1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Please Help - Trojan

Discussion in 'Virus & Other Malware Removal' started by CourtneyLeigh, Jul 4, 2007.

Thread Status:
Not open for further replies.
Advertisement
  1. CourtneyLeigh

    CourtneyLeigh Thread Starter

    Joined:
    Jun 15, 2007
    Messages:
    20
    please help me get rid of any viruses that my computer may have.
    Im not sure the name of this one but at some point Torjan something came up. Now when I open internet explorer it redirects me to http://asafecenter.com/ ..

    My msn keeps closing with errors aswell ...
     
  2. jwbirdsong

    jwbirdsong

    Joined:
    Nov 6, 2002
    Messages:
    710
    Click here to download HJTsetup.exe
    • Save HJTsetup.exe to your desktop.
    • Doubleclick on the HJTsetup.exe icon on your desktop.
    • By default it will install to C:\Program Files\Hijack This.
    • Continue to click Next in the setup dialogue boxes until you get to the Select Addition Tasks dialogue.
    • Put a check by Create a desktop icon then click Next again.
    • Continue to follow the rest of the prompts from there.
    • At the final dialogue box click Finish and it will launch Hijack This.
    • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
    • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
    • Come back here to this thread and Paste the log in your next reply.
    • DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.
     
  3. CourtneyLeigh

    CourtneyLeigh Thread Starter

    Joined:
    Jun 15, 2007
    Messages:
    20
    One Problem, I fixed all earlier in hijackthis..... before posting the message. (sisters boyfriend told me to...) OK but I did a new scan now. Here are the results posted below from Hijackthis. If you want you can give me a whole lot of series of steps to follow !!!!!

    Logfile of HijackThis v1.99.1
    Scan saved at 9:46:37 PM, on 04/07/2007
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Video ActiveX Access\iesmn.exe
    C:\Program Files\Video ActiveX Access\imsmain.exe
    C:\Program Files\Video ActiveX Access\imsmn.exe
    C:\Program Files\Video ActiveX Access\iesmin.exe
    C:\Program Files\Microsoft LifeCam\MSCamS32.exe
    c:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Softex\OmniPass\Omniserv.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\HijackThis\HijackThis.exe

    O2 - BHO: (no name) - {184746EC-9E9D-4C7D-B9E7-9039EBD801A9} - C:\Program Files\Video ActiveX Access\iesplg.dll
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe
     
  4. jwbirdsong

    jwbirdsong

    Joined:
    Nov 6, 2002
    Messages:
    710
    Please download SmitfraudFix (by S!Ri) to your Desktop.

    Double-click SmitfraudFix.exe
    Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
    Please copy/paste the content of that report into your next reply.

    **If the tool fails to launch from the Desktop, please move SmitfraudFix.exe directly to the root of the system drive (usually C:), and launch from there.


    Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
    http://www.beyondlogic.org/consulting/proc...processutil.htm
     
  5. CourtneyLeigh

    CourtneyLeigh Thread Starter

    Joined:
    Jun 15, 2007
    Messages:
    20
    SmitFraudFix v2.202

    Scan done at 21:19:23.62, 08/07/2007
    Run from C:\Documents and Settings\Owner\Desktop\SmitfraudFix
    OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
    The filesystem type is NTFS
    Fix run in normal mode

    »»»»»»»»»»»»»»»»»»»»»»»» Process

    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Microsoft LifeCam\MSCamS32.exe
    c:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Softex\OmniPass\Omniserv.exe
    C:\Program Files\Video ActiveX Access\iesmn.exe
    C:\Program Files\Video ActiveX Access\imsmain.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Video ActiveX Access\imsmn.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Video ActiveX Access\iesmin.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\cmd.exe

    »»»»»»»»»»»»»»»»»»»»»»»» hosts


    »»»»»»»»»»»»»»»»»»»»»»»» C:\


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

    C:\WINDOWS\system32\xnvaogd.dll FOUND !

    »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Owner


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Owner\Application Data


    »»»»»»»»»»»»»»»»»»»»»»»» Start Menu

    C:\DOCUME~1\ALLUSE~1\STARTM~1\Online Security Guide.url FOUND !
    C:\DOCUME~1\ALLUSE~1\STARTM~1\Security Troubleshooting.url FOUND !

    »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Owner\FAVORI~1

    C:\DOCUME~1\Owner\FAVORI~1\Online Security Test.url FOUND !

    »»»»»»»»»»»»»»»»»»»»»»»» Desktop

    C:\DOCUME~1\ALLUSE~1\Desktop\Online Security Guide.url FOUND !
    C:\DOCUME~1\ALLUSE~1\Desktop\Security Troubleshooting.url FOUND !

    »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

    C:\Program Files\Video ActiveX Access\ FOUND !
    C:\Program Files\VirusProtectPro 3.3\ FOUND !

    »»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


    »»»»»»»»»»»»»»»»»»»»»»»» Desktop Components



    »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
    "{1b17f1db-790e-4d42-8e0c-d4d19123ee5b}"="coronally"

    [HKEY_CLASSES_ROOT\CLSID\{1b17f1db-790e-4d42-8e0c-d4d19123ee5b}\InProcServer32]
    @="C:\WINDOWS\System32\xnvaogd.dll"

    [HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{1b17f1db-790e-4d42-8e0c-d4d19123ee5b}\InProcServer32]
    @="C:\WINDOWS\System32\xnvaogd.dll"



    »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
    !!!Attention, following keys are not inevitably infected!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLs"=""


    »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
    !!!Attention, following keys are not inevitably infected!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    "System"=""


    »»»»»»»»»»»»»»»»»»»»»»»» Rustock



    »»»»»»»»»»»»»»»»»»»»»»»» DNS

    Description: Realtek RTL8139 Family PCI Fast Ethernet NIC - Packet Scheduler Miniport
    DNS Server Search Order: 192.168.1.254

    HKLM\SYSTEM\CCS\Services\Tcpip\..\{6DCAF589-F9AF-4B0C-BA35-6D763BFCC9AA}: DhcpNameServer=192.168.1.254
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{6DCAF589-F9AF-4B0C-BA35-6D763BFCC9AA}: DhcpNameServer=192.168.1.254
    HKLM\SYSTEM\CS3\Services\Tcpip\..\{6DCAF589-F9AF-4B0C-BA35-6D763BFCC9AA}: DhcpNameServer=192.168.1.254
    HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254
    HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254
    HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254


    »»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection


    »»»»»»»»»»»»»»»»»»»»»»»» End
     
  6. jwbirdsong

    jwbirdsong

    Joined:
    Nov 6, 2002
    Messages:
    710
    You should print out these instructions, or copy them to a NotePad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.

    Next, please reboot your computer in Safe Mode by doing the following :
    • Restart your computer
    • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
    • Instead of Windows loading as normal, a menu with options should appear;
    • Select the first option, to run Windows in Safe Mode, then press "Enter".
    • Choose your usual account.
    Once in Safe Mode, double-click on SmitfraudFix.exe
    Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.

    You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

    The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".

    The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows.
    A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply.
    The report can also be found at the root of the system drive, usually at C:\rapport.txt

    Warning : running option #2 on a non infected computer will remove your Desktop background
     
  7. CourtneyLeigh

    CourtneyLeigh Thread Starter

    Joined:
    Jun 15, 2007
    Messages:
    20
    SmitFraudFix v2.202

    Scan done at 0:34:44.10, 09/07/2007
    Run from C:\Documents and Settings\Owner\Desktop\SmitfraudFix
    OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
    The filesystem type is NTFS
    Fix run in safe mode

    »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
    "{1b17f1db-790e-4d42-8e0c-d4d19123ee5b}"="coronally"

    [HKEY_CLASSES_ROOT\CLSID\{1b17f1db-790e-4d42-8e0c-d4d19123ee5b}\InProcServer32]
    @="C:\WINDOWS\System32\xnvaogd.dll"

    [HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{1b17f1db-790e-4d42-8e0c-d4d19123ee5b}\InProcServer32]
    @="C:\WINDOWS\System32\xnvaogd.dll"


    »»»»»»»»»»»»»»»»»»»»»»»» Killing process


    »»»»»»»»»»»»»»»»»»»»»»»» hosts


    127.0.0.1 localhost

    »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

    GenericRenosFix by S!Ri

    C:\WINDOWS\System32\xnvaogd.dll -> Hoax.Win32.Renos.gen.o
    C:\WINDOWS\System32\xnvaogd.dll -> Deleted


    »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

    C:\DOCUME~1\ALLUSE~1\STARTM~1\Online Security Guide.url Deleted
    C:\DOCUME~1\ALLUSE~1\STARTM~1\Security Troubleshooting.url Deleted
    C:\DOCUME~1\ALLUSE~1\Desktop\Online Security Guide.url Deleted
    C:\DOCUME~1\ALLUSE~1\Desktop\Security Troubleshooting.url Deleted
    C:\DOCUME~1\Owner\FAVORI~1\Online Security Test.url Deleted
    C:\Program Files\Video ActiveX Access\ Deleted
    C:\Program Files\VirusProtectPro 3.3\ Deleted

    »»»»»»»»»»»»»»»»»»»»»»»» DNS

    HKLM\SYSTEM\CCS\Services\Tcpip\..\{6DCAF589-F9AF-4B0C-BA35-6D763BFCC9AA}: DhcpNameServer=192.168.1.254
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{6DCAF589-F9AF-4B0C-BA35-6D763BFCC9AA}: DhcpNameServer=192.168.1.254
    HKLM\SYSTEM\CS3\Services\Tcpip\..\{6DCAF589-F9AF-4B0C-BA35-6D763BFCC9AA}: DhcpNameServer=192.168.1.254
    HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254
    HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254
    HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254


    »»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


    »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
    !!!Attention, following keys are not inevitably infected!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    "System"=""


    »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

    Registry Cleaning done.

    »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll


    »»»»»»»»»»»»»»»»»»»»»»»» End
     
  8. jwbirdsong

    jwbirdsong

    Joined:
    Nov 6, 2002
    Messages:
    710
    Looks good

    Download
    Deckard's System Scanner (DSS)
    to your Desktop. Note: You must be logged onto an account with administrator privileges.

    1. Close all applications and windows.
    2. Double-click on dss.exe to run it, and follow the prompts.
    3. When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt<-this one will be minimized
    4. Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt and the extra.txt to your post. in your reply
     
  9. CourtneyLeigh

    CourtneyLeigh Thread Starter

    Joined:
    Jun 15, 2007
    Messages:
    20
    Deckard's System Scanner v20070708.52
    Run by Owner on 2007-07-09 at 06:38:11
    Computer is in Normal Mode.
    --------------------------------------------------------------------------------

    -- System Restore --------------------------------------------------------------

    Successfully created a Deckard's System Scanner Restore Point.


    -- Last 5 Restore Point(s) --
    109: 2007-07-09 12:38:15 UTC - RP109 - Deckard's System Scanner Restore Point
    108: 2007-07-09 09:16:26 UTC - RP108 - System Checkpoint
    107: 2007-07-06 04:15:04 UTC - RP107 - System Checkpoint
    106: 2007-07-05 04:01:26 UTC - RP106 - Software Distribution Service 3.0
    105: 2007-07-04 08:14:58 UTC - RP105 - System Checkpoint


    -- First Restore Point --
    1: 2007-06-06 18:30:55 UTC - RP1 - System Checkpoint


    Backed up registry hives.

    Performed disk cleanup.


    -- HijackThis (run as Owner.exe) -----------------------------------------------

    Logfile of HijackThis v1.99.1
    Scan saved at 6:38:46 AM, on 09/07/2007
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Microsoft LifeCam\MSCamS32.exe
    c:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Softex\OmniPass\Omniserv.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\DivX\DivX Player\DivX Player.exe
    C:\Documents and Settings\Owner\Desktop\dss.exe
    C:\PROGRA~1\HIJACK~1\Owner.exe

    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe


    -- HijackThis Fixed Entries (C:\PROGRA~1\HIJACK~1\backups\) --------------------

    backup-20070614-225020-206 O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
    backup-20070614-225020-289 O2 - BHO: IEExtension Class - {DBE5BEE8-F032-11DB-826A-C4BB56D89593} - C:\Program Files\ContraVirus\secieaddin.dll
    backup-20070614-225020-606 O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
    backup-20070614-225020-637 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qca8.hpwis.com/
    backup-20070614-225020-791 O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    backup-20070614-225020-865 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://qca8.hpwis.com/
    backup-20070614-225020-875 O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    backup-20070614-225122-172 O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    backup-20070614-225122-791 O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    backup-20070614-225122-793 O4 - Startup: LimeWire On Startup.lnk = C:\Documents and Settings\Owner\My Documents\My Music\LimeWire\LimeWire.exe
    backup-20070614-225122-815 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    backup-20070614-225122-840 O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    backup-20070615-100519-655 O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    backup-20070615-100519-801 O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
    backup-20070615-100520-471 O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab

    -- File Associations -----------------------------------------------------------

    All associations okay.


    -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

    R0 fasttx2k - c:\windows\system32\drivers\fasttx2k.sys <Not Verified; Promise Technology, Inc.; Promise FastTrak Series Driver>

    S3 JL2001 (Telemax WebCam WC-50) - c:\windows\system32\drivers\videocap.sys <Not Verified; Windows (R) 2000 DDK provider; Windows (R) 2000 DDK driver>
    S3 TVICHW32 - c:\windows\system32\drivers\tvichw32.sys <Not Verified; EnTech Taiwan; TVicHW32 Generic Device Driver for Windows 95/98/ME/NT/2000/2003/XP/XP64>


    -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

    All services whitelisted.


    -- Scheduled Tasks -------------------------------------------------------------

    2007-07-09 06:37:46 272 --a------ C:\WINDOWS\Tasks\easy Internet sign-up.job
    2007-07-09 06:34:00 412 --a------ C:\WINDOWS\Tasks\Symantec NetDetect.job
    2007-06-14 17:23:26 464 --a------ C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer.job


    -- Files created between 2007-06-09 and 2007-07-09 -----------------------------

    2007-07-08 21:19:19 288417 --a------ C:\WINDOWS\System32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
    2007-07-08 21:19:19 51200 --a------ C:\WINDOWS\System32\dumphive.exe
    2007-07-08 21:19:18 53248 --a------ C:\WINDOWS\System32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility>
    2007-07-04 15:13:53 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
    2007-07-02 12:20:04 0 d-------- C:\WINDOWS\Prefetch
    2007-07-02 11:36:48 0 d-------- C:\WINDOWS\peernet
    2007-07-02 11:36:41 0 d-------- C:\WINDOWS\provisioning
    2007-07-02 11:09:28 1703936 --a------ C:\WINDOWS\System32\d3d9.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
    2007-07-02 11:09:27 1769472 --a------ C:\WINDOWS\System32\dxdiagn.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
    2007-07-02 11:09:25 225280 --a------ C:\WINDOWS\System32\wmpdxm.dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows Media Player>
    2007-07-02 11:09:25 106496 --a------ C:\WINDOWS\System32\wmpasf.dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows Media Player>
    2007-06-25 15:54:55 0 d--h----- C:\~cevts_001_tmp.dir
    2007-06-25 14:54:26 0 d-------- C:\WINDOWS\EHome
    2007-06-24 14:12:59 4569 -----n--- C:\WINDOWS\System32\secupd.dat
    2007-06-24 13:18:52 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
    2007-06-23 23:50:43 0 d-------- C:\Downloads
    2007-06-23 23:50:41 0 d-------- C:\Documents and Settings\Owner\Application Data\GetRightToGo
    2007-06-23 23:39:37 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
    2007-06-20 10:05:24 0 d-------- C:\WINDOWS\pss
    2007-06-19 18:57:40 0 d-------- C:\Program Files\Microsoft LifeCam
    2007-06-17 00:56:51 46352 --a------ C:\WINDOWS\setdebug.exe <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) Operating System>
    2007-06-17 00:56:50 171280 --a------ C:\WINDOWS\System32\jit.dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) Operating System>
    2007-06-17 00:56:50 139536 --a------ C:\WINDOWS\System32\javaee.dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) Operating System>
    2007-06-17 00:56:49 313856 --a------ C:\WINDOWS\System32\dx3j.dll <Not Verified; Microsoft Corporation; Microsoft® DirectX for Java>
    2007-06-17 00:56:49 6550 --a------ C:\WINDOWS\jautoexp.dat
    2007-06-17 00:56:37 113 --a------ C:\WINDOWS\System32\zonedon.reg
    2007-06-17 00:56:37 113 --a------ C:\WINDOWS\System32\zonedoff.reg
    2007-06-17 00:56:37 171792 --a------ C:\WINDOWS\System32\wjview.exe <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) Operating System>
    2007-06-17 00:56:36 286992 --a------ C:\WINDOWS\System32\vmhelper.dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) Operating System>
    2007-06-17 00:56:35 21264 --a------ C:\WINDOWS\System32\msjdbc10.dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) Operating System>
    2007-06-17 00:56:34 947472 --a------ C:\WINDOWS\System32\msjava.dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) Operating System>
    2007-06-17 00:56:33 154384 --a------ C:\WINDOWS\System32\msawt.dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) Operating System>
    2007-06-17 00:56:33 172304 --a------ C:\WINDOWS\System32\jview.exe <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) Operating System>
    2007-06-17 00:56:32 15120 --a------ C:\WINDOWS\System32\jdbgmgr.exe <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) Operating System>
    2007-06-17 00:56:31 404752 --a------ C:\WINDOWS\System32\javart.dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) Operating System>
    2007-06-17 00:56:31 63248 --a------ C:\WINDOWS\System32\javaprxy.dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) Operating System>
    2007-06-17 00:56:30 187152 --a------ C:\WINDOWS\System32\javacypt.dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) Operating System>
    2007-06-17 00:56:28 49424 --a------ C:\WINDOWS\System32\clspack.exe <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) Operating System>
    2007-06-15 17:40:47 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
    2007-06-15 17:40:46 0 d-------- C:\WINDOWS\System32\Kaspersky Lab
    2007-06-15 10:16:25 214 --a------ C:\WINDOWS\System32\tmp.reg
    2007-06-14 18:40:47 0 d-------- C:\WINDOWS\BDOSCAN8
    2007-06-14 17:22:37 0 d-------- C:\WINDOWS\System32\bits
    2007-06-14 17:21:04 0 d-------- C:\WINDOWS\System32\PreInstall
    2007-06-14 17:20:58 0 d--h----- C:\WINDOWS\$hf_mig$
    2007-06-09 09:41:03 0 d-------- C:\WINDOWS\Sun
    2007-06-09 09:41:03 0 d-------- C:\Documents and Settings\Owner\Application Data\Sun


    -- Find3M Report ---------------------------------------------------------------

    2007-07-09 06:37:44 0 d-------- C:\Program Files\Easy Internet signup
    2007-07-08 22:32:22 0 d-------- C:\Documents and Settings\Owner\Application Data\LimeWire
    2007-07-04 15:28:37 0 d-------- C:\Program Files\Common Files\Symantec Shared
    2007-07-02 13:16:28 0 d-------- C:\Program Files\Messenger
    2007-07-02 11:45:11 0 d-------- C:\Program Files\Windows NT
    2007-07-02 11:45:01 0 d-------- C:\Program Files\Movie Maker
    2007-06-17 00:39:46 0 d-------- C:\Program Files\Norton AntiVirus
    2007-06-13 20:34:29 0 d-------- C:\Program Files\Common Files\Adobe
    2007-06-08 17:07:08 0 d-------- C:\Documents and Settings\Owner\Application Data\VERITAS
    2007-06-08 11:12:45 0 d-------- C:\Documents and Settings\Owner\Application Data\DivX
    2007-06-08 11:03:44 0 d-------- C:\Documents and Settings\Owner\Application Data\Media Player Classic
    2007-06-08 11:01:07 0 d-------- C:\Program Files\DivX
    2007-06-07 18:52:38 0 d-------- C:\Program Files\Java
    2007-06-07 05:59:50 0 d--h----- C:\Program Files\WindowsUpdate
    2007-06-07 01:43:43 0 d-------- C:\Documents and Settings\Owner\Application Data\Macromedia
    2007-06-07 00:15:46 0 d-------- C:\Program Files\Common Files\Java
    2007-06-06 23:58:08 0 d-------- C:\Program Files\MSN Messenger
    2007-06-06 23:53:28 0 d-------- C:\Program Files\Softex
    2007-06-06 23:53:28 0 d--h----- C:\Program Files\InstallShield Installation Information
    2007-06-06 23:52:10 0 d-------- C:\Program Files\Common Files\Real
    2007-06-06 23:51:35 0 d-------- C:\Documents and Settings\Owner\Application Data\interMute
    2007-06-06 23:50:37 0 d-------- C:\Program Files\AWS
    2007-06-06 23:50:00 0 d-------- C:\Program Files\Quicken
    2007-06-06 23:47:52 0 d-------- C:\Program Files\MUSICMATCH
    2007-06-06 12:29:52 0 d-------- C:\Program Files\Encarta Online
    2007-05-31 00:44:55 823296 --a------ C:\WINDOWS\System32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>
    2007-05-31 00:44:54 802816 --a------ C:\WINDOWS\System32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
    2007-05-31 00:44:54 823296 --a------ C:\WINDOWS\System32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
    2007-05-31 00:44:54 740442 --a------ C:\WINDOWS\System32\DivX.dll <Not Verified; DivX, Inc.; DivX®>
    2007-04-22 18:15:29 3596288 --a------ C:\WINDOWS\System32\qt-dx331.dll
    2007-04-22 18:02:34 196608 --a------ C:\WINDOWS\System32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
    2007-04-22 18:02:34 73728 --a------ C:\WINDOWS\System32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
    2007-04-22 18:01:47 12288 --a------ C:\WINDOWS\System32\DivXWMPExtType.dll


    -- Registry Dump ---------------------------------------------------------------

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
    "msnmsgr"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"
    "MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
    "NoCDBurning"=dword:00000000

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]

    HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
    Authentication Packages REG_MULTI_SZ msv1_0\0\0
    Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
    Notification Packages REG_MULTI_SZ \0scecli\0scecli\0\0


    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IcoSet]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="adjust"
    "hkey"="HKLM"
    "command"="c:\\hp\\bin\\cloaker.exe c:\\hp\\bin\\IcoSet\\adjust.bat seticon"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="msmsgs"
    "hkey"="HKCU"
    "command"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="MsnMsgr"
    "hkey"="HKCU"
    "command"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
    LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
    NetworkService REG_MULTI_SZ DnsCache\0\0
    rpcss REG_MULTI_SZ RpcSs\0\0
    imgsvc REG_MULTI_SZ StiSvc\0\0
    termsvcs REG_MULTI_SZ TermService\0\0



    -- End of Deckard's System Scanner: finished at 2007-07-09 at 06:41:48 ---------



    Deckard's System Scanner v20070708.52
    Extra logfile - please post this as an attachment with your post.
    --------------------------------------------------------------------------------

    -- System Information ----------------------------------------------------------

    Microsoft Windows XP Home Edition (build 2600) SP 1.0
    Architecture: X86; Language: English

    CPU 0: Intel(R) Celeron(R) CPU 2.60GHz
    Percentage of Memory in Use: 69%
    Physical Memory (total/avail): 503.52 MiB / 151.16 MiB
    Pagefile Memory (total/avail): 1231.36 MiB / 970.63 MiB
    Virtual Memory (total/avail): 2047.88 MiB / 1959.51 MiB

    A: is Removable (No Media)
    C: is Fixed (NTFS) - 107.56 GiB total, 76.54 GiB free.
    D: is Fixed (FAT32) - 4.24 GiB total, 0.7 GiB free.
    E: is CDROM (CDFS)
    F: is CDROM (UDF)


    -- Security Center -------------------------------------------------------------

    AUOptions is set to notify before install.


    -- Environment Variables -------------------------------------------------------

    ALLUSERSPROFILE=C:\Documents and Settings\All Users
    APPDATA=C:\Documents and Settings\Owner\Application Data
    CLIENTNAME=Console
    CommonProgramFiles=C:\Program Files\Common Files
    COMPUTERNAME=COURTNEYSTACO
    ComSpec=C:\WINDOWS\system32\cmd.exe
    HOMEDRIVE=C:
    HOMEPATH=\Documents and Settings\Owner
    LOGONSERVER=\\COURTNEYSTACO
    NUMBER_OF_PROCESSORS=1
    OS=Windows_NT
    Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;c:\Python22
    PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
    PCToolsDir=C:\Documents and Settings\All Users\Start Menu\Programs\Compaq\Compaq Presario PC Tools
    PROCESSOR_ARCHITECTURE=x86
    PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 9, GenuineIntel
    PROCESSOR_LEVEL=15
    PROCESSOR_REVISION=0209
    ProgramFiles=C:\Program Files
    PROMPT=$P$G
    SESSIONNAME=Console
    SystemDrive=C:
    SystemRoot=C:\WINDOWS
    TEMP=C:\DOCUME~1\Owner\LOCALS~1\Temp
    TMP=C:\DOCUME~1\Owner\LOCALS~1\Temp
    USERDOMAIN=COURTNEYSTACO
    USERNAME=Owner
    USERPROFILE=C:\Documents and Settings\Owner
    windir=C:\WINDOWS


    -- User Profiles ---------------------------------------------------------------

    Owner (admin)


    -- Add/Remove Programs ---------------------------------------------------------

    --> C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
    --> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
    --> c:\WINDOWS\System32\\MSIEXEC.EXE /x {8214CC02-6271-4DC8-B8DD-779933450264}
    --> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
    Adobe Acrobat 5.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
    Adobe Flash Player 9 ActiveX --> C:\WINDOWS\System32\Macromed\Flash\FlashUtil9c.exe -uninstallUnlock
    BitLord 1.1 --> C:\Documents and Settings\Owner\My Documents\T.V Shows and Movies\BitLord\uninst.exe
    CleanUp! --> C:\Program Files\CleanUp!\uninstall.exe
    DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
    DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
    DivX Converter --> C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
    DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
    DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
    Hijackthis 1.99.1 --> "C:\Program Files\Hijackthis\unins000.exe"
    HijackThis 1.99.1 --> C:\Program Files\HijackThis\HijackThis.exe /uninstall
    IExplorer Security Plug-in --> "C:\Program Files\Video ActiveX Access\iesunst.exe"
    Instant Support --> C:\PROGRA~1\INSTAN~1\UNWISE.EXE C:\PROGRA~1\INSTAN~1\INSTALL.LOG
    Intel(R) Extreme Graphics Driver --> RUNDLL32.EXE C:\WINDOWS\System32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2562
    IntelliMover Data Transfer Demo --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{14589F05-C658-4594-9429-D437BA688686}\Setup.exe" -l0x9
    Internet Explorer Secure Bar --> "C:\Program Files\Video ActiveX Access\iesbunst.exe"
    InterVideo WinDVD Player --> "C:\Program Files\InstallShield Installation Information\{98E8A2EF-4EAE-43B8-A172-74842B764777}\setup.exe" REMOVEALL
    J2SE Runtime Environment 5.0 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150030}
    Java(TM) SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
    Kaspersky Online Scanner --> C:\WINDOWS\System32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
    KBD --> C:\HP\KBD\KBD.EXE uninstalled
    LimeWire 4.12.11 --> "C:\Documents and Settings\Owner\My Documents\My Music\LimeWire\uninstall.exe"
    LiveReg (Symantec Corporation) --> C:\Program Files\Common Files\Symantec Shared\LiveReg\VcSetup.exe /REMOVE
    LiveUpdate 1.80 (Symantec Corporation) --> C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
    Messenger Service --> "C:\Program Files\Video ActiveX Access\imsunst.exe"
    Microsoft LifeCam --> MsiExec.exe /X{8CFC7570-DD90-486E-A239-E31D455BDE93}
    Norton AntiVirus 2003 --> MsiExec.exe /I{EDCD4CE3-DE92-49A9-87F9-FE09B2FBA16C}
    NVIDIA Windows 2000/XP Display Drivers --> rundll32.exe C:\WINDOWS\System32\nvinstnt.dll,NvUninstallNT4 nvhp.inf
    OmniPass --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F4E57F49-84B4-4CF2-B0A1-8CA1752BDF7E}\Setup.exe" -l0x9
    PS2 --> C:\WINDOWS\system32\ps2.exe uninstall
    RecordNow --> MsiExec.exe /I{8214CC02-6271-4DC8-B8DD-779933450264}
    S3Display --> s3uninst.exe -reg 5 'HKLM\Software\S3\S3Uninst\S3Display'
    S3Gamma2 --> s3uninst.exe -reg 5 'HKLM\Software\S3\S3Uninst\S3Gamma2'
    S3Info2 --> s3uninst.exe -reg 5 'HKLM\Software\S3\S3Uninst\S3Info2'
    S3Overlay --> s3uninst.exe -reg 5 'HKLM\Software\S3\S3Uninst\S3Overlay'
    Security Update for Step By Step Interactive Training (KB898458) --> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
    Simple Installer - Multilanguage Version --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EEF397AC-DAEF-4C04-90A9-5B2BD31875DC}\setup.exe"
    Uninstall USB Storage RW Ver. 2.00.11.b04 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0DCFC7D5-8608-478C-8082-1FF848B978AF}\setup.exe" UNINSTALL
    Windows Live Messenger --> MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}


    -- End of Deckard's System Scanner: finished at 2007-07-09 at 06:41:48 ---------
     
  10. jwbirdsong

    jwbirdsong

    Joined:
    Nov 6, 2002
    Messages:
    710
    Sorry for the long wait...been just swamped.

    Logs look great now...Let's do one final check.

    Please go HERE to run Panda's ActiveScan
    • Once you are on the Panda site click the Scan your PC button
    • A new window will open...click the Check Now button
    • Enter your Country
    • Enter your State/Province
    • Enter your e-mail address and click send
    • Select either Home User or Company
    • Click the big Scan Now button
    • If it wants to install an ActiveX component allow it
    • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
    • When download is complete, click on My Computer to start the scan
    • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report and a fresh HijackThis log
     
  11. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/591837

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice