1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

search engine hijack

Discussion in 'All Other Software' started by macknite, Jan 31, 2007.

Thread Status:
Not open for further replies.
Advertisement
  1. macknite

    macknite Thread Starter

    Joined:
    Mar 9, 2006
    Messages:
    51
    Hi, I am having problems with my google and other search engines. When I commence a search and click on any answer I am taken to another search engine. This is happening continously. Various search engines are apppearing. NOt any recommended ones. I have run anti-virus and anti spyware programmes, but its still there. I have Armour wall anti-spyware and Avira anti-virus running. Any ideas. Thanks:
     
  2. Byteman

    Byteman Moderator Malware Specialist

    Joined:
    Jan 24, 2002
    Messages:
    17,725
    Hi, This is the first step:

    go to Click here to download HJTsetup.exe
    • Save HJTsetup.exe to your desktop.
    • Double click on the HJTsetup.exe icon on your desktop.
    • By default it will install to C:\Program Files\Hijack This.
    • Continue to click Next in the setup dialogue boxes until you get to the Select Additional Tasks dialogue.
    • Put a check by Create a desktop icon then click Next again.
    • Continue to follow the rest of the prompts from there.
    • At the final dialogue box click Finish and it will launch Hijack This.
    • Click on the Do a system scan and save a log file button. It will scan and then save the log and then the log will open in Notepad.
    • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
    • Paste the log in your next reply.
    • DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.


    Also, like to see this list- include it in your reply.

    Open Hijack This and click on the "Open the Misc Tools Section" button. Click on the "Open Uninstall Manager" button. Click the "Save List" botton. Copy and paste that list here please.
     
  3. macknite

    macknite Thread Starter

    Joined:
    Mar 9, 2006
    Messages:
    51
    HI BYTEMAN, appreciate your help. Log file to follow. Will await your advise. Thanks again.


    Logfile of HijackThis v1.99.1
    Scan saved at 5:54:54 PM, on 2/1/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.5730.0011)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\wdfmgr.exe
    C:\Program Files\Canon\CAL\CALMAIN.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\SOUNDMAN.EXE
    C:\WINDOWS\System32\igfxtray.exe
    C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
    C:\WINDOWS\System32\hkcmd.exe
    C:\Program Files\Excite\PrvtMsgr\bin\x8IMPipe.exe
    C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\ClamWin\bin\ClamTray.exe
    C:\Program Files\BestPopUpKiller\BestPopupKiller.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Microsoft Office\Office\OSA.EXE
    C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Program Files\Hijackthis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: A2NPopUpKiller Class - {8A321C7D-9CED-45A8-870D-DAE843A45FD0} - C:\Program Files\Armor2net\ArmorWall Personal Firewall\PopUpKiller.dll
    O2 - BHO: (no name) - {BCC2FA3B-DF3D-5FC8-D23D-F52CDCEB8480} - (no file)
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [Excite Private Messenger Pipe] C:\Program Files\Excite\PrvtMsgr\bin\x8IMPipe.exe
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKLM\..\Run: [errorkiller] "C:\Program Files\errorkiller\errorkiller.exe" -boot
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [ClamWin] "C:\Program Files\ClamWin\bin\ClamTray.exe" --logon
    O4 - HKLM\..\Run: [Cleanup] C:\Program Files\Complete Cleanup Trial\compind.bat
    O4 - HKCU\..\Run: [BestPopUpKiller] C:\Program Files\BestPopUpKiller\BestPopupKiller.exe /startup
    O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
    O4 - HKCU\..\Run: [EvidenceEraser] C:\Program Files\EvidenceEraser\EvidenceEraser.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O9 - Extra button: (no name) - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - "C:\Program Files\Winferno\PC Confidential\PCConfidential.exe" (file missing)
    O9 - Extra 'Tools' menuitem: PC Confidential - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - "C:\Program Files\Winferno\PC Confidential\PCConfidential.exe" (file missing)
    O9 - Extra button: PC Confidential - {925DAB62-F9AC-4221-806A-057BFB1014AA} - "C:\Program Files\Winferno\PC Confidential\PCConfidential.exe" (file missing)
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\program files\armor2net\armorwall personal firewall\netdog.dll
    O10 - Unknown file in Winsock LSP: c:\program files\armor2net\armorwall personal firewall\netdog.dll
    O10 - Unknown file in Winsock LSP: c:\program files\armor2net\armorwall personal firewall\netdog.dll
    O10 - Unknown file in Winsock LSP: c:\program files\armor2net\armorwall personal firewall\netdog.dll
    O10 - Unknown file in Winsock LSP: c:\program files\armor2net\armorwall personal firewall\netdog.dll
    O11 - Options group: [INTERNATIONAL] International*
    O15 - Trusted Zone: *.awmdabest.com (HKLM)
    O16 - DPF: Ulster Bank AnyTime - https://anytime2.ulsterbank.com/asp/AnyTime.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1159622478781
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://flashcasino.ladbrokes.com/instant-play-en/FlashAX.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{21F43399-B5B8-4B4F-BC70-3847B4E20AEC}: NameServer = 85.255.114.29,85.255.112.109
    O17 - HKLM\System\CCS\Services\Tcpip\..\{2DBCF6C9-481B-4B21-9698-9211919AC0FC}: NameServer = 85.255.114.29,85.255.112.109
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.114.29 85.255.112.109
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.114.29 85.255.112.109
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.114.29 85.255.112.109
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
     
  4. macknite

    macknite Thread Starter

    Joined:
    Mar 9, 2006
    Messages:
    51
    BYTEMAN,

    log file from "Open Uninstall Manager"

    Logfile of HijackThis v1.99.1
    Scan saved at 5:54:54 PM, on 2/1/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.5730.0011)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\wdfmgr.exe
    C:\Program Files\Canon\CAL\CALMAIN.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\SOUNDMAN.EXE
    C:\WINDOWS\System32\igfxtray.exe
    C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
    C:\WINDOWS\System32\hkcmd.exe
    C:\Program Files\Excite\PrvtMsgr\bin\x8IMPipe.exe
    C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\ClamWin\bin\ClamTray.exe
    C:\Program Files\BestPopUpKiller\BestPopupKiller.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Microsoft Office\Office\OSA.EXE
    C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Program Files\Hijackthis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: A2NPopUpKiller Class - {8A321C7D-9CED-45A8-870D-DAE843A45FD0} - C:\Program Files\Armor2net\ArmorWall Personal Firewall\PopUpKiller.dll
    O2 - BHO: (no name) - {BCC2FA3B-DF3D-5FC8-D23D-F52CDCEB8480} - (no file)
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [Excite Private Messenger Pipe] C:\Program Files\Excite\PrvtMsgr\bin\x8IMPipe.exe
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKLM\..\Run: [errorkiller] "C:\Program Files\errorkiller\errorkiller.exe" -boot
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [ClamWin] "C:\Program Files\ClamWin\bin\ClamTray.exe" --logon
    O4 - HKLM\..\Run: [Cleanup] C:\Program Files\Complete Cleanup Trial\compind.bat
    O4 - HKCU\..\Run: [BestPopUpKiller] C:\Program Files\BestPopUpKiller\BestPopupKiller.exe /startup
    O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
    O4 - HKCU\..\Run: [EvidenceEraser] C:\Program Files\EvidenceEraser\EvidenceEraser.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O9 - Extra button: (no name) - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - "C:\Program Files\Winferno\PC Confidential\PCConfidential.exe" (file missing)
    O9 - Extra 'Tools' menuitem: PC Confidential - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - "C:\Program Files\Winferno\PC Confidential\PCConfidential.exe" (file missing)
    O9 - Extra button: PC Confidential - {925DAB62-F9AC-4221-806A-057BFB1014AA} - "C:\Program Files\Winferno\PC Confidential\PCConfidential.exe" (file missing)
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\program files\armor2net\armorwall personal firewall\netdog.dll
    O10 - Unknown file in Winsock LSP: c:\program files\armor2net\armorwall personal firewall\netdog.dll
    O10 - Unknown file in Winsock LSP: c:\program files\armor2net\armorwall personal firewall\netdog.dll
    O10 - Unknown file in Winsock LSP: c:\program files\armor2net\armorwall personal firewall\netdog.dll
    O10 - Unknown file in Winsock LSP: c:\program files\armor2net\armorwall personal firewall\netdog.dll
    O11 - Options group: [INTERNATIONAL] International*
    O15 - Trusted Zone: *.awmdabest.com (HKLM)
    O16 - DPF: Ulster Bank AnyTime - https://anytime2.ulsterbank.com/asp/AnyTime.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1159622478781
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://flashcasino.ladbrokes.com/instant-play-en/FlashAX.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{21F43399-B5B8-4B4F-BC70-3847B4E20AEC}: NameServer = 85.255.114.29,85.255.112.109
    O17 - HKLM\System\CCS\Services\Tcpip\..\{2DBCF6C9-481B-4B21-9698-9211919AC0FC}: NameServer = 85.255.114.29,85.255.112.109
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.114.29 85.255.112.109
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.114.29 85.255.112.109
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.114.29 85.255.112.109
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
     
  5. Byteman

    Byteman Moderator Malware Specialist

    Joined:
    Jan 24, 2002
    Messages:
    17,725
    Hi, Try again- you did get two Hijackthis logs, need Uninstall list. Betcha you had the HJT log on the clipboard, went to grab the Uninstall list, and forget to hit "Copy" before Pasting. If I had a buck for every time it's happened to me.....

    Here's the steps again> Open Hijack This and click on the "Open the Misc Tools Section" button. Click on the "Open Uninstall Manager" button. Click the "Save List" botton. Copy and paste that list here please.
     
  6. Byteman

    Byteman Moderator Malware Specialist

    Joined:
    Jan 24, 2002
    Messages:
    17,725
    Hi, You are using two antivirus programs at the same time I think, AntiVir and ClamWin...... I may be wrong but you should have one or the other set to run in the background, and one to not be running when Windows is....choose one and turn the other one off using it's settings in the respective program.



    You have some software installed that has set up Restrictions for Internet Explorer, if you know what one, temporarily turn it off just before you run Fix Wareout.... It might be ArmorAll firewall.

    PCConfidential perhaps- I've never heard of this one?



    These two items in HJT log show what I mean: (No, do not fix them yet!)

    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present




    Download >

    http://downloads.subratam.org/Fixwareout.exe

    Right-click on the above link, save it to your desktop, and click on it to run the application. Click Next, then Install, then make sure "Run fixit" is checked and click Finish.


    The fix will begin; follow the prompts. You will be asked to reboot your computer; please do so. Your system may take longer than usual to load; this is normal.

    5. When your system reboots, follow the prompts. Afterwards, HijackThis will launch. Close Hijack This, and click OK to proceed.

    At the end of the fix, you may need to restart your computer again


    Finally, please post the contents of the logfile C:\fixwareout\report.txt

    Next: You have to check some networking settings:

    If you are using Windows XP's Category View, select the Network and Internet Connections category. If you are in Classic View, go to the next step.

    Double-click the Network Connections icon
    Right-click the Local Area Connection icon and select Properties.
    Higlight Internet Protocol (TCP/IP) and click the Properties button.
    Be sure Obtain DNS server address automatically is selected.
    OK your way out.

    * Go to Start > Run and type in cmd
    Click OK.
    This will open a command prompt.
    Type or copy and paste the following line in the command window:

    Note there IS ONE SPACE after the "g"
    ipconfig /flushdns

    Hit Enter.
    Exit the command window.

    Restart your computer.

    If there is any connection problem, go through the steps above once more, this thing likes to put itself back....scan with HJT, if you see the items we removed back, fix them again with all windows CLOSED, even this one....then, check the DNS address and set to obtain automatically etc as before.....restart as before.

    Note: The entries mentioned above, will show like this if they return in a new Hijackthis scan:

    O17 - HKLM\System\CCS\Services\Tcpip\..\{21F43399-B5B8-4B4F-BC70-3847B4E20AEC}: NameServer = 85.255.114.29,85.255.112.109
    O17 - HKLM\System\CCS\Services\Tcpip\..\{2DBCF6C9-481B-4B21-9698-9211919AC0FC}: NameServer = 85.255.114.29,85.255.112.109
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.114.29 85.255.112.109
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.114.29 85.255.112.109
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.114.29 85.255.112.109

    Next:


    Run ActiveScan online virus scan:
    http://www.pandasoftware.com/products/activescan.htm

    Once you are on the Panda site click the Scan your PC button.
    A new window will open...click the Check Now button.
    Enter your Country.
    Enter your State/Province.
    Enter your e-mail address and click send.
    Select either Home User or Company.
    Click the big Scan Now button.
    If it wants to install an ActiveX component allow it.
    It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
    When download is complete, click on My Computer to start the scan.
    When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location.
    Post the contents of the ActiveScan report along with a new Hijack This log.
     
  7. macknite

    macknite Thread Starter

    Joined:
    Mar 9, 2006
    Messages:
    51
    Hi Byteman, thanks again for all your help. I tried to do as you suggested and run Fixwareout.exe but its not working. Probably because of something I have installed previously.

    This is whats happening......... saved Fixwareout.exe. to desktop. When I launch Im getting this black window screen

    C:\Windows\System32\cmd.exe
    with script....This batch will remove wareout, killNc Lean

    SpyMarshall and UnSpyPc from your system

    use at your own risk

    press any key to continue..........when I do >>>>>>>>>I get the following

    ---------------------------------------
    I then get the Notepad.txt window

    script............check for missing files

    c\windows\system32\autoexe.nt not there



    Not sure whats missing???
     
  8. Byteman

    Byteman Moderator Malware Specialist

    Joined:
    Jan 24, 2002
    Messages:
    17,725
    Hi, Try booting up in Safe Mode with Networking and run FixWareout.

    (I think a new download might help, too, so do that)


    http://downloads.subratam.org/Fixwareout.exe

    Right-click on the above link, save it to your desktop, and click on it to run the application. Click Next, then Install, then make sure "Run fixit" is checked and click Finish.


    To get to the right mode, shut down totally first.

    Wait 20 seconds or so, and push Power switch to restart....start tapping the F8 key as you usually would to get to Safe Mode, but move the selection line down to "Safe Mode with Networking" and hit the Enter key.

    This mode allows Internet access, but less activity in case some software is preventing it from scripting.

    There may be a program you have installed, taht blocks scripts?
     
  9. Byteman

    Byteman Moderator Malware Specialist

    Joined:
    Jan 24, 2002
    Messages:
    17,725
    Hi, Just got some help from MFDnSC who gave me this:

    http://www.visualtour.com/downloads/

    Scroll down to "XPFix" download and run, then try Wareout again.

    Might not have to go to Safe with Networking, either.
     
  10. macknite

    macknite Thread Starter

    Joined:
    Mar 9, 2006
    Messages:
    51
    Hi Byteman,

    the folowing is the file log after I ran Fixwareout.
    Just to let you know...I ran the Avira anti-virus BEFORE I installed Http;//downloads.subratam.org/Fixwareout.exe,
    and after...the following trojan was detected

    Tr/Dldr.Agent.63270

    Fixwareout Last edited 2/11/2007
    Post this report in the forums please
    ...
    »»»»»Prerun check

    »»»»» System restarted

    »»»»» Postrun check
    HKLM\SOFTWARE\~\Winlogon\ "system"=""
    ....
    ....
    »»»»» Misc files.
    ....
    »»»»» Checking for older varients.
    ....

    Search five digit cs, dm, kd, jb, other, files.
    The following files NEED TO BE SUBMITTED to one of the following URL'S for further inspection.

    The system cannot find the file specified.


    Click browse, find the file then click submit.
    http://www.virustotal.com/flash/index_en.html
    Or http://virusscan.jotti.org/

    »»»»» Other



    »»»»» Current runs
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SoundMan"="SOUNDMAN.EXE"
    "IgfxTray"="C:\\WINDOWS\\System32\\igfxtray.exe"
    "HPDJ Taskbar Utility"="C:\\WINDOWS\\System32\\spool\\drivers\\w32x86\\3\\hpztsb04.exe"
    "HotKeysCmds"="C:\\WINDOWS\\System32\\hkcmd.exe"
    "Excite Private Messenger Pipe"="C:\\Program Files\\Excite\\PrvtMsgr\\bin\\x8IMPipe.exe"
    "Adobe Photo Downloader"="\"C:\\Program Files\\Adobe\\Photoshop Album Starter Edition\\3.0\\Apps\\apdproxy.exe\""
    "avgnt"="\"C:\\Program Files\\AntiVir PersonalEdition Classic\\avgnt.exe\" /min"
    "errorkiller"="\"C:\\Program Files\\errorkiller\\errorkiller.exe\" -boot"
    "QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
    "iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
    "Cleanup"="C:\\Program Files\\Complete Cleanup Trial\\compind.bat"

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "BestPopUpKiller"="C:\\Program Files\\BestPopUpKiller\\BestPopupKiller.exe /startup"

    "ccleaner"="\"C:\\Program Files\\CCleaner\\ccleaner.exe\" /AUTO"

    "EvidenceEraser"="C:\\Program Files\\EvidenceEraser\\EvidenceEraser.exe"

    "ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
    ....
    Hosts file was reset, If you use a custom hosts file please replace it
    »»»»» End report »»»»»
     
  11. Byteman

    Byteman Moderator Malware Specialist

    Joined:
    Jan 24, 2002
    Messages:
    17,725
    Hi, See if ErrorKiller appears in Add/remove Programs, Uninstall if it is. The uninstaller may not work, just continue....

    This small free utility may help you see what is installed that is bad:

    http://rogueremover.en.softonic.com/ie/57536

    Would be nice to see if ErrorKiller was detected, or not, as there is some difference of opinion about it.

    Also, you never posted the Uninstall list I asked for at the beginning...

    Open Hijack This and click on the "Open the Misc Tools Section" button. Click on the "Open Uninstall Manager" button. Click the "Save List" botton. Copy and paste that list here please.



    Post a brand new Hijackthis log, the Uninstall list, and whatever else you find when you run RogueRemover....it looks it will be two at least>
     
  12. macknite

    macknite Thread Starter

    Joined:
    Mar 9, 2006
    Messages:
    51
    Hi Byteman. Had a very unerving experience when I ran <http://roguemover.ensoftonic.com/ie/57536>

    When the log file appeared, I quickly scanned the results and as you had suggested, error killer appeared along with other such programs. Nothing else, particularly nothing that looked like it should not be deleted. Anyway I deleted the files, and immediately lost all my connections. All internet Explorer Browser files were deleted. So for the last few days I have had no Internet connection. Tried everything including reconnectiing my modem etc. Eventually I was able to get a connection with the help of my service provider and removed the old Explore files and re-launched Explore 7. So its looks like Im ok again. Might be helpful to mention when suggesting to anyone to launch The above programme ..NOT TO DELETE ANYTHING.. until they check back with you. I should have !!!
     
  13. Byteman

    Byteman Moderator Malware Specialist

    Joined:
    Jan 24, 2002
    Messages:
    17,725
    Hi, Sorry you did that- is the log still available- I'd like to see it.

    Don't run the tool again to make one, just the old log if you still have it.
    Weren't you given any choice to delete files...or not?
    I can't fathom why it would remove IE files.

    Anyway, post a new Hijackthis log, and don't fix anything without help!
     
  14. macknite

    macknite Thread Starter

    Joined:
    Mar 9, 2006
    Messages:
    51
    Hi again,
    Yes when I ran "roguemover" it did give me an option to delete or not, but when I checked the files listed and saw nothing remotely dangerous I regretably deleted everything......but anyway everything seems to be ok now...fingers crossed. Many thanks again for all your time and help.....will go and donate. Were lucky to have this site and the expert help.

    Logfile of HijackThis v1.99.1
    Scan saved at 9:32:06 PM, on 2/15/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.5730.0011)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Canon\CAL\CALMAIN.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\WINDOWS\System32\igfxtray.exe
    C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
    C:\WINDOWS\System32\hkcmd.exe
    C:\Program Files\Excite\PrvtMsgr\bin\x8IMPipe.exe
    C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\BestPopUpKiller\BestPopupKiller.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Microsoft Office\Office\OSA.EXE
    C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Hijackthis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [Excite Private Messenger Pipe] C:\Program Files\Excite\PrvtMsgr\bin\x8IMPipe.exe
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKCU\..\Run: [BestPopUpKiller] C:\Program Files\BestPopUpKiller\BestPopupKiller.exe /startup
    O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
    O4 - HKCU\..\Run: [EvidenceEraser] C:\Program Files\EvidenceEraser\EvidenceEraser.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [RWC_CLR_DAT] C:\Program Files\R-Wipe&Clean\RWipeRun.exe /CLEAR-INDEXES /COOK /TIF /HIST
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O9 - Extra button: (no name) - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - "C:\Program Files\Winferno\PC Confidential\PCConfidential.exe" (file missing)
    O9 - Extra 'Tools' menuitem: PC Confidential - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - "C:\Program Files\Winferno\PC Confidential\PCConfidential.exe" (file missing)
    O9 - Extra button: PC Confidential - {925DAB62-F9AC-4221-806A-057BFB1014AA} - "C:\Program Files\Winferno\PC Confidential\PCConfidential.exe" (file missing)
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Broken Internet access because of LSP provider 'c:\program files\armor2net\armorwall personal firewall\netdog.dll' missing
    O11 - Options group: [INTERNATIONAL] International*
    O15 - Trusted Zone: *.awmdabest.com (HKLM)
    O16 - DPF: Ulster Bank AnyTime - https://anytime2.ulsterbank.com/asp/AnyTime.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1159622478781
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://flashcasino.ladbrokes.com/instant-play-en/FlashAX.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{21F43399-B5B8-4B4F-BC70-3847B4E20AEC}: NameServer = 85.255.114.29,85.255.112.109
    O17 - HKLM\System\CCS\Services\Tcpip\..\{2DBCF6C9-481B-4B21-9698-9211919AC0FC}: NameServer = 192.111.39.1,192.111.39.4
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.114.29 85.255.112.109
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.114.29 85.255.112.109
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.114.29 85.255.112.109
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: R-Wipe and Clean Assistant - Unknown owner - C:\Program Files\R-Wipe&Clean\RwcNtSrv.exe
     
  15. Byteman

    Byteman Moderator Malware Specialist

    Joined:
    Jan 24, 2002
    Messages:
    17,725
    Hi, You still have the Wareout infection. I think there is someone here who can help.....this infection can get things pretty screwed up if you don't take care of it. Probably was a reason your IE got messed up....
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/540030