Tech Support banner

Status
Not open for further replies.
1 - 4 of 4 Posts

·
Registered
Joined
·
7 Posts
Discussion Starter #1
I got all kinds of pop-up ads(looks like it's monitoring me what i am surfing) from unknown websites. I tried using mozilla javescript block(extensions), google bar and adaware SE to block, to delete it but still no luck. I ran out of option and have no clue how to fix it. U r my last hope or i have to reinstall the whole thing.

here is my hijack logfile and thx in advance for helping me
Logfile of HijackThis v1.99.1
Scan saved at 12:43:51 AM, on 10/26/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\devldr32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
E:\Download\HijackThis.exe

O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [WallpaperChanger] C:\Program Files\Wallpaper Master\Wallpaper.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.viewpoint.com/MT...exterior_360.html?load=overRide&noreloadredir
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by102fd.bay102.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {51C99F40-9E0E-4BF1-A92A-77121CC01AD0} (IMBCClient Control) - http://touch.imbc.com/ocx/Online.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1119902474390
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_1/axofupld.cab
O16 - DPF: {9AE283A5-DF43-4C83-B6AA-7EBDBDB0204A} (VacPro.canada_ver10) - http://advnt01.com/dialer/can_ver10.CAB
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.0 Control) - http://www.photolab.ca/en/Photo/ImageUploader3.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C9BE1C2B-5884-4DA7-9D50-88FE51BE718A}: NameServer = 192.168.0.1
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: ShellCompatibility - C:\WINDOWS\system32\q4rq0e95eh.dll
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

Also, it automatically open a browser to the ad sites, even if i closed all the browser.

thank you once again
 

·
TSF Security Team, Emeritus
Joined
·
26,363 Posts
Download, install & launch - Webroot SpySweeper (Trial) (8.3 MB)

When SpySweeper starts, please accept any prompts to update definitions. Exit the program after you have updated.



With HiJackThis & place a check next to these items and select "Fix checked":

O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.viewpoint.com/MT...e&noreloadredir
O16 - DPF: {51C99F40-9E0E-4BF1-A92A-77121CC01AD0} (IMBCClient Control) - http://touch.imbc.com/ocx/Online.cab
O16 - DPF: {9AE283A5-DF43-4C83-B6AA-7EBDBDB0204A} (VacPro.canada_ver10) - http://advnt01.com/dialer/can_ver10.CAB




Reboot your computer into Safe Mode.
Restart your computer and continually tapping the F8 key until a menu appears.
Use your up arrow key to highlight Safe Mode then hit enter.



Launch SpySweeper & configure it as followed:
  • From the left pane, click Options
  • Select the Sweep Options tab & ensure the following are ticked:
    • Sweep Memory
    • Sweep Registry
    • Sweep Cookies
    • Sweep All Users accounts
    • Do Not Sweep System Restore Folder
    • Enable Direct Disk Sweeping
    • Sweep For Rootkits
  • After that's done, select Sweep from the left pane & click on the Start button
  • Allow Spysweeper to reboot your machine to remove the infected files.
After rebooting, launch SpySweeper & select Results from the left pane
Click the 'Session Log' tab & choose Save to File to create a log.

Post that in your next reply along with a new HJT log.


## IMPORTANT

# disconnect your computer from the internet before you begin scanning.
# close all unnecessary programs before starting
# do not use your computer as you scan.
 

·
Registered
Joined
·
7 Posts
Discussion Starter #3
Thank you once again. I can't thank you enough for this quick response and quick fix. you guys are amazing. I haven't had any annoying pop-up ads anymore. lucky that i found this site, otherwise i would have to reinstall windows.

here is the logfile of spy sweeper
********
3:37 AM: | Start of Session, Wednesday, October 26, 2005 |
3:37 AM: Spy Sweeper started
3:37 AM: Sweep initiated using definitions version 561
3:37 AM: Starting Memory Sweep
3:38 AM: Found Adware: icannnews
3:38 AM: Detected running threat: C:\WINDOWS\system32\hr8605lse.dll (ID = 83)
3:38 AM: Detected running threat: C:\WINDOWS\system32\ckgbkend.dll (ID = 83)
3:38 AM: Memory Sweep Complete, Elapsed Time: 00:01:00
3:38 AM: Starting Registry Sweep
3:38 AM: Found System Monitor: sc-keylog
3:38 AM: HKLM\software\microsoft\windows nt\currentversion\winlogon\notify\explorer\ (6 subtraces) (ID = 140468)
3:38 AM: Found Adware: targetsoft
3:38 AM: HKLM\software\microsoft\windows\currentversion\uninstall\tsl installer\ (1 subtraces) (ID = 143608)
3:38 AM: Found Adware: targetsaver
3:38 AM: HKLM\software\microsoft\windows\currentversion\uninstall\tsl installer\ (1 subtraces) (ID = 143608)
3:38 AM: Found Adware: ist sidefind
3:38 AM: HKU\WRSS_Profile_S-1-5-21-1275210071-854245398-725345543-1003\software\microsoft\internet explorer\extensions\cmdmapping\ || {10e42047-deb9-4535-a118-b3f6ec39b807} (ID = 141778)
3:38 AM: HKU\WRSS_Profile_S-1-5-21-1275210071-854245398-725345543-1003\software\tsl2\ (1 subtraces) (ID = 143616)
3:38 AM: Found Adware: findthewebsiteyouneed hijacker
3:38 AM: HKU\WRSS_Profile_S-1-5-21-1275210071-854245398-725345543-1003\software\microsoft\internet explorer\search\searchassistant explorer\main\ || default_search_url (ID = 555437)
3:38 AM: HKU\S-1-5-18\software\microsoft\internet explorer\extensions\cmdmapping\ || {10e42047-deb9-4535-a118-b3f6ec39b807} (ID = 141778)
3:38 AM: Registry Sweep Complete, Elapsed Time:00:00:11
3:38 AM: Starting Cookie Sweep
3:38 AM: Found Spy Cookie: adlegend cookie
3:38 AM: [email protected][2].txt (ID = 2074)
3:38 AM: Found Spy Cookie: hbmediapro cookie
3:38 AM: [email protected][2].txt (ID = 2768)
3:38 AM: Found Spy Cookie: ads.stileproject cookie
3:38 AM: [email protected][1].txt (ID = 2127)
3:38 AM: Found Spy Cookie: ask cookie
3:38 AM: [email protected][1].txt (ID = 2245)
3:38 AM: Found Spy Cookie: howstuffworks cookie
3:38 AM: [email protected][1].txt (ID = 2806)
3:38 AM: Found Spy Cookie: 360i cookie
3:38 AM: [email protected][1].txt (ID = 1962)
3:38 AM: Found Spy Cookie: wtlive.com cookie
3:38 AM: [email protected][2].txt (ID = 3700)
3:38 AM: [email protected][1].txt (ID = 2806)
3:38 AM: [email protected][1].txt (ID = 2805)
3:38 AM: Found Spy Cookie: nextag cookie
3:38 AM: [email protected][1].txt (ID = 5014)
3:38 AM: Found Spy Cookie: tvguide cookie
3:38 AM: [email protected][2].txt (ID = 3600)
3:38 AM: Found Spy Cookie: paypopup cookie
3:38 AM: [email protected][1].txt (ID = 3119)
3:38 AM: Found Spy Cookie: rn11 cookie
3:38 AM: [email protected][2].txt (ID = 3261)
3:38 AM: [email protected][1].txt (ID = 3600)
3:38 AM: [email protected][1].txt (ID = 2806)
3:38 AM: [email protected][1].txt (ID = 3600)
3:38 AM: Found Spy Cookie: servlet cookie
3:38 AM: [email protected][1].txt (ID = 3345)
3:38 AM: [email protected][3].txt (ID = 3345)
3:38 AM: Found Spy Cookie: [email protected] cookie
3:38 AM: [email protected][2].txt (ID = 3367)
3:38 AM: [email protected][2].txt (ID = 3599)
3:38 AM: Found Spy Cookie: myaffiliateprogram.com cookie
3:38 AM: [email protected][2].txt (ID = 3032)
3:38 AM: Found Spy Cookie: xiti cookie
3:38 AM: [email protected][1].txt (ID = 3717)
3:38 AM: Found Spy Cookie: yieldmanager cookie
3:38 AM: [email protected][1].txt (ID = 3749)
3:38 AM: [email protected][2].txt (ID = 3751)
3:38 AM: Found Spy Cookie: pointroll cookie
3:38 AM: [email protected][2].txt (ID = 3148)
3:38 AM: Found Spy Cookie: atlas dmt cookie
3:38 AM: [email protected][2].txt (ID = 2253)
3:38 AM: Found Spy Cookie: bluestreak cookie
3:38 AM: [email protected][1].txt (ID = 2314)
3:38 AM: Found Spy Cookie: overture cookie
3:38 AM: [email protected][1].txt (ID = 3106)
3:38 AM: Cookie Sweep Complete, Elapsed Time: 00:00:01
3:38 AM: Starting File Sweep
3:39 AM: Found Adware: look2me
3:39 AM: icont.exe (ID = 65722)
3:40 AM: Found Adware: quicklink search toolbar
3:40 AM: preuninstallql.exe (ID = 131326)
3:40 AM: Found Adware: sp2ms
3:40 AM: msresearch.exe (ID = 148760)
3:41 AM: Found Adware: isearch desktop search
3:41 AM: command.exe (ID = 144946)
3:41 AM: sp2update00.exe (ID = 148759)
3:47 AM: Found Adware: 7adpower
3:47 AM: backup-20051026-033240-161.dll (ID = 48430)
3:47 AM: backup-20051026-033240-161.inf (ID = 48429)
3:51 AM: File Sweep Complete, Elapsed Time: 00:12:45
3:51 AM: Full Sweep has completed. Elapsed time 00:14:05
3:51 AM: Traces Found: 53
3:54 AM: Removal process initiated
3:54 AM: Quarantining All Traces: look2me
3:54 AM: Quarantining All Traces: sc-keylog
3:54 AM: Quarantining All Traces: 7adpower
3:54 AM: Quarantining All Traces: findthewebsiteyouneed hijacker
3:54 AM: Quarantining All Traces: icannnews
3:54 AM: icannnews is in use. It will be removed on reboot.
3:54 AM: C:\WINDOWS\system32\hr8605lse.dll is in use. It will be removed on reboot.
3:54 AM: C:\WINDOWS\system32\ckgbkend.dll is in use. It will be removed on reboot.
3:54 AM: Quarantining All Traces: isearch desktop search
3:54 AM: Quarantining All Traces: ist sidefind
3:54 AM: Quarantining All Traces: quicklink search toolbar
3:54 AM: Quarantining All Traces: sp2ms
3:54 AM: Quarantining All Traces: targetsaver
3:54 AM: Quarantining All Traces: targetsoft
3:54 AM: Quarantining All Traces: 360i cookie
3:54 AM: Quarantining All Traces: adlegend cookie
3:54 AM: Quarantining All Traces: ads.stileproject cookie
3:54 AM: Quarantining All Traces: ask cookie
3:54 AM: Quarantining All Traces: atlas dmt cookie
3:54 AM: Quarantining All Traces: bluestreak cookie
3:54 AM: Quarantining All Traces: hbmediapro cookie
3:55 AM: Quarantining All Traces: howstuffworks cookie
3:55 AM: Quarantining All Traces: myaffiliateprogram.com cookie
3:55 AM: Quarantining All Traces: nextag cookie
3:55 AM: Quarantining All Traces: overture cookie
3:55 AM: Quarantining All Traces: paypopup cookie
3:55 AM: Quarantining All Traces: pointroll cookie
3:55 AM: Quarantining All Traces: rn11 cookie
3:55 AM: Quarantining All Traces: servlet cookie
3:55 AM: Quarantining All Traces: [email protected] cookie
3:55 AM: Quarantining All Traces: tvguide cookie
3:55 AM: Quarantining All Traces: wtlive.com cookie
3:55 AM: Quarantining All Traces: xiti cookie
3:55 AM: Quarantining All Traces: yieldmanager cookie
3:55 AM: Preparing to restart your computer. Please wait...
3:55 AM: Removal process completed. Elapsed time 00:01:09
********
3:28 AM: | Start of Session, Wednesday, October 26, 2005 |
3:28 AM: Spy Sweeper started
3:29 AM: Your spyware definitions have been updated.


hijackthis logfile:

Logfile of HijackThis v1.99.1
Scan saved at 4:00:04 AM, on 10/26/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\devldr32.exe
E:\Download\HijackThis.exe

O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [WallpaperChanger] C:\Program Files\Wallpaper Master\Wallpaper.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by102fd.bay102.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1119902474390
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_1/axofupld.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.0 Control) - http://www.photolab.ca/en/Photo/ImageUploader3.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C9BE1C2B-5884-4DA7-9D50-88FE51BE718A}: NameServer = 192.168.0.1
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe

P.S. i am wondering do you guys still accept any volunteer, although, i am not as good as you guys, with proper training i believe i could shoulder some of your load.
 

·
TSF Security Team, Emeritus
Joined
·
26,363 Posts
P.S. i am wondering do you guys still accept any volunteer,
You can read about joining our fight against malware in 1st page of this forum. Admission is free but commitment is priceless.


Please do the following:

Download & immediately run - L2MFix.exe
Click "Install" to extract the contents to a newly created folder.

Close all other opened programs before running this tool

From within the newly created folder, locate & run L2mfix.bat
Select option #2 - Run Fix - by typing 2

Press any key to reboot your computer.
After the reboot, your Desktop and icons will appear, then disappear (this is normal). L2mfix will continue to scan your computer and when it's finished, you will be presented with a log. Save the contents of that log as I shall require you to post it in your next reply after completing the fix.

DO NOT RUN ANY OTHER FILES IN THE L2MFIX FOLDER UNLESS INSTRUCTED

If you receive an error - \system32\Autoexec.nt is not suitable for running MS-Dos applications, you will need to visit this website to download additional files.


* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


Download and install CleanUp!

Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu).
Set the program up as follows:
Click "Options..."
Move the arrow down to "Custom CleanUp!"
Put a check next to the following (Make sure nothing else is checked!):
  • Empty Recycle Bins
  • Delete Cookies
  • Delete Prefetch files
  • Cleanup! All Users
Click OK
Press the CleanUp! button to start the program.

It may ask you to reboot at the end, click NO.


* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


Then, perform an online scan with Internet Explorer with Panda ActiveScan
** click on "Free use ActiveScan" located on the top right hand corner
  1. Click Scan your PC & a 'pop up' window shall appear. *ensure that your pop up blocker doesn't block it
  2. Click Scan Now
  3. Enter your e-mail address & click Scan Now ...begins downloading 8 MB Panda's ActiveX controls
Begin the scan by selecting My Computer
  • If it finds any malware, it will offer you a report.
  • Click on see report. Then click Save report

Copy the results of the ActiveScan and paste them here along with a new HiJackThis log and the
 
1 - 4 of 4 Posts
Status
Not open for further replies.
Top