There's no such thing as a stupid question, but they're the easiest to answer.
JoinTour
Login
Search
 
Malware Removal & HijackThis Logs
Tag Cloud
adware audio bios blue screen boot bsod computer crash dell desktop driver drivers email error excel firefox freeze google hard drive hardware hijackthis install internet itunes laptop linux malware network no sound outlook problem recovery router screen slow sound speakers spyware startup trojan usb video virus vista webcam windows windows 7 windows vista windows xp wireless
Search
Search for:
Tech Support Guy Forums > Security & Malware Removal > Malware Removal & HijackThis Logs >
Solved: Hijack This - Help with log analysis (New)

Tip: Click here to scan for System Errors and Optimize PC performance
[ Sponsored Link ]

Closed Thread
 
Thread Tools
ajeffrey's Avatar
Junior Member with 3 posts.
  
Join Date: Mar 2005
Experience: Beginner
11-Mar-2005, 02:33 AM #1
Solved: Hijack This - Help with log analysis
Hi

Could someone help me with this Hijack This log.
I can't open "My Documents", "Control Panel" etc.
Dr Watson Error message comes up.

I have already downloaded:
cwsserviceremove.zip and unziped it to desktop
CWShredder to desktop
AboutBuster to desktop (was about to update it when everything froze again!!)

I think time zone problems could pose an issue (I am in Sydney, Australia).
So if you think it would be better, please email me on email address removed to prevent harvsting by spammers

Thanks very much for any help!!!

AJ


====================================


Logfile of HijackThis v1.99.1
Scan saved at 6:17:50 PM, on 3/11/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\apied32.exe
C:\WINDOWS\mshg32.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\MICROS~2\Office10\OUTLOOK.EXE
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE
C:\Program Files\Logitech\ImageStudio\LogiTray.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Winamp3\winampa.exe
C:\Program Files\D-Tools\daemon.exe
C:\WINDOWS\system32\winta32.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\FBM Software\ZeroSpyware Lite\NetGuard Lite.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Logitech\ImageStudio\LowLight.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Documents and Settings\Adam\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\xdden.dll/sp.html#96676
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\xdden.dll/sp.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\xdden.dll/sp.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\xdden.dll/sp.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\xdden.dll/sp.html#96676
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\xdden.dll/sp.html#96676
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\xdden.dll/sp.html#96676
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {D1CD1D3E-77D8-5E66-C7CC-DEDD603B06F6} - C:\WINDOWS\system32\croh.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp3\winampa.exe"
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [winta32.exe] C:\WINDOWS\system32\winta32.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\RunOnce: [ieoe32.exe] C:\WINDOWS\system32\ieoe32.exe
O4 - HKLM\..\RunOnce: [crfx.exe] C:\WINDOWS\crfx.exe
O4 - HKLM\..\RunOnce: [msdb32.exe] C:\WINDOWS\msdb32.exe
O4 - HKLM\..\RunOnce: [ntoa32.exe] C:\WINDOWS\ntoa32.exe
O4 - HKLM\..\RunOnce: [javank.exe] C:\WINDOWS\system32\javank.exe
O4 - HKLM\..\RunOnce: [atljp32.exe] C:\WINDOWS\atljp32.exe
O4 - HKLM\..\RunOnce: [addit32.exe] C:\WINDOWS\system32\addit32.exe
O4 - HKLM\..\RunOnce: [mfckl32.exe] C:\WINDOWS\mfckl32.exe
O4 - HKLM\..\RunOnce: [mssw32.exe] C:\WINDOWS\system32\mssw32.exe
O4 - HKLM\..\RunOnce: [d3ue.exe] C:\WINDOWS\system32\d3ue.exe
O4 - HKLM\..\RunOnce: [atlmm32.exe] C:\WINDOWS\atlmm32.exe
O4 - HKLM\..\RunOnce: [wingp32.exe] C:\WINDOWS\system32\wingp32.exe
O4 - HKLM\..\RunOnce: [appmr32.exe] C:\WINDOWS\system32\appmr32.exe
O4 - HKLM\..\RunOnce: [javakp.exe] C:\WINDOWS\system32\javakp.exe
O4 - HKLM\..\RunOnce: [msmc32.exe] C:\WINDOWS\system32\msmc32.exe
O4 - HKLM\..\RunOnce: [mfchm.exe] C:\WINDOWS\mfchm.exe
O4 - HKLM\..\RunOnce: [nthd32.exe] C:\WINDOWS\system32\nthd32.exe
O4 - HKLM\..\RunOnce: [addox32.exe] C:\WINDOWS\system32\addox32.exe
O4 - HKLM\..\RunOnce: [ipor32.exe] C:\WINDOWS\system32\ipor32.exe
O4 - HKLM\..\RunOnce: [crlb32.exe] C:\WINDOWS\crlb32.exe
O4 - HKLM\..\RunOnce: [sdksc32.exe] C:\WINDOWS\sdksc32.exe
O4 - HKLM\..\RunOnce: [msdt.exe] C:\WINDOWS\msdt.exe
O4 - HKLM\..\RunOnce: [ipsz.exe] C:\WINDOWS\ipsz.exe
O4 - HKLM\..\RunOnce: [netfk.exe] C:\WINDOWS\netfk.exe
O4 - HKLM\..\RunOnce: [ipcs32.exe] C:\WINDOWS\system32\ipcs32.exe
O4 - HKLM\..\RunOnce: [sysrf32.exe] C:\WINDOWS\sysrf32.exe
O4 - HKLM\..\RunOnce: [mskf32.exe] C:\WINDOWS\mskf32.exe
O4 - HKLM\..\RunOnce: [sysih32.exe] C:\WINDOWS\sysih32.exe
O4 - HKLM\..\RunOnce: [ipbh.exe] C:\WINDOWS\ipbh.exe
O4 - HKLM\..\RunOnce: [sysct.exe] C:\WINDOWS\sysct.exe
O4 - HKLM\..\RunOnce: [crzc32.exe] C:\WINDOWS\crzc32.exe
O4 - HKLM\..\RunOnce: [sysna.exe] C:\WINDOWS\sysna.exe
O4 - HKLM\..\RunOnce: [javahg32.exe] C:\WINDOWS\system32\javahg32.exe
O4 - HKLM\..\RunOnce: [sdkzm32.exe] C:\WINDOWS\sdkzm32.exe
O4 - HKLM\..\RunOnce: [addvb.exe] C:\WINDOWS\system32\addvb.exe
O4 - HKLM\..\RunOnce: [appmj.exe] C:\WINDOWS\system32\appmj.exe
O4 - HKLM\..\RunOnce: [netle32.exe] C:\WINDOWS\system32\netle32.exe
O4 - HKLM\..\RunOnce: [d3zo.exe] C:\WINDOWS\d3zo.exe
O4 - HKLM\..\RunOnce: [ntxx32.exe] C:\WINDOWS\system32\ntxx32.exe
O4 - HKLM\..\RunOnce: [winiv32.exe] C:\WINDOWS\system32\winiv32.exe
O4 - HKLM\..\RunOnce: [sdkmq32.exe] C:\WINDOWS\system32\sdkmq32.exe
O4 - HKLM\..\RunOnce: [sdkmv.exe] C:\WINDOWS\sdkmv.exe
O4 - HKLM\..\RunOnce: [cryw32.exe] C:\WINDOWS\system32\cryw32.exe
O4 - HKLM\..\RunOnce: [javalk.exe] C:\WINDOWS\system32\javalk.exe
O4 - HKLM\..\RunOnce: [d3cz.exe] C:\WINDOWS\system32\d3cz.exe
O4 - HKLM\..\RunOnce: [sdkaf32.exe] C:\WINDOWS\system32\sdkaf32.exe
O4 - HKLM\..\RunOnce: [mfcyh32.exe] C:\WINDOWS\system32\mfcyh32.exe
O4 - HKLM\..\RunOnce: [ntfk32.exe] C:\WINDOWS\system32\ntfk32.exe
O4 - HKLM\..\RunOnce: [winsr32.exe] C:\WINDOWS\system32\winsr32.exe
O4 - HKLM\..\RunOnce: [ntme32.exe] C:\WINDOWS\ntme32.exe
O4 - HKLM\..\RunOnce: [apisz32.exe] C:\WINDOWS\system32\apisz32.exe
O4 - HKLM\..\RunOnce: [addrn.exe] C:\WINDOWS\system32\addrn.exe
O4 - HKLM\..\RunOnce: [sdkjn32.exe] C:\WINDOWS\system32\sdkjn32.exe
O4 - HKLM\..\RunOnce: [winxb.exe] C:\WINDOWS\winxb.exe
O4 - HKLM\..\RunOnce: [mfcyv32.exe] C:\WINDOWS\mfcyv32.exe
O4 - HKLM\..\RunOnce: [mfcgw.exe] C:\WINDOWS\mfcgw.exe
O4 - HKLM\..\RunOnce: [appdo32.exe] C:\WINDOWS\system32\appdo32.exe
O4 - HKLM\..\RunOnce: [appto.exe] C:\WINDOWS\system32\appto.exe
O4 - HKLM\..\RunOnce: [apisp.exe] C:\WINDOWS\system32\apisp.exe
O4 - HKLM\..\RunOnce: [javauk.exe] C:\WINDOWS\system32\javauk.exe
O4 - HKLM\..\RunOnce: [winze32.exe] C:\WINDOWS\winze32.exe
O4 - HKLM\..\RunOnce: [mseb.exe] C:\WINDOWS\mseb.exe
O4 - HKLM\..\RunOnce: [netnf32.exe] C:\WINDOWS\netnf32.exe
O4 - HKLM\..\RunOnce: [sdkhp32.exe] C:\WINDOWS\system32\sdkhp32.exe
O4 - HKLM\..\RunOnce: [sysiu.exe] C:\WINDOWS\sysiu.exe
O4 - HKLM\..\RunOnce: [d3si32.exe] C:\WINDOWS\d3si32.exe
O4 - HKLM\..\RunOnce: [ipzq.exe] C:\WINDOWS\system32\ipzq.exe
O4 - HKLM\..\RunOnce: [mfcmw.exe] C:\WINDOWS\system32\mfcmw.exe
O4 - HKLM\..\RunOnce: [netnn.exe] C:\WINDOWS\system32\netnn.exe
O4 - HKLM\..\RunOnce: [mshg32.exe] C:\WINDOWS\mshg32.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [NetGuard Lite] "C:\Program Files\FBM Software\ZeroSpyware Lite\NetGuard Lite.exe" -STARTUP
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Image Transfer.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted IP range: 64.127.104.144
O16 - DPF: {5A3C6507-730A-43B2-8EAC-4C430F2EF35E} (PortfolioManager Class) - https://portfoliomanager.westpac.com...liomanager.cab
O16 - DPF: {90A29DA5-D020-4B18-8660-6689520C7CD7} (DmiReader Class) - http://ftp.us.dell.com/fixes/PROFILER.CAB
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Network Security Service (__NS_Service_3) - Unknown owner - C:\WINDOWS\mshg32.exe" /s (file missing)
O23 - Service: Workstation NetLogon Service ( 6Q'8) - Unknown owner - C:\WINDOWS\apied32.exe
Last edited by dvk01 : 11-Mar-2005 03:38 AM.
Register for free to hide this ad!
dvk01's Avatar
Moderator with 27,565 posts.
  
Join Date: Dec 2002
Location: Loughton, Essex, UK
11-Mar-2005, 03:37 AM #2
Read all these instructions carefully, Print them out and download all the things mentioned before starting

First
Download the Hoster from here . UnZip the file and run hoster then press "Restore Original Hosts" and press "OK". Exit Program.

Click here to download AboutBuster created by Rubber Ducky.

Unzip AboutBuster to the Desktop then click the "Update Button" then click "Check for Update" and download the updates and then click "Exit" because I don't want you to run it yet. Just get the updates so it is ready to run later in safe mode.

download CWshredder from http://www.intermute.com/spysubtract..._download.html

Download and install AdAware SE from http://www.lavasoft.de/support/download if you haven't already got it. If you have it, then make sure it is updated and configured as described later in the post

Download pocket killbox from Download pocket killbox from http://www.thespykiller.co.uk/files/killbox.exe & put it on the desktop where you can find it easily

download http://www.mvps.org/winhelp2002/DelDomains.inf and place it of desktop
right click the file and select install, that will reset the trusted zone domains that have been wrongly placed there

Sign off the internet and remain offline until this procedure is complete. Unplug your modem or disconnect the cable or phone line. Copy these instructions to notepad and save them on your desktop for easy access. You must follow these directions exactly and you cannot skip any part of it.

Reboot into safe mode by following instructions here: http://service1.symantec.com/SUPPORT...01052409420406


Run hijackthis, tick these entries listed below and ONLY these entries, double check to make sure, then make sure all browser & email windows are closed and press fix checked


R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\xdden.dll/sp.html#96676
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\xdden.dll/sp.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\xdden.dll/sp.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\xdden.dll/sp.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\xdden.dll/sp.html#96676
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\xdden.dll/sp.html#96676
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\xdden.dll/sp.html#96676
R3 - Default URLSearchHook is missing

O2 - BHO: (no name) - {D1CD1D3E-77D8-5E66-C7CC-DEDD603B06F6} - C:\WINDOWS\system32\croh.dll

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [winta32.exe] C:\WINDOWS\system32\winta32.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\RunOnce: [ieoe32.exe] C:\WINDOWS\system32\ieoe32.exe
O4 - HKLM\..\RunOnce: [crfx.exe] C:\WINDOWS\crfx.exe
O4 - HKLM\..\RunOnce: [msdb32.exe] C:\WINDOWS\msdb32.exe
O4 - HKLM\..\RunOnce: [ntoa32.exe] C:\WINDOWS\ntoa32.exe
O4 - HKLM\..\RunOnce: [javank.exe] C:\WINDOWS\system32\javank.exe
O4 - HKLM\..\RunOnce: [atljp32.exe] C:\WINDOWS\atljp32.exe
O4 - HKLM\..\RunOnce: [addit32.exe] C:\WINDOWS\system32\addit32.exe
O4 - HKLM\..\RunOnce: [mfckl32.exe] C:\WINDOWS\mfckl32.exe
O4 - HKLM\..\RunOnce: [mssw32.exe] C:\WINDOWS\system32\mssw32.exe
O4 - HKLM\..\RunOnce: [d3ue.exe] C:\WINDOWS\system32\d3ue.exe
O4 - HKLM\..\RunOnce: [atlmm32.exe] C:\WINDOWS\atlmm32.exe
O4 - HKLM\..\RunOnce: [wingp32.exe] C:\WINDOWS\system32\wingp32.exe
O4 - HKLM\..\RunOnce: [appmr32.exe] C:\WINDOWS\system32\appmr32.exe
O4 - HKLM\..\RunOnce: [javakp.exe] C:\WINDOWS\system32\javakp.exe
O4 - HKLM\..\RunOnce: [msmc32.exe] C:\WINDOWS\system32\msmc32.exe
O4 - HKLM\..\RunOnce: [mfchm.exe] C:\WINDOWS\mfchm.exe
O4 - HKLM\..\RunOnce: [nthd32.exe] C:\WINDOWS\system32\nthd32.exe
O4 - HKLM\..\RunOnce: [addox32.exe] C:\WINDOWS\system32\addox32.exe
O4 - HKLM\..\RunOnce: [ipor32.exe] C:\WINDOWS\system32\ipor32.exe
O4 - HKLM\..\RunOnce: [crlb32.exe] C:\WINDOWS\crlb32.exe
O4 - HKLM\..\RunOnce: [sdksc32.exe] C:\WINDOWS\sdksc32.exe
O4 - HKLM\..\RunOnce: [msdt.exe] C:\WINDOWS\msdt.exe
O4 - HKLM\..\RunOnce: [ipsz.exe] C:\WINDOWS\ipsz.exe
O4 - HKLM\..\RunOnce: [netfk.exe] C:\WINDOWS\netfk.exe
O4 - HKLM\..\RunOnce: [ipcs32.exe] C:\WINDOWS\system32\ipcs32.exe
O4 - HKLM\..\RunOnce: [sysrf32.exe] C:\WINDOWS\sysrf32.exe
O4 - HKLM\..\RunOnce: [mskf32.exe] C:\WINDOWS\mskf32.exe
O4 - HKLM\..\RunOnce: [sysih32.exe] C:\WINDOWS\sysih32.exe
O4 - HKLM\..\RunOnce: [ipbh.exe] C:\WINDOWS\ipbh.exe
O4 - HKLM\..\RunOnce: [sysct.exe] C:\WINDOWS\sysct.exe
O4 - HKLM\..\RunOnce: [crzc32.exe] C:\WINDOWS\crzc32.exe
O4 - HKLM\..\RunOnce: [sysna.exe] C:\WINDOWS\sysna.exe
O4 - HKLM\..\RunOnce: [javahg32.exe] C:\WINDOWS\system32\javahg32.exe
O4 - HKLM\..\RunOnce: [sdkzm32.exe] C:\WINDOWS\sdkzm32.exe
O4 - HKLM\..\RunOnce: [addvb.exe] C:\WINDOWS\system32\addvb.exe
O4 - HKLM\..\RunOnce: [appmj.exe] C:\WINDOWS\system32\appmj.exe
O4 - HKLM\..\RunOnce: [netle32.exe] C:\WINDOWS\system32\netle32.exe
O4 - HKLM\..\RunOnce: [d3zo.exe] C:\WINDOWS\d3zo.exe
O4 - HKLM\..\RunOnce: [ntxx32.exe] C:\WINDOWS\system32\ntxx32.exe
O4 - HKLM\..\RunOnce: [winiv32.exe] C:\WINDOWS\system32\winiv32.exe
O4 - HKLM\..\RunOnce: [sdkmq32.exe] C:\WINDOWS\system32\sdkmq32.exe
O4 - HKLM\..\RunOnce: [sdkmv.exe] C:\WINDOWS\sdkmv.exe
O4 - HKLM\..\RunOnce: [cryw32.exe] C:\WINDOWS\system32\cryw32.exe
O4 - HKLM\..\RunOnce: [javalk.exe] C:\WINDOWS\system32\javalk.exe
O4 - HKLM\..\RunOnce: [d3cz.exe] C:\WINDOWS\system32\d3cz.exe
O4 - HKLM\..\RunOnce: [sdkaf32.exe] C:\WINDOWS\system32\sdkaf32.exe
O4 - HKLM\..\RunOnce: [mfcyh32.exe] C:\WINDOWS\system32\mfcyh32.exe
O4 - HKLM\..\RunOnce: [ntfk32.exe] C:\WINDOWS\system32\ntfk32.exe
O4 - HKLM\..\RunOnce: [winsr32.exe] C:\WINDOWS\system32\winsr32.exe
O4 - HKLM\..\RunOnce: [ntme32.exe] C:\WINDOWS\ntme32.exe
O4 - HKLM\..\RunOnce: [apisz32.exe] C:\WINDOWS\system32\apisz32.exe
O4 - HKLM\..\RunOnce: [addrn.exe] C:\WINDOWS\system32\addrn.exe
O4 - HKLM\..\RunOnce: [sdkjn32.exe] C:\WINDOWS\system32\sdkjn32.exe
O4 - HKLM\..\RunOnce: [winxb.exe] C:\WINDOWS\winxb.exe
O4 - HKLM\..\RunOnce: [mfcyv32.exe] C:\WINDOWS\mfcyv32.exe
O4 - HKLM\..\RunOnce: [mfcgw.exe] C:\WINDOWS\mfcgw.exe
O4 - HKLM\..\RunOnce: [appdo32.exe] C:\WINDOWS\system32\appdo32.exe
O4 - HKLM\..\RunOnce: [appto.exe] C:\WINDOWS\system32\appto.exe
O4 - HKLM\..\RunOnce: [apisp.exe] C:\WINDOWS\system32\apisp.exe
O4 - HKLM\..\RunOnce: [javauk.exe] C:\WINDOWS\system32\javauk.exe
O4 - HKLM\..\RunOnce: [winze32.exe] C:\WINDOWS\winze32.exe
O4 - HKLM\..\RunOnce: [mseb.exe] C:\WINDOWS\mseb.exe
O4 - HKLM\..\RunOnce: [netnf32.exe] C:\WINDOWS\netnf32.exe
O4 - HKLM\..\RunOnce: [sdkhp32.exe] C:\WINDOWS\system32\sdkhp32.exe
O4 - HKLM\..\RunOnce: [sysiu.exe] C:\WINDOWS\sysiu.exe
O4 - HKLM\..\RunOnce: [d3si32.exe] C:\WINDOWS\d3si32.exe
O4 - HKLM\..\RunOnce: [ipzq.exe] C:\WINDOWS\system32\ipzq.exe
O4 - HKLM\..\RunOnce: [mfcmw.exe] C:\WINDOWS\system32\mfcmw.exe
O4 - HKLM\..\RunOnce: [netnn.exe] C:\WINDOWS\system32\netnn.exe
O4 - HKLM\..\RunOnce: [mshg32.exe] C:\WINDOWS\mshg32.exe

O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

O15 - Trusted IP range: 64.127.104.144

O23 - Service: Network Security Service (__NS_Service_3) - Unknown owner - C:\WINDOWS\mshg32.exe" /s (file missing)
O23 - Service: Workstation NetLogon Service ( 6Q'8) - Unknown owner - C:\WINDOWS\apied32.exe


now run killbox and paste the first one of these lines into the box, select delete on reboot then press the red X button,say yes to the prompt but NO to the reboot now prompt

then repeat with each line in turn, if it says file missing or if it says unable to delete then make a note of the files and report back at the end

C:\WINDOWS\apied32.exe
C:\WINDOWS\mshg32.exe
C:\WINDOWS\system32\winta32.exe
C:\WINDOWS\system32\croh.dll
C:\WINDOWS\system32\xdden.dll
C:\WINDOWS\system32\ieoe32.exe
C:\WINDOWS\crfx.exe
C:\WINDOWS\msdb32.exe
C:\WINDOWS\ntoa32.exe
C:\WINDOWS\system32\javank.exe
C:\WINDOWS\atljp32.exe
C:\WINDOWS\system32\addit32.exe
C:\WINDOWS\mfckl32.exe
C:\WINDOWS\system32\mssw32.exe
C:\WINDOWS\system32\d3ue.exe
C:\WINDOWS\atlmm32.exe
C:\WINDOWS\system32\wingp32.exe
C:\WINDOWS\system32\appmr32.exe
C:\WINDOWS\system32\javakp.exe
C:\WINDOWS\system32\msmc32.exe
C:\WINDOWS\mfchm.exe
C:\WINDOWS\system32\nthd32.exe
C:\WINDOWS\system32\addox32.exe
C:\WINDOWS\system32\ipor32.exe
C:\WINDOWS\crlb32.exe
C:\WINDOWS\sdksc32.exe
C:\WINDOWS\msdt.exe
C:\WINDOWS\ipsz.exe
C:\WINDOWS\netfk.exe
C:\WINDOWS\system32\ipcs32.exe
C:\WINDOWS\sysrf32.exe
C:\WINDOWS\mskf32.exe
C:\WINDOWS\sysih32.exe
C:\WINDOWS\ipbh.exe
C:\WINDOWS\sysct.exe
C:\WINDOWS\crzc32.exe
C:\WINDOWS\sysna.exe
C:\WINDOWS\system32\javahg32.exe
C:\WINDOWS\sdkzm32.exe
C:\WINDOWS\system32\addvb.exe
C:\WINDOWS\system32\appmj.exe
C:\WINDOWS\system32\netle32.exe
C:\WINDOWS\d3zo.exe
C:\WINDOWS\system32\ntxx32.exe
C:\WINDOWS\system32\winiv32.exe
C:\WINDOWS\system32\sdkmq32.exe
C:\WINDOWS\sdkmv.exe
C:\WINDOWS\system32\cryw32.exe
C:\WINDOWS\system32\javalk.exe
C:\WINDOWS\system32\d3cz.exe
C:\WINDOWS\system32\sdkaf32.exe
C:\WINDOWS\system32\mfcyh32.exe
C:\WINDOWS\system32\ntfk32.exe
C:\WINDOWS\system32\winsr32.exe
C:\WINDOWS\ntme32.exe
C:\WINDOWS\system32\apisz32.exe
C:\WINDOWS\system32\addrn.exe
C:\WINDOWS\system32\sdkjn32.exe
C:\WINDOWS\winxb.exe
C:\WINDOWS\mfcyv32.exe
C:\WINDOWS\mfcgw.exe
C:\WINDOWS\system32\appdo32.exe
C:\WINDOWS\system32\appto.exe
C:\WINDOWS\system32\apisp.exe
C:\WINDOWS\system32\javauk.exe
C:\WINDOWS\winze32.exe
C:\WINDOWS\mseb.exe
C:\WINDOWS\netnf32.exe
C:\WINDOWS\system32\sdkhp32.exe
C:\WINDOWS\sysiu.exe
C:\WINDOWS\d3si32.exe
C:\WINDOWS\system32\ipzq.exe
C:\WINDOWS\system32\mfcmw.exe
C:\WINDOWS\system32\netnn.exe
C:\WINDOWS\mshg32.exe

then on the killbox top bar press tools/delete temp files and say yes to the prompt


Now Run CWSHREDDER
Close all browser windows, click on the cwshredder.exe then click "FIX" (Not "Scan only") and let it do it's thing.

Next run aboutbuster. Double click aboutbuster.exe, click OK, click Start, then click OK. This will scan your computer for the bad files and delete them.

then as some of the files or folders you need to delete may be hidden do this:
Open Windows Explorer & Go to Tools > Folder Options. Click on the View tab and make sure that "Show hidden files and folders" is checked. Also uncheck "Hide protected operating system files" and untick "hide extensions for known file types" . Now click "Apply to all folders"
Click "Apply" then "OK"


then go to C:\windows\temp and select EVERYTHING and delete all that and then do the same for C:\temp

1) Open Control Panel
2) Click on Internet Options
3) On the General Tab, in the middle of the screen, click on Delete Files
4) You may also want to check the box "Delete all offline content"
5) Click on OK and wait for the hourglass icon to stop after it deletes the temporary internet files
6) You can now click on Delete Cookies and click OK to delete cookies that websites have placed on your hard drive

then
Run ADAWARE

Before you scan with AdAware, check for updates of the reference file by using the "webupdate".
the current ref file should read at least SE1R32 09.03.2005 or a higher number/later date

Set up the Configurations as follows:

General Button
Safety:
Check (Green) all three.

Click on "Proceed"

Please deselect "Search for negligible risk entries", as negligible risk entries (MRU's) are not considered to be a threat.

Click on "Scan Now"

Run the scanner using the Full Scan (Perform full system scan) mode.

When scan is finished, mark everything for removal and get rid of it. (Right-click the window and choose"select all" from the drop down menu) then press next and then say yes to the prompt, do you want to remove all these entries.

NOW REBOOT

Run an online antivirus check from
http://housecall.trendmicro.com/

Make sure autoclean is ticked

reboot again

These hijackers are known to alter or delete certain files so check this out please:

If you have Spybot S&D installed you will also need to replace one file.
Go here and download SDHelper.dll. Copy the file to the folder containing you Spybot S&D program (normally C:\Program Files\Spybot - Search & Destroy)

Check in the System32 folder to be sure you have a file named Shell.dll. If you do not have one, go to System32\dllcache
Find shell.dll and right click on it. Choose Copy from the menu.
Open System32 and right click on an empty space in the window. Choose Paste from the menu.


control.exe may have been deleted.
See if control.exe is present in C:\windows\system32

If control.exe isn't there, go here, and download control.exe per the instructions at the site.

IMPORTANT!: Please check your ActiveX security settings. They may have been changed by this CWS variant to allow ALL ActiveX!! If they have been changed, reset your active x security settings in IE as recommended by opening IE/tools/options/security and press internet zone, then press default settings and OK


then post a new HJT log please
__________________
Derek Microsoft MVP/Windows - Security Thespykiller | Security & Privacy
I am helping you, please help me by donating to help keep the Hedgehog Rescue Centre running
ajeffrey's Avatar
Junior Member with 3 posts.
  
Join Date: Mar 2005
Experience: Beginner
12-Mar-2005, 01:04 AM #3
Re-post of HJT log
Thanks very much.
All instructions followed.
Here is the new log of HJT.

AJ

=============================

Logfile of HijackThis v1.99.1
Scan saved at 5:02:28 PM, on 3/12/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Logitech\ImageStudio\LogiTray.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Winamp3\winampa.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\LVComS.exe
C:\Program Files\Logitech\ImageStudio\LowLight.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\FBM Software\ZeroSpyware Lite\NetGuard Lite.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Adam\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.iinet.net.au/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp3\winampa.exe"
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [NetGuard Lite] "C:\Program Files\FBM Software\ZeroSpyware Lite\NetGuard Lite.exe" -STARTUP
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Image Transfer.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall-beta.trendmicro.com...ll/xscan60.cab
O16 - DPF: {5A3C6507-730A-43B2-8EAC-4C430F2EF35E} (PortfolioManager Class) - https://portfoliomanager.westpac.com...liomanager.cab
O16 - DPF: {90A29DA5-D020-4B18-8660-6689520C7CD7} (DmiReader Class) - http://ftp.us.dell.com/fixes/PROFILER.CAB
O17 - HKLM\System\CCS\Services\Tcpip\..\{07A87093-5944-4483-B01A-48A5C05E025F}: NameServer = 203.0.178.191
O17 - HKLM\System\CS1\Services\Tcpip\..\{07A87093-5944-4483-B01A-48A5C05E025F}: NameServer = 203.0.178.191
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
dvk01's Avatar
Moderator with 27,565 posts.
  
Join Date: Dec 2002
Location: Loughton, Essex, UK
12-Mar-2005, 01:54 AM #4
that looks a lot better

has it all cleared up or are you still having any problems

Turn off system restore by following instructions here
http://service1.symantec.com/SUPPORT...01111912274039
That will purge the restore folder and clear any malware that has been put in there. Then reboot & then re-enable sytem restore & create a new restore point.

go here http://forums.techguy.org/t208517/s.html for info on how to tighten your security settings and how to help prevent future attacks.

and pay an urgent visit to windows update & get the bunch of new updates that are alleged to plug the security holes that let these pests on in the first place
__________________
Derek Microsoft MVP/Windows - Security Thespykiller | Security & Privacy
I am helping you, please help me by donating to help keep the Hedgehog Rescue Centre running
ajeffrey's Avatar
Junior Member with 3 posts.
  
Join Date: Mar 2005
Experience: Beginner
12-Mar-2005, 10:42 PM #5
Derek

Thanks very much for your help!
everything is working again now - and is actually much faster!!

Cheers
AJ
Closed Thread Bookmark and Share

THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Smart Search

Find your solution!

« Previous Thread | Malware Removal & HijackThis Logs | Next Thread »

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
WELCOME TO TECH SUPPORT GUY! Are you looking for the solution to your computer problem? Join our site today to ask your question -- for free! Our site is run completely by volunteers who want to help you solve your computer problems. See our Welcome Guide to get started.

Thread Tools


Twitter Twitter! | Podcast | Mobile | Advertise
Contact Us - HelpOnThe.Net - Archive - Terms of Service - Top
You Are Using:
Server ID
Advertisements do not imply our endorsement of that product or service.
All times are GMT -5. The time now is 07:08 PM.
Copyright © 1996 - 2009 TechGuy, Inc. All rights reserved.
Powered by vBulletin, Copyright © 2000 - 2009, Jelsoft Enterprises Ltd.
 Powered by Cermak Technologies, Inc.