:\Program Files\AXPDefender\AXPDefender.exe" [06/05/2008 10:58 AM]
"C:\WINDOWS\system32\kdmie.exe"="C:\WINDOWS\system32\kdmie.exe" [08/04/2004 05:00 AM]
"BM974e9cfa"="C:\WINDOWS\system32\emjdgyyh.dll" [06/14/2008 10:03 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 11:24 AM]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [03/15/2007 12:09 PM]
"Microsoft Windows Adapter 5.1.3214"="C:\Documents and Settings\Jaimee\Application Data\xucls.exe" [06/13/2008 09:14 PM]
"SVCHOST.EXE"="C:\WINDOWS\system32\drivers\svchost.exe" [06/15/2008 01:54 PM]
"msoupdater"="C:\WINDOWS\msoupdater.exe" [06/15/2008 01:57 PM]
"ieupdate"="C:\WINDOWS\system32\ieupdates.exe" [06/15/2008 02:03 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]
"NoIE4StubProcessing"=C:\WINDOWS\system32\reg.exe DELETE "HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components" /v "NoIE4StubProcessing" /f

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoDispBackgroundPage"=1 (0x1)
"NoDispScrSavPage"=1 (0x1)
"DisableTaskMgr"=1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"System"="kdmie.exe"
"Userinit"="C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\iftuyszv.exe,"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cbXNEXOE]
cbXNEXOE.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\yayvTjiH

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ca76d7f5-1444-11da-9885-00038a000015}]
AutoRun\command- E:\setupSNK.exe




-- End of Deckard's System Scanner: finished at 2008-06-15 20:36:10 ------------

The extra.txt file is attached.

Thank you - any assistance you can provide would be most appreciated.

Best,
J

Attachments

See less See more
Save
Like
Status
Not open for further replies.
1 - 2 of 2 Posts
Angelfire777
Hi,

You don't have any antivirus installed in the computer. Having no antivirus is an open invitation for malware to enter your system. I'll ask you to download one later when we get some of the nasties out.

Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, the Advanced Options Menu should appear;
  • Select the first option, to run Windows in Safe Mode, then press Enter.
  • Choose your usual account.
  • Open the extracted SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
    (Report.txt will also be copied to Clipboard ready for posting back on the forum).
  • Finally paste the contents of the Report.txt back on the forum.
_______

Please visit this webpage for download links, and instructions for running combofixl:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix


Please ensure you read this guide carefully and install the Recovery Console first.

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Once installed, you should see a blue screen prompt that says:

The Recovery Console was successfully installed.

Please continue as follows:
  1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  2. Click Yes to allow ComboFix to continue scanning for malware.
When the tool is finished, it will produce a report for you.
________

Please click Here to download HijackThis to your desktop.

Click the Download button. When the Trend Micro HJT install box appears, double click on the HJTInstall.exe. Click on Install.

It will be installed by default here: C:\Program Files\Trend Micro\HijackThis

A shortcut to the application will also be placed on your Desktop.

The program will open automatically after installation.

You can double-click the icon that was placed on the Desktop to run subsequent HijackThis scans or you can use the icon inside the folder. The folder HijackThis is where you will find the HJT logs that you save. When you use the application to remove anything, you will also find the backup copies made by HJT inside this folder.

Click on "Do a system scan and save logfile" When the log pops up in Notepad, copy and paste that file back here.


Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New HijackThis log.
See less See more
Save
Like
1 - 2 of 2 Posts
Status
Not open for further replies.
Tech Support Forum
A forum community dedicated to tech experts and enthusiasts. Come join the discussion about articles, computer security, Mac, Microsoft, Linux, hardware, networking, gaming, reviews, accessories, and more!
Full Forum Listing
Explore Our Forums
Windows XP Support Windows 7 , Windows Vista Support Motherboards, Bios|UEFI & CPU Networking Support Laptop Support
Top