need help again, could you please assist?

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

camsr2000

Thread Starter
Joined
Jul 21, 2009
Messages
185
gentlemen;
i had tried this forum before and received some help, most was resolved, thank you very much. but i was hoping to figure it out in time as things got busy. my computer is running slower and slower as time goes on. also, i have not been able to re-hide the "hidden files" i believe some issues still remain. could you please review my HJT log and see if you see anything unusual? thanks again

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:58:17 PM, on 3/31/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Kodak\AiO\Center\ekdiscovery.exe
C:\WINDOWS\system32\lxctcoms.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfsem.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.18.0\QOELoader.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Common Files\AOL\1253336607\ee\AOLSoftware.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\aol\1253336607\ee\aolsoftware.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: AOL Toolbar Search Class - {f0e98552-8e47-4c6c-9b3a-11ab0549f94d} - C:\Program Files\AOL Toolbar\aoltb.dll
R3 - URLSearchHook: AIM Toolbar Search Class - {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll
O2 - BHO: AOL Toolbar Loader - {3ef64538-8b54-4573-b48f-4d34b0238ab2} - C:\Program Files\AOL Toolbar\aoltb.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\DOCUME~1\CJ\Desktop\SPYBOT~1\SDHelper.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: AIM Toolbar Loader - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: AIM Toolbar - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll
O3 - Toolbar: AOL Toolbar - {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - C:\Program Files\AOL Toolbar\aoltb.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [QOELOADER] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.18.0\QOELoader.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe"
O4 - HKLM\..\Run: [cafwc] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe -cl
O4 - HKLM\..\Run: [capfasem] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
O4 - HKLM\..\Run: [capfupgrade] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1253336607\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [Conime] %windir%\system32\conime.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [EKIJ5000StatusMonitor] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\DOCUME~1\CJ\Desktop\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\DOCUME~1\CJ\Desktop\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {138E6DC9-722B-4F4B-B09D-95D191869696} (Bebo Uploader Control) - http://www.bebo.com/files/BeboUploader.5.8.05.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.1.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} (Verizon Wireless Media Upload) - http://picture.vzw.com/activex/VerizonWirelessUploadControl.cab
O16 - DPF: {B6827EA8-89DD-42CD-8E39-8D9432DCF302} - http://www.attrealyponline.com/Desktop-Icon.exe
O16 - DPF: {C52439A0-2693-4E40-B141-9F9AD5257241} (Lexmark eDiagnostics Class) - https://ediagnostics.lexmark.com/serval.cab
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\eMachines Games\eMachines Game Console\GameConsoleService.exe
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
O23 - Service: Kodak AiO Network Discovery Service - Eastman Kodak Company - C:\Program Files\Kodak\AiO\Center\ekdiscovery.exe
O23 - Service: lxct_device - - C:\WINDOWS\system32\lxctcoms.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PPCtlPriv - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: HIPS Event Manager (UmxAgent) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
O23 - Service: HIPS Configuration Interpreter (UmxCfg) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
O23 - Service: HIPS Firewall Helper (UmxFwHlp) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
O23 - Service: HIPS Policy Manager (UmxPol) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe

--
End of file - 12333 bytes
 

camsr2000

Thread Starter
Joined
Jul 21, 2009
Messages
185
i also tried to remove spybot and norton but as i looked over the HJT log it appears to have some mentions of them both. i went through the add or remove to remove spybot again since i ran HJT, but i wasn't sure about the symantec part. isn't that from norton?
 

dvk01

Derek
Retired Moderator Retired Malware Specialist
Joined
Dec 14, 2002
Messages
56,452
Delete any existing version of ComboFix you have sitting on your desktop
Please read and follow all these instructions very carefully

Download ComboFix from Here to your Desktop.

**Note: It is important that it is saved directly to your desktop and run from the desktop and not any other folder on your computer**
--------------------------------------------------------------------
1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

  • Very Important! Temporarily disable your anti-virus and anti-malware real-time protection and any script blocking components of them or your firewall before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results" or stop combofix running at all
  • Click on THIS LINK to see instructions on how to temporarily disable many security programs while running combofix. The list does not cover every program. If yours is not listed and you don't know how to disable it, please ask.
  • Remember to re enable the protection again after combofix has finished
--------------------------------------------------------------------
2. Close any open browsers and any other programs you might have running
Double click on combofix.exe & follow the prompts.​
If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?"
Please select yes & let it download the files it needs to do this
When finished, it will produce a report for you.
Please post the "C:\ComboFix.txt" for further review


****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****

Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell us when you reply. Read HERE why we disable autoruns

Please do not install any new programs or update anything (always allow your antivirus/antispyware to update) unless told to do so while we are fixing your problem. If combofix alerts to a new version and offers to update, please let it. It is essential we always use the latest version.
 

camsr2000

Thread Starter
Joined
Jul 21, 2009
Messages
185
ComboFix 10-05-02.01 - Owner 05/02/2010 19:02:22.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.895.362 [GMT -5:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
AV: CA Anti-Virus *On-access scanning disabled* (Updated) {17CFD1EA-56CF-40B5-A06B-BD3A27397C93}
FW: CA Personal Firewall *disabled* {14CB4B80-8E52-45EA-905E-67C1267B4160}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Monica\My Documents\spider.exe
c:\program files\WindowsUpdate
D:\Autorun.inf.vir

c:\windows\system32\proquota.exe was missing
Restored copy from - c:\windows\ServicePackFiles\i386\proquota.exe

.
((((((((((((((((((((((((( Files Created from 2010-04-03 to 2010-05-03 )))))))))))))))))))))))))))))))
.

2010-05-03 00:12 . 2008-04-14 00:12 50176 -c--a-w- c:\windows\system32\dllcache\proquota.exe
2010-05-03 00:12 . 2008-04-14 00:12 50176 ----a-w- c:\windows\system32\proquota.exe
2010-04-10 21:17 . 2010-04-11 12:42 -------- d-----w- c:\documents and settings\All Users\Application Data\CA-SupportBridge
2010-04-09 02:13 . 2010-05-02 15:02 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\AskToolbar
2010-04-09 00:46 . 2010-04-09 00:46 33850672 ----a-w- c:\program files\QuickTimeInstaller.exe
2010-04-04 19:36 . 2010-04-04 19:36 -------- d-----w- c:\documents and settings\Monica\Local Settings\Application Data\Eastman Kodak Company
2010-04-04 15:48 . 2010-04-05 17:38 -------- d-----w- c:\documents and settings\Owner\Application Data\IObit
2010-04-04 15:47 . 2010-04-09 01:40 7184528 ----a-w- c:\program files\asc-setup.exe
2010-04-04 14:33 . 2010-04-05 17:40 -------- d-----w- c:\documents and settings\All Users\Application Data\IObit
2010-04-04 14:33 . 2010-04-04 15:48 -------- d-----w- c:\program files\IObit
2010-04-04 14:31 . 2010-04-28 01:22 -------- d-----w- c:\program files\is360setup141
2010-04-04 00:47 . 2010-04-04 00:47 -------- d-----w- c:\documents and settings\CJ\Local Settings\Application Data\Eastman Kodak Company

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-03 00:16 . 2010-01-30 19:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Kodak
2010-05-03 00:15 . 2009-07-28 01:26 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k7
2010-05-03 00:15 . 2009-07-28 01:26 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k6
2010-05-03 00:15 . 2009-07-28 01:26 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k5
2010-05-03 00:15 . 2009-07-28 01:26 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k4
2010-05-03 00:15 . 2009-07-28 01:26 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k3
2010-05-03 00:15 . 2009-07-28 01:26 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k2
2010-05-03 00:15 . 2009-07-28 01:26 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k1
2010-05-03 00:15 . 2009-07-28 01:26 313998 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k0
2010-05-02 02:15 . 2008-10-22 03:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2010-04-30 21:31 . 2009-02-02 00:13 -------- d-----w- c:\documents and settings\TEMP\Application Data\FrostWire
2010-04-29 22:42 . 2008-08-21 01:44 -------- d-----w- c:\documents and settings\CJ\Application Data\FrostWire
2010-04-28 01:20 . 2009-08-04 02:39 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-13 10:38 . 2008-08-17 21:12 -------- d-----w- c:\documents and settings\Owner\Application Data\FrostWire
2010-04-13 10:21 . 2009-09-19 05:03 -------- d-----w- c:\program files\Common Files\aol
2010-04-11 13:09 . 2010-04-11 13:09 41470 ----a-w- c:\program files\livelog-2010-04-11.html
2010-04-10 14:21 . 2010-04-02 04:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2010-04-04 17:45 . 2010-02-05 00:33 -------- d-----w- c:\documents and settings\TEMP\Application Data\Temp
2010-04-03 21:15 . 2008-06-03 08:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-04-02 04:13 . 2008-05-27 06:21 -------- d-----w- c:\documents and settings\Owner\Application Data\Yahoo!
2010-04-02 04:11 . 2008-05-27 06:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2010-04-02 04:11 . 2008-05-27 06:14 -------- d-----w- c:\program files\Yahoo!
2010-03-29 23:11 . 2010-01-30 19:13 -------- d-----w- c:\program files\Glary Utilities
2010-03-26 00:25 . 2008-05-27 09:38 2512 ----a-w- c:\documents and settings\Owner\Application Data\wklnhst.dat
2010-03-25 18:43 . 2010-01-30 19:48 -------- d-----w- c:\program files\Kodak
2010-03-07 07:29 . 2008-06-03 17:49 -------- d-----w- c:\documents and settings\CJ\Application Data\AOL
2010-02-08 17:06 . 2010-03-25 18:42 409600 ----a-w- c:\windows\system32\EKIJ5000MON.dll
2010-02-08 17:05 . 2010-03-25 18:42 131072 ----a-w- c:\windows\system32\EKIJCOINST07.dll
2010-02-08 16:47 . 2010-02-08 16:47 1924200 ----a-w- c:\program files\install_flash_player.exe
2010-01-30 19:12 . 2010-01-30 19:12 7588832 ----a-w- c:\program files\gusetup.exe
2009-09-13 04:12 . 2009-09-13 04:12 11614592 ----a-w- c:\program files\mpas-fe.exe
2009-09-05 02:59 . 2009-09-05 02:59 7523217 ----a-w- c:\program files\frostwire-4.18.1.windows.exe
2009-08-20 01:10 . 2009-08-20 01:10 3440720 ----a-w- c:\program files\WG_US_walgreens-agent.exe
2008-06-25 02:01 . 2008-06-25 02:01 2788800 ----a-w- c:\program files\FLV PlayerFCSetup.exe
2008-06-25 02:00 . 2008-06-25 02:00 7710016 ----a-w- c:\program files\FLV PlayerRCATSetup.exe
2008-06-25 01:59 . 2008-06-25 01:59 411248 ----a-w- c:\program files\FLV PlayerRCSetup.exe
2004-08-04 19:00 . 2009-07-26 17:39 257729 ----a-w- c:\program files\SPIDER.EX_
2008-09-06 18:23 . 2008-09-06 18:23 122880 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2007-03-09 07:12 . 2007-03-09 07:12 27648 --sha-w- c:\windows\system32\AVSredirect.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2009-11-19 00:40 1196936 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-11-19 1196936]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-11-19 1196936]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Advanced SystemCare 3"="c:\program files\IObit\Advanced SystemCare 3\AWC.exe" [2010-03-29 2343120]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-31 7634944]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-31 86016]
"RTHDCPL"="RTHDCPL.EXE" [2007-09-27 16844800]
"SkyTel"="SkyTel.EXE" [2007-08-03 1826816]
"cctray"="c:\program files\CA\CA Internet Security Suite\cctray\cctray.exe" [2009-08-07 177392]
"QOELOADER"="c:\program files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.18.0\QOELoader.exe" [2009-07-27 14088]
"CAVRID"="c:\program files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe" [2009-12-02 230664]
"cafwc"="c:\program files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe" [2009-08-07 1193200]
"capfasem"="c:\program files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe" [2009-08-07 173296]
"capfupgrade"="c:\program files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe" [2009-08-07 259312]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-04 866584]
"HostManager"="c:\program files\Common Files\AOL\1253336607\ee\AOLSoftware.exe" [2009-07-20 41264]
"Conime"="c:\windows\system32\conime.exe" [2008-04-14 27648]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-01-23 141608]
"EKIJ5000StatusMonitor"="c:\windows\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe" [2010-02-08 1634304]
"IObit Security 360"="c:\program files\IObit\IObit Security 360\IS360tray.exe" [2009-12-24 1280272]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]

c:\documents and settings\TEMP\Start Menu\Programs\Startup\
FrostWire On Startup.lnk - c:\program files\FrostWire\FrostWire.exe [2010-2-10 114688]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PFW]
2007-05-18 18:30 79368 ----a-w- c:\windows\system32\UmxWNP.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\CA Personal Firewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\aol\\acs\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\aol\\acs\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\aol\\TopSpeed\\3.0\\aoltpsd3.exe"=
"c:\\Program Files\\Common Files\\aol\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\aol\\System Information\\sinf.exe"=
"c:\\WINDOWS\\system32\\lxctcoms.exe"=
"c:\\Program Files\\FrostWire\\FrostWire.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Common Files\\aol\\1253336607\\ee\\aolsoftware.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\AOL 9.5\\waol.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Kodak\\AiO\\Center\\AiOHomeCenter.exe"=
"c:\\Program Files\\Kodak\\AiO\\Center\\Kodak.Statistics.exe"=
"c:\\Program Files\\Kodak\\AiO\\Center\\NetworkPrinterDiscovery.exe"=
"c:\\Program Files\\Kodak\\AiO\\Firmware\\KodakAiOUpdater.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\Kodak\\Installer\\Setup.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9322:TCP"= 9322:TCP:EKDiscovery

R0 KmxStart;KmxStart;c:\windows\system32\drivers\KmxStart.sys [6/24/2008 7:08 PM 93712]
R1 KmxAgent;KmxAgent;c:\windows\system32\drivers\KmxAgent.sys [6/24/2008 7:08 PM 63504]
R1 KmxFile;KmxFile;c:\windows\system32\drivers\KmxFile.sys [6/24/2008 7:08 PM 45584]
R1 KmxFw;KmxFw;c:\windows\system32\drivers\KmxFw.sys [6/24/2008 7:08 PM 115216]
R2 IS360service;IS360service;c:\program files\IObit\IObit Security 360\is360srv.exe [4/4/2010 9:33 AM 311568]
R2 KmxCF;KmxCF;c:\windows\system32\drivers\KmxCF.sys [6/24/2008 7:08 PM 134648]
R2 KmxSbx;KmxSbx;c:\windows\system32\drivers\KmxSbx.sys [6/24/2008 7:08 PM 66576]
R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files\Kodak\AiO\Center\ekdiscovery.exe [2/11/2010 3:36 PM 300400]
R2 UmxAgent;HIPS Event Manager;c:\program files\CA\SharedComponents\HIPSEngine\UmxAgent.exe [10/18/2007 10:24 AM 1010192]
R2 UmxCfg;HIPS Configuration Interpreter;c:\program files\CA\SharedComponents\HIPSEngine\UmxCfg.exe [10/18/2007 10:24 AM 801296]
R2 UmxPol;HIPS Policy Manager;c:\program files\CA\SharedComponents\HIPSEngine\UmxPol.exe [6/24/2008 7:10 PM 281104]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
R3 KmxCfg;KmxCfg;c:\windows\system32\drivers\KmxCfg.sys [6/24/2008 7:08 PM 88816]
R3 PPCtlPriv;PPCtlPriv;c:\program files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe [8/16/2007 9:10 PM 189704]
S3 el575nd5;3Com Megahertz 10/100 LAN CardBus PC Card Driver;c:\windows\system32\drivers\el575ND5.sys [6/30/2006 11:44 PM 69692]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [11/9/2007 11:06 PM 29744]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder

2010-04-23 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 18:34]

2010-03-25 c:\windows\Tasks\CAAntiSpywareScan_Daily as Owner at 6 42 PM.job
- c:\program files\CA\CA Internet Security Suite\CA Anti-Spyware\CAAntiSpyware.exe [2007-08-17 02:10]

2010-05-03 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2010-01-30 01:44]

2010-05-03 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-11-10 22:03]

2010-05-03 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 00:20]

2010-05-03 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2009-11-19 00:40]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.aol.com
mStart Page = hxxp://www.google.com
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
LSP: c:\windows\system32\VetRedir.dll
DPF: {B6827EA8-89DD-42CD-8E39-8D9432DCF302} - hxxp://www.attrealyponline.com/Desktop-Icon.exe
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\2sp61ao9.default\
FF - prefs.js: browser.search.defaulturl - hxxp://aim.search.aol.com/search/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us
FF - prefs.js: browser.startup.homepage - hxxp://www.aol.com
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50-ff-aim-ab-en-us&query=
FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - plugin: c:\documents and settings\CJ\Application Data\Move Networks\plugins\npqmp071505000011.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(yahoo.ytff.general.dontshowhpoffer, truec:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-02 19:17
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(700)
c:\windows\system32\UmxWnp.Dll
c:\program files\CA\SharedComponents\PPRT\bin\CACheck.dll
c:\program files\CA\SharedComponents\PPRT\bin\CAHook.dll
c:\program files\CA\SharedComponents\PPRT\bin\CAServer.dll

- - - - - - - > 'lsass.exe'(756)
c:\windows\system32\VetRedir.dll
c:\windows\system32\ISafeIf.dll

- - - - - - - > 'explorer.exe'(5744)
c:\windows\system32\WININET.dll
c:\program files\CA\SharedComponents\PPRT\bin\CACheck.dll
c:\program files\CA\SharedComponents\PPRT\bin\CAHook.dll
c:\program files\CA\SharedComponents\PPRT\bin\CAServer.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
c:\program files\Common Files\AOL\ACS\AOLAcsd.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
c:\program files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
c:\windows\system32\lxctcoms.exe
c:\program files\CDBurnerXP\NMSAccessU.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files\CA\CA Internet Security Suite\CA Personal Firewall\capfsem.exe
c:\windows\system32\wscntfy.exe
c:\windows\RTHDCPL.EXE
c:\program files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe
c:\program files\CA\CA Internet Security Suite\ccprovsp.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\IObit\IObit Security 360\is360.exe
.
**************************************************************************
.
Completion time: 2010-05-02 19:34:05 - machine was rebooted
ComboFix-quarantined-files.txt 2010-05-03 00:33
ComboFix2.txt 2009-08-31 12:49

Pre-Run: 26,405,711,872 bytes free
Post-Run: 29,428,080,640 bytes free

- - End Of File - - E6109CDBCD93380BF97F553440CF4388
 

dvk01

Derek
Retired Moderator Retired Malware Specialist
Joined
Dec 14, 2002
Messages
56,452
how is it now
 

camsr2000

Thread Starter
Joined
Jul 21, 2009
Messages
185
seems to be working better, what did it do? were there viruses removed?
 

dvk01

Derek
Retired Moderator Retired Malware Specialist
Joined
Dec 14, 2002
Messages
56,452
combofix replaced a missing system file that malware removes or overwrites
it might have also mistakenly removed a legitimate file

please go to C:\qoobox & right click the quarantine foolder, select send to compressed(zip) folder

that makes a zipped copy of the quarantine folder

please upload that to http://www.thespykiller.co.uk/index.php?board=1.0 so we can examine the files

Just press new topic, fill in the needed details and just give a link to your post here & then press the browse button and then navigate to & select the files on your computer, When the file is listed in the windows press send to upload the file
 

camsr2000

Thread Starter
Joined
Jul 21, 2009
Messages
185
was i supposed to give you a link to the "spykiller" post? or place a link to this thread over there? i'll do bothhttp://thespykiller.co.uk/index.php/topic,9234.msg37063.html#msg37063
 

dvk01

Derek
Retired Moderator Retired Malware Specialist
Joined
Dec 14, 2002
Messages
56,452
the file it removed. spider.exe is a genuine microsoft file but was in wrong place, so it appeared to be malware

it is the spider solitaire from microsoft
did you download it from somewhere or did it just happen to get in my docs instead of where it normally sits

we can restore it, if you want to

let us know please
 

camsr2000

Thread Starter
Joined
Jul 21, 2009
Messages
185
i believe it may have been moved by the previous virus, it had been disabled. Spider Solitaire is a favorite of mine, however, i still have it, i'm not sure if i copied it or how i still have it. so my computer is now clean? did combo fix repair any viruses?
 

dvk01

Derek
Retired Moderator Retired Malware Specialist
Joined
Dec 14, 2002
Messages
56,452
yes combofix did fix a few things

*Follow these steps to uninstall Combofix and the other tools it downloaded to remove the malware*
* Click START then RUN
* Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the /U, it needs to be there.


This will also purge the restore folder and clear any malware that has been put in there. Now Empty Recycle bin on desktop Then reboot.

go here http://www.thespykiller.co.uk/index.php?page=3 for info on how to tighten your security settings and how to help prevent future attacks.

and scan here http://secunia.com/software_inspector/ for out of date & vulnerable common applications on your computer and update whatever it suggests

Then pay an urgent visit to windows update & make sure you are fully updated, that will help to plug the security holes that let these pests on in the first place
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Members online

Top