Sorry for the delay in response. Everyone who helps out here is a volunteer and sometimes there are just not enough available to keep up with demand.
Your HijackThis log appears to be incomplete. It also shows that you are running a completely unpatched version of windows XP. This is dangerous because you are missing many security patches and fixes contained in both sp1, sp2 and subsequent updates.
Please do the following:
Click "Start" = >"Run". Type "MSConfig" (without the quotes), into the Open drop-down box. Click "OK". Select "Normal start up-load all device drivers and services". Click "Apply" = >"OK". Reboot normally.
Please do an online scan with Kaspersky Online Scanner: You will be prompted to install an ActiveX component from Kaspersk: Click Yes. Mozilla Firefox does not support ActiveX. You must use Internet Explorer for this scan .
Program will launch and then download the latest definition files.
Once the scanner and definitions are installed: Click Next.
Click Scan Settings
Make sure that the following are selected:
Scan using the following Anti-Virus database:
Extended (If available, otherwise Standard)
Scan Options:
Scan Archives
Scan Mail Bases
Click OK
Under select a target to scan:
Select My Computer
The scan will take a while so be patient and let it run.
When the scan is complete you'll see a list of any infections that were found.
Click the Save as Text button
Save file to your desktop.
Please run a new HijackThis scan DO NOT reenable Selective Startup. To effectively check out your system, we need the listing of all services and programs. Selective Startup does not provide this.
Thanks for the help! I tried to do a Kaspersky scan 3x and each time the scan stopped (for 5-24 hours) on one system restore file. I did do another Hijackthis scan. Here it is..
Thanks again,
Sarah
Logfile of HijackThis v1.99.1
Scan saved at 12:03:15 PM, on 1/21/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
There's nothing suspicious looking in your log file. Very often, a virus will show up In the System Restore folder and nowhere else. If you wrote down the name of the virus Kaspersky found, that would be very helpful. If you did not, all is not lost. We can do the following:
On the Desktop, right-click My Computer. Click Properties. Click the System Restore tab. Check Turn off System Restore. Click Apply, and then click OK. 2. Reboot.
After you reboot, please run the Kaspersky scan again. If it hangs again, write down the full path and filename at which the hangup occurred. Also, please write down the name of the virus which was detected. Please reverse the above process to reenable System Restore once the scan is finished.
Meanwhile, I discovered a few things while researching your log file. They may be helpful in improving your system performance. Pay particular attention to the last entry below.
The following are optional fixes. They are available through Start => Programs and are known resource hogs: Please read the description following each and decide whether you need them to launch at Startup or not.
Run HijackThis and place a check mark (tic) next to the following:
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe => Available via Start => Programs.
The following will Start when Adobe is launched: O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE => This is a well known resource hog. All Office modules are available via Start => Programs.
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe => From Answers That Work: PCTSPK.EXE and the related PCTVOICE.EXE occasionally run away with CPU consumption, up to 95%-100%, causing the inevitable extreme PC slow-down or freeze. In all cases that we have seen, disabling this process has not given the user any problem in his use of the modem. NOTE:According to CastleCops, you may lose speakerphone and/or voice conferencing functions if you disable this service. If this happens, we can it reenable it Using Hijackthis's restore feature.
WITH ALL OTHER WINDOWS CLOSED, Click Fix Checked.
In your next reply please include the following:
The results (if any) from the Kaspersky scan.
A fresh HijackThis log.
A description of any symptoms remaining, or new ones that just started. :smileyhappy:
The Kaspersky scan was able to finish after I turned System Restore off. It said that no malware was found but there were quite a few files that were locked. I made all of your optional fixes and ran another hijackthis log. Everything seems to be working:)
Thanks again!
Sarah
Tuesday, January 23, 2007 10:24:17 AM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 23/01/2007
Kaspersky Anti-Virus database records: 261215
Scan SettingsScan using the following antivirus databaseextendedScan ArchivestrueScan Mail Basestrue
Scan TargetMy ComputerA:\
C:\
D:\
Scan StatisticsTotal number of scanned objects39764Number of viruses found0Number of infected objects0 / 0Number of suspicious objects0Duration of the scan process01:22:44
Infected Object NameVirus NameLast ActionC:\Documents and Settings\All Users\Application Data\Carbonite\Carbonite Backup\CarboniteNSE.logObject is lockedskippedC:\Documents and Settings\All Users\Application Data\Carbonite\Carbonite Backup\CarboniteUI.logObject is lockedskippedC:\Documents and Settings\LocalService\Cookies\index.datObject is lockedskippedC:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.datObject is lockedskippedC:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOGObject is lockedskippedC:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.datObject is lockedskippedC:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.datObject is lockedskippedC:\Documents and Settings\LocalService\ntuser.datObject is lockedskippedC:\Documents and Settings\LocalService\ntuser.dat.LOGObject is lockedskippedC:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.datObject is lockedskippedC:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOGObject is lockedskippedC:\Documents and Settings\NetworkService\NTUSER.DATObject is lockedskippedC:\Documents and Settings\NetworkService\ntuser.dat.LOGObject is lockedskippedC:\Documents and Settings\Sarah\Application Data\Bitdefender\Desktop\Profiles\asdict.datObject is lockedskippedC:\Documents and Settings\Sarah\Cookies\index.datObject is lockedskippedC:\Documents and Settings\Sarah\Local Settings\Application Data\Microsoft\Feeds Cache\index.datObject is lockedskippedC:\Documents and Settings\Sarah\Local Settings\Application Data\Microsoft\Windows\UsrClass.datObject is lockedskippedC:\Documents and Settings\Sarah\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOGObject is lockedskippedC:\Documents and Settings\Sarah\Local Settings\History\History.IE5\index.datObject is lockedskippedC:\Documents and Settings\Sarah\Local Settings\History\History.IE5\MSHist012007012320070124\index.datObject is lockedskippedC:\Documents and Settings\Sarah\Local Settings\Temp\~DF5BEB.tmpObject is lockedskippedC:\Documents and Settings\Sarah\Local Settings\Temporary Internet Files\Content.IE5\index.datObject is lockedskippedC:\Documents and Settings\Sarah\ntuser.datObject is lockedskippedC:\Documents and Settings\Sarah\ntuser.dat.LOGObject is lockedskippedC:\Program Files\Carbonite\Carbonite Backup\data\Carbonite.logObject is lockedskippedC:\Program Files\Carbonite\Carbonite Backup\data\CarboniteConfig.DATObject is lockedskippedC:\Program Files\Carbonite\Carbonite Backup\data\CarboniteFiles.DATObject is lockedskippedC:\Program Files\Carbonite\Carbonite Backup\data\CarboniteRestores.DATObject is lockedskippedC:\Program Files\Carbonite\Carbonite Backup\data\CarboniteVersions.DATObject is lockedskippedC:\Program Files\Common Files\Softwin\BitDefender Firewall\bdfirewall.txtObject is lockedskippedC:\Program Files\Softwin\BitDefender10\aspdict.datObject is lockedskippedC:\System Volume Information\MountPointManagerRemoteDatabaseObject is lockedskippedC:\WINDOWS\Debug\PASSWD.LOGObject is lockedskippedC:\WINDOWS\Registration\{02D4B3F1-FD88-11D1-960D-00805FC79235}.{C0F3A3F1-B37F-4BBB-A55F-0DF0F2912B99}.crmlogObject is lockedskippedC:\WINDOWS\SchedLgU.TxtObject is lockedskippedC:\WINDOWS\SoftwareDistribution\EventCache\{90F1BAF4-E8A1-404D-9F1C-7FC0C8ED4FE8}.binObject is lockedskippedC:\WINDOWS\SoftwareDistribution\ReportingEvents.logObject is lockedskippedC:\WINDOWS\Sti_Trace.logObject is lockedskippedC:\WINDOWS\system32\CatRoot2\edb.logObject is lockedskippedC:\WINDOWS\system32\CatRoot2\tmp.edbObject is lockedskippedC:\WINDOWS\system32\config\AppEvent.EvtObject is lockedskippedC:\WINDOWS\system32\config\defaultObject is lockedskippedC:\WINDOWS\system32\config\default.LOGObject is lockedskippedC:\WINDOWS\system32\config\Internet.evtObject is lockedskippedC:\WINDOWS\system32\config\SAMObject is lockedskippedC:\WINDOWS\system32\config\SAM.LOGObject is lockedskippedC:\WINDOWS\system32\config\SecEvent.EvtObject is lockedskippedC:\WINDOWS\system32\config\SECURITYObject is lockedskippedC:\WINDOWS\system32\config\SECURITY.LOGObject is lockedskippedC:\WINDOWS\system32\config\softwareObject is lockedskippedC:\WINDOWS\system32\config\software.LOGObject is lockedskippedC:\WINDOWS\system32\config\SysEvent.EvtObject is lockedskippedC:\WINDOWS\system32\config\systemObject is lockedskippedC:\WINDOWS\system32\config\system.LOGObject is lockedskippedC:\WINDOWS\system32\h323log.txtObject is lockedskippedC:\WINDOWS\system32\MsDtc\MSDTC.LOGObject is lockedskippedC:\WINDOWS\system32\MsDtc\Trace\dtctrace.logObject is lockedskippedC:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTRObject is lockedskippedC:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAPObject is lockedskippedC:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VERObject is lockedskippedC:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAPObject is lockedskippedC:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAPObject is lockedskippedC:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATAObject is lockedskippedC:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAPObject is lockedskippedC:\WINDOWS\Temp\tmp0000628d\tmp00000000Object is lockedskippedC:\WINDOWS\wiadebug.logObject is lockedskippedC:\WINDOWS\wiaservc.logObject is lockedskippedC:\WINDOWS\WindowsUpdate.logObject is lockedskipped
Scan process completed.
Logfile of HijackThis v1.99.1
Scan saved at 10:33:06 AM, on 1/23/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Those locked files indicate either protected system files or files related to a process that was running when the scan was done. Nothing suspicious looking in there. If everything is running good:
Congratulations!Your log looks clean - good work!
Below is my standard "Final Cleanup" and "All Clean" speech. Included in it are tips on how to keep your computer from being reinfected. They are simple to set up and simple to maintain, and I HIGHLY recommend that you follow them. (I use every one.)
Download and scan withCCleaner NOTE: Starting with v1.27.260,
CCleaner installs the Yahoo Toolbar as an option which IS checkmarked by default during the installation. IF you do
NOT want it,
REMOVE the checkmark when provided with the option
OR download the toolbarfree
Basic version instead of the Standard Build.
Before first use:
Sselect
Options=>
Advanced.
UNCHECK "
Only delete files in Windows Temp folder older than 48 hours"
Select the items you wish to clean up.
A note regarding cookies: CCleaner allows you to keep the cookies from selected sites such as those which use cookies to save your login information.
From the main screen:
Click Options=>Cookies.
Highlight the web sites you wish to keep.
Click "->" button.
Click Cleaner button to return to main screen.
Windows tab:
**Internet Explorer** header:
Select everything .
**Windows Explorer** header:
Select all
**System** header:
Select all
Advanced tab:
Select all entries
Select any others that you choose.
Applications tab:
**Firefox/Mozilla header **(if you use it).
Select all
**Opera** header (if you use it).
Select all
**Internet** header.
Select Sun Java
Select any others thatyou choose.
Caution: It is not recommended that you use the "Issues" feature unless you are very familiar with the registry as it has been known to find legitimate items.
Click the "Run Cleaner" button.
A pop up box will appear advising this process will permanently delete files from your system.
Click "OK"
CCleaner will scan and clean your system.
When cleaning is complete:
Click "Exit".
Repeat for all usernames.
If everything is running ok, let's do the final cleanup...
1. Run "
Disk Cleanup" and allow it to remove everything it finds.
2. If you've downloaded
MicroWorld AV (
MWAV), run it again - but don't scan, just click "
Clear Log" and exit the program.
3. Please go
HERE to run the
Trend Micro HouseCall Scan.
***Colored items*** available in
Internet Explorer only
Read and place a check mark next to-"Yes, I accept the terms of use".
Place a check mark next to-"I want to select a different Housecall Kernel".
Click Launch HouseCall.
Select:
Using Java-Based Housecall Kernel
Click Starting HouseCall.
****Or****
"Browser plug-in" Installing and using the Housecall Kernel
Click Starting HouseCall(Allow ActiveX install)
Choose:
"Scan complete computer for malware, greyware and vulnerabilities".
Click Next.
****Or****
"Scan individuals selected folders only".
Click Select.
Select folders to scan.
Click Next.
Please be patient, the scan can take a while.
When the scan is finished, a summary page will open.
Under Cleanup options.
Choose:
Clean all detected infections automatically.
Click Clean now >> .
If malware was found, you may be prompted to run the scan again
You can just close the browser window.
Please write down the full path and filename of anything that could not be cleaned/deleted.
Here are some tips, to reduce the potential for spyware infection in the future, I strongly recommend installing the following applications:
Spywareblaster=> SpywareBlaster will prevent spyware from being installed.
Spywareguard=> SpywareGuard offers realtime protection from spyware installation attempts.
How to use Ad-Aware to remove Spyware=> If you suspect that you have spyware installed on your computer, here are instructions on how to download, install and then use Ad-Aware.
How to use Spybot to remove Spyware=> If you suspect that you have spyware installed on your computer, here are instructions on how to download, install and then use Spybot. Similar to Ad-Aware, I strongly recommend both to catch most spyware
To protect yourself further:
IE/Spyad=> IE/Spyad places over 4000 websites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites.
MVPS Hosts file=> The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer.
Google Toolbar=> Get the free google toolbar to help stop pop up windows.
Use a Firewall=> I can not stress enough how important it is that you use a Firewall on your computer. For an excellent article on Firewalls, why you should use one and a some of those available, see Computer Safety On line - Software Firewalls. I recommend ZoneAlarm or Sunbelts Kerio. ZoneAlarm is more user-friendly, but Sunbelts Kerio is considered more secure.
UPDATE!-UPDATE!-UPDATE!=> This is, without a doubt, THE MOST IMPORTANT element in keeping your computer free of malware. Keep each and every one of your anti-malware tools AND Windows up-to-date with all current definitions and patches.
I also suggest that you delete your temporary files by deleting all files and folders that are in those folders (do
not delete the
temp folder itself), for example:
C:\WINDOWS\Temp\--->Everything After the \.
C:\Temp\--->Everything After the \.
C:\Documents and Settings\username\Local Settings\Temp\--->Everything After the \.
Repeat for all users.
Also delete your Temporary Internet Files and cookies:
Click Start=>Control Panel=>Internet options.
Under the Generaltab.
Click Delete Files button.
Place a check-mark in Delete all off-line content.
Click OK
Click Delete Cookies
Click OK=>OK
Exit Control Panel
Repeat for all users.
In
Firefox:
Click Tools=>Options=>Privacy icon.
Click Cache tab.
Click Clear Cache button.
Click Cookies tab.
Click Clear Cookies Now button.
Click OK
Repeat for all users.
Empty the recycle bin:
Right-click the Recycle Bin icon on your desktop.
Select "Empty Recycle Bin".
Repeat forall users.
Note: You can also do the above steps using a program such as
CCleaner.
PLEASE NOTE: The above steps should be done on a regular basis.
****** PLEASE READ ****** it is very rewarding to see that your computer is clean. Now we urge you to
stand up and be counted! Document your experience, and by doing so, launch a complaint against the makers of malware. You
can make a difference. Click on the
Malware Complaints icon in my signature and support our cause.
If you are having any more problems, post back the description along with a fresh HijackThis log. :smileyhappy:
SpotCheckBilly
932 Posts
0
January 19th, 2007 23:00
Sorry for the delay in response. Everyone who helps out here is a volunteer and sometimes there are just not enough available to keep up with demand.
Your HijackThis log appears to be incomplete. It also shows that you are running a completely unpatched version of windows XP. This is dangerous because you are missing many security patches and fixes contained in both sp1, sp2 and subsequent updates.
Please do the following:
Click "Start" = >"Run".
Type "MSConfig" (without the quotes), into the Open drop-down box.
Click "OK".
Select "Normal start up-load all device drivers and services".
Click "Apply" = >"OK".
Reboot normally.
Please do an online scan with Kaspersky Online Scanner:
You will be prompted to install an ActiveX component from Kaspersk:
Click Yes.
Mozilla Firefox does not support ActiveX. You must use Internet Explorer for this scan .
Please run a new HijackThis scan DO NOT reenable Selective Startup. To effectively check out your system, we need the listing of all services and programs. Selective Startup does not provide this.
In your next reply please include the following:
- The results of the Kaspersky online scan.
- Your new HijackThis log. :smileyhappy:
SpotCheckBillysarahfey
3 Posts
0
January 22nd, 2007 00:00
Scan saved at 12:03:15 PM, on 1/21/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Softwin\BitDefender10\bdmcon.exe
C:\Program Files\Softwin\BitDefender10\bdagent.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
C:\Program Files\Palm\Hotsync.exe
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
C:\Program Files\Softwin\BitDefender10\vsserv.exe
C:\Program Files\Hijackthis\H.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: DataViz Inc Messenger.lnk = C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\Palm\Hotsync.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1168396910436
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1168877644455
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender10\vsserv.exe" /service (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)
SpotCheckBilly
932 Posts
0
January 22nd, 2007 23:00
There's nothing suspicious looking in your log file. Very often, a virus will show up In the System Restore folder and nowhere else. If you wrote down the name of the virus Kaspersky found, that would be very helpful. If you did not, all is not lost. We can do the following:
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.
2. Reboot.
After you reboot, please run the Kaspersky scan again. If it hangs again, write down the full path and filename at which the hangup occurred. Also, please write down the name of the virus which was detected. Please reverse the above process to reenable System Restore once the scan is finished.
Meanwhile, I discovered a few things while researching your log file. They may be helpful in improving your system performance. Pay particular attention to the last entry below.
The following are optional fixes. They are available through Start => Programs and are known resource hogs: Please read the description following each and decide whether you need them to launch at Startup or not.
Run HijackThis and place a check mark (tic) next to the following:
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe => Available via Start => Programs.
The following will Start when Adobe is launched:
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE => This is a well known resource hog. All Office modules are available via Start => Programs.
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe => From Answers That Work: PCTSPK.EXE and the related PCTVOICE.EXE occasionally run away with CPU consumption, up to 95%-100%, causing the inevitable extreme PC slow-down or freeze. In all cases that we have seen, disabling this process has not given the user any problem in his use of the modem. NOTE:According to CastleCops, you may lose speakerphone and/or voice conferencing functions if you disable this service. If this happens, we can it reenable it Using Hijackthis's restore feature.
WITH ALL OTHER WINDOWS CLOSED, Click Fix Checked.
In your next reply please include the following:
- The results (if any) from the Kaspersky scan.
- A fresh HijackThis log.
- A description of any symptoms remaining, or new ones that just started. :smileyhappy:
SpotCheckBillysarahfey
3 Posts
0
January 23rd, 2007 16:00
Thanks again!
Sarah
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 23/01/2007
Kaspersky Anti-Virus database records: 261215
Scan SettingsScan using the following antivirus databaseextendedScan ArchivestrueScan Mail Basestrue Scan TargetMy ComputerA:\
C:\
D:\ Scan StatisticsTotal number of scanned objects39764Number of viruses found0Number of infected objects0 / 0Number of suspicious objects0Duration of the scan process01:22:44
Infected Object Name Virus Name Last ActionC:\Documents and Settings\All Users\Application Data\Carbonite\Carbonite Backup\CarboniteNSE.logObject is lockedskippedC:\Documents and Settings\All Users\Application Data\Carbonite\Carbonite Backup\CarboniteUI.logObject is lockedskippedC:\Documents and Settings\LocalService\Cookies\index.datObject is lockedskippedC:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.datObject is lockedskippedC:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOGObject is lockedskippedC:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.datObject is lockedskippedC:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.datObject is lockedskippedC:\Documents and Settings\LocalService\ntuser.datObject is lockedskippedC:\Documents and Settings\LocalService\ntuser.dat.LOGObject is lockedskippedC:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.datObject is lockedskippedC:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOGObject is lockedskippedC:\Documents and Settings\NetworkService\NTUSER.DATObject is lockedskippedC:\Documents and Settings\NetworkService\ntuser.dat.LOGObject is lockedskippedC:\Documents and Settings\Sarah\Application Data\Bitdefender\Desktop\Profiles\asdict.datObject is lockedskippedC:\Documents and Settings\Sarah\Cookies\index.datObject is lockedskippedC:\Documents and Settings\Sarah\Local Settings\Application Data\Microsoft\Feeds Cache\index.datObject is lockedskippedC:\Documents and Settings\Sarah\Local Settings\Application Data\Microsoft\Windows\UsrClass.datObject is lockedskippedC:\Documents and Settings\Sarah\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOGObject is lockedskippedC:\Documents and Settings\Sarah\Local Settings\History\History.IE5\index.datObject is lockedskippedC:\Documents and Settings\Sarah\Local Settings\History\History.IE5\MSHist012007012320070124\index.datObject is lockedskippedC:\Documents and Settings\Sarah\Local Settings\Temp\~DF5BEB.tmpObject is lockedskippedC:\Documents and Settings\Sarah\Local Settings\Temporary Internet Files\Content.IE5\index.datObject is lockedskippedC:\Documents and Settings\Sarah\ntuser.datObject is lockedskippedC:\Documents and Settings\Sarah\ntuser.dat.LOGObject is lockedskippedC:\Program Files\Carbonite\Carbonite Backup\data\Carbonite.logObject is lockedskippedC:\Program Files\Carbonite\Carbonite Backup\data\CarboniteConfig.DATObject is lockedskippedC:\Program Files\Carbonite\Carbonite Backup\data\CarboniteFiles.DATObject is lockedskippedC:\Program Files\Carbonite\Carbonite Backup\data\CarboniteRestores.DATObject is lockedskippedC:\Program Files\Carbonite\Carbonite Backup\data\CarboniteVersions.DATObject is lockedskippedC:\Program Files\Common Files\Softwin\BitDefender Firewall\bdfirewall.txtObject is lockedskippedC:\Program Files\Softwin\BitDefender10\aspdict.datObject is lockedskippedC:\System Volume Information\MountPointManagerRemoteDatabaseObject is lockedskippedC:\WINDOWS\Debug\PASSWD.LOGObject is lockedskippedC:\WINDOWS\Registration\{02D4B3F1-FD88-11D1-960D-00805FC79235}.{C0F3A3F1-B37F-4BBB-A55F-0DF0F2912B99}.crmlogObject is lockedskippedC:\WINDOWS\SchedLgU.TxtObject is lockedskippedC:\WINDOWS\SoftwareDistribution\EventCache\{90F1BAF4-E8A1-404D-9F1C-7FC0C8ED4FE8}.binObject is lockedskippedC:\WINDOWS\SoftwareDistribution\ReportingEvents.logObject is lockedskippedC:\WINDOWS\Sti_Trace.logObject is lockedskippedC:\WINDOWS\system32\CatRoot2\edb.logObject is lockedskippedC:\WINDOWS\system32\CatRoot2\tmp.edbObject is lockedskippedC:\WINDOWS\system32\config\AppEvent.EvtObject is lockedskippedC:\WINDOWS\system32\config\defaultObject is lockedskippedC:\WINDOWS\system32\config\default.LOGObject is lockedskippedC:\WINDOWS\system32\config\Internet.evtObject is lockedskippedC:\WINDOWS\system32\config\SAMObject is lockedskippedC:\WINDOWS\system32\config\SAM.LOGObject is lockedskippedC:\WINDOWS\system32\config\SecEvent.EvtObject is lockedskippedC:\WINDOWS\system32\config\SECURITYObject is lockedskippedC:\WINDOWS\system32\config\SECURITY.LOGObject is lockedskippedC:\WINDOWS\system32\config\softwareObject is lockedskippedC:\WINDOWS\system32\config\software.LOGObject is lockedskippedC:\WINDOWS\system32\config\SysEvent.EvtObject is lockedskippedC:\WINDOWS\system32\config\systemObject is lockedskippedC:\WINDOWS\system32\config\system.LOGObject is lockedskippedC:\WINDOWS\system32\h323log.txtObject is lockedskippedC:\WINDOWS\system32\MsDtc\MSDTC.LOGObject is lockedskippedC:\WINDOWS\system32\MsDtc\Trace\dtctrace.logObject is lockedskippedC:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTRObject is lockedskippedC:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAPObject is lockedskippedC:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VERObject is lockedskippedC:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAPObject is lockedskippedC:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAPObject is lockedskippedC:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATAObject is lockedskippedC:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAPObject is lockedskippedC:\WINDOWS\Temp\tmp0000628d\tmp00000000Object is lockedskippedC:\WINDOWS\wiadebug.logObject is lockedskippedC:\WINDOWS\wiaservc.logObject is lockedskippedC:\WINDOWS\WindowsUpdate.logObject is lockedskipped Scan process completed.
Scan saved at 10:33:06 AM, on 1/23/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Softwin\BitDefender10\bdmcon.exe
C:\Program Files\Softwin\BitDefender10\bdagent.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
C:\Program Files\Palm\Hotsync.exe
C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Softwin\BitDefender10\vsserv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Hijackthis\H.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [Carbonite Backup] C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: DataViz Inc Messenger.lnk = C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\Palm\Hotsync.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1168396910436
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1168877644455
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: CarboniteService - Carbonite, Inc. ( www.carbonite.com) - C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender10\vsserv.exe" /service (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)
SpotCheckBilly
932 Posts
0
January 23rd, 2007 22:00
Those locked files indicate either protected system files or files related to a process that was running when the scan was done. Nothing suspicious looking in there. If everything is running good:
Congratulations! Your log looks clean - good work!
Below is my standard "Final Cleanup" and "All Clean" speech. Included in it are tips on how to keep your computer from being reinfected. They are simple to set up and simple to maintain, and I HIGHLY recommend that you follow them. (I use every one.)
Download and scan with CCleaner
NOTE: Starting with v1.27.260, CCleaner installs the Yahoo Toolbar as an option which IS checkmarked by default during the installation. IF you do NOT want it, REMOVE the checkmark when provided with the option OR download the toolbarfree Basic version instead of the Standard Build.
Before first use:
Sselect Options=> Advanced.
UNCHECK " Only delete files in Windows Temp folder older than 48 hours"
Select the items you wish to clean up.
A note regarding cookies: CCleaner allows you to keep the cookies from selected sites such as those which use cookies to save your login information.
From the main screen:
** Internet Explorer ** header:
** Windows Explorer ** header:
** System ** header:
- Applications tab:
- Select all
- Select all
- Select Sun Java
- Select any others thatyou choose.
Caution: It is not recommended that you use the "Issues" feature unless you are very familiar with the registry as it has been known to find legitimate items.** Firefox/Mozilla header ** (if you use it).
** Opera ** header (if you use it).
** Internet ** header.
If everything is running ok, let's do the final cleanup...
1. Run " Disk Cleanup" and allow it to remove everything it finds.
2. If you've downloaded MicroWorld AV ( MWAV), run it again - but don't scan, just click " Clear Log" and exit the program.
3. Please go HERE to run the Trend Micro HouseCall Scan.
***Colored items*** available in Internet Explorer only
- Read and place a check mark next to-"Yes, I accept the terms of use".
- Place a check mark next to-"I want to select a different Housecall Kernel".
- Click Launch HouseCall.
- Select:
- Using Java-Based Housecall Kernel
- Click Starting HouseCall.
- ****Or****
- "Browser plug-in" Installing and using the Housecall Kernel
- Click Starting HouseCall (Allow ActiveX install)
- Choose:
- "Scan complete computer for malware, greyware and vulnerabilities".
- Click Next.
- ****Or****
- "Scan individuals selected folders only".
- Click Select.
- Select folders to scan.
- Click Next.
- Please be patient, the scan can take a while.
- When the scan is finished, a summary page will open.
- Under Cleanup options.
- Choose:
- Clean all detected infections automatically.
- Click Clean now >> .
- If malware was found, you may be prompted to run the scan again
- You can just close the browser window.
- Please write down the full path and filename of anything that could not be cleaned/deleted.
4. Disable, then reenable System Restore; with a reboot in-between. Then immediately create a new system restore point manually.Here are some tips, to reduce the potential for spyware infection in the future, I strongly recommend installing the following applications:
- Spywareblaster => SpywareBlaster will prevent spyware from being installed.
- Spywareguard => SpywareGuard offers realtime protection from spyware installation attempts.
- How to use Ad-Aware to remove Spyware => If you suspect that you have spyware installed on your computer, here are instructions on how to download, install and then use Ad-Aware.
- How to use Spybot to remove Spyware => If you suspect that you have spyware installed on your computer, here are instructions on how to download, install and then use Spybot. Similar to Ad-Aware, I strongly recommend both to catch most spyware
To protect yourself further:- IE/Spyad => IE/Spyad places over 4000 websites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites.
- MVPS Hosts file => The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer.
- Google Toolbar => Get the free google toolbar to help stop pop up windows.
- Use a Firewall => I can not stress enough how important it is that you use a Firewall on your computer. For an excellent article on Firewalls, why you should use one and a some of those available, see Computer Safety On line - Software Firewalls. I recommend ZoneAlarm or Sunbelts Kerio. ZoneAlarm is more user-friendly, but Sunbelts Kerio is considered more secure.
- UPDATE!-UPDATE!-UPDATE! => This is, without a doubt, THE MOST IMPORTANT element in keeping your computer free of malware. Keep each and every one of your anti-malware tools AND Windows up-to-date with all current definitions and patches.
I also suggest that you delete your temporary files by deleting all files and folders that are in those folders (do not delete the temp folder itself), for example:- C:\WINDOWS\Temp\--->Everything After the \.
- C:\Temp\--->Everything After the \.
- C:\Documents and Settings\username\Local Settings\Temp\--->Everything After the \.
- Repeat for all users.
Also delete your Temporary Internet Files and cookies:- Click Start=>Control Panel=>Internet options.
- Under the Generaltab.
- Click Delete Files button.
- Place a check-mark in Delete all off-line content.
- Click OK
- Click Delete Cookies
- Click OK=>OK
- Exit Control Panel
- Repeat for all users.
In Firefox:- Click Tools=>Options=>Privacy icon.
- Click Cache tab.
- Click Clear Cache button.
- Click Cookies tab.
- Click Clear Cookies Now button.
- Click OK
- Repeat for all users.
Empty the recycle bin:- Right-click the Recycle Bin icon on your desktop.
- Select "Empty Recycle Bin".
- Repeat forall users.
Note: You can also do the above steps using a program such as CCleaner.PLEASE NOTE: The above steps should be done on a regular basis.
Also, please see: So how did I get infected in the first place?
****** PLEASE READ ******
it is very rewarding to see that your computer is clean. Now we urge you to stand up and be counted! Document your experience, and by doing so, launch a complaint against the makers of malware. You can make a difference. Click on the Malware Complaints icon in my signature and support our cause.
If you are having any more problems, post back the description along with a fresh HijackThis log. :smileyhappy:
SpotCheckBilly
goyall
21 Posts
0
April 23rd, 2008 05:00
Hi Billy....
Am facing a similiar problem....
Can you please guide me in fixing this?
I have performed the following tasks so far:
I was running Mcafee but since the subscription expired I uninstalled it and installed Norton.
Tried to repair Windows... to no avail...
will run HijackThis and post the results here in a few hours.
Thanks!!
Lalit.