1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Solved: Get wierd results when i click search results

Discussion in 'Virus & Other Malware Removal' started by Dice08, Dec 15, 2005.

Thread Status:
Not open for further replies.
Advertisement
  1. Dice08

    Dice08 Thread Starter

    Joined:
    Feb 20, 2005
    Messages:
    44
    Hey. Just recently i have been having this problem where when i search for something on google, yahoo, etc. and then click on the page i want to go to i get a completly different page. I go to a different site each time and for me to get to the right page i have to click back then click it again. For example, i searched for "circuit city" on google and then clicked the circuit city main webpage off the list of results. However, i go to a compleltly different website called "http://consumerincentivepromotions.com/rd_p?p=96680&c=8774-ccity250gc_emc_d6&a=2400-3sette." They are usually advertising sites too like that. I have a feeling it has something to do with a srchasst folder in my windows folder because i have tried to delete it (knowing that it has to do with some Searchtoolbar spyware) and it keeps coming back right after i delete it. Any ideas? Here is a HijackThis log.

    Logfile of HijackThis v1.99.1
    Scan saved at 11:51:17 PM, on 12/14/2005
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Microsoft Hardware\Mouse\point32.exe
    C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
    C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe
    C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
    C:\WINDOWS\TEMP\EX4175.EXE
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\HijackThis\HijackThis.exe

    O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [POINTER] point32.exe
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: OfficeScanNT Personal Firewall (OfcPfwSvc) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe
    O23 - Service: OfficeScanNT Listener (tmlisten) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
     
  2. Flrman1

    Flrman1

    Joined:
    Jul 26, 2002
    Messages:
    46,329
    *Download Cleanup from here
    • Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu).
    • Click the Options... button on the right.
    • Move the arrow down to "Custom CleanUp!"
    • Put a check next to the following (Make sure nothing else is checked!):
      • Empty Recycle Bins
      • Delete Cookies
      • Cleanup! All Users
      Click OK
    • DO NOT RUN IT YET


    * Download the trial version of Ewido Security Suite here.
    • Install ewido.
    • During the installation, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
    • Launch ewido
    • It will prompt you to update click the OK button and it will go to the main screen
    • On the left side of the main screen click update
    • Click on Start and let it update.
    • DO NOT run a scan yet. You will do that later in safe mode.

    * Click here for info on how to boot to safe mode if you don't already know how.


    * Now copy these instructions to notepad and save them to your desktop. You will need them to refer to in safe mode.


    * Restart your computer into safe mode now. Perform the following steps in safe mode:


    * Run Ewido:
    • Click on scanner
    • Click Complete System Scan and the scan will begin.
    • During the scan it will prompt you to clean files, click OK
    • When the scan is finished, look at the bottom of the screen and click the Save report button.
    • Save the report to your desktop



    * Run Cleanup:
    • Click on the "Cleanup" button and let it run.
    • Once its done, close the program.


    * Go to Control Panel > Internet Options. Click on the Programs tab then click the "Reset Web Settings" button. Click Apply then OK.


    * Restart back into Windows normally now.


    * Run ActiveScan online virus scan here

    When the scan is finished, save the results from the scan!

    Post a new HiJackThis log along with the results from ActiveScan as well as the log from the Ewido scan.
     
  3. Dice08

    Dice08 Thread Starter

    Joined:
    Feb 20, 2005
    Messages:
    44
    Ok i did everything you said and my internet seems to be working better. Here is the scan report for Ewido:

    ---------------------------------------------------------
    ewido security suite - Scan report
    ---------------------------------------------------------

    + Created on: 10:34:21 PM, 12/15/2005
    + Report-Checksum: 2EC303C9

    + Scan result:

    C:\Documents and Settings\Andrew\Cookies\[email protected][1].txt -> Spyware.Cookie.Statcounter : Cleaned with backup
    C:\WINDOWS\system32\csfhk.exe -> Downloader.Small : Cleaned with backup
    C:\WINDOWS\system32\dmkzt.exe -> Trojan.DNSChanger.aw : Cleaned with backup
    C:\WINDOWS\system32\dzkqjd.exe -> Spyware.Adstart : Cleaned with backup
    C:\WINDOWS\system32\favset.exe -> Trojan.Favadd.an : Cleaned with backup
    C:\WINDOWS\system32\howiper.exe -> Trojan.Qhost.df : Cleaned with backup
    C:\WINDOWS\system32\iyojm.dll -> Spyware.Adstart : Cleaned with backup
    C:\WINDOWS\system32\iyojmd.exe -> Spyware.Adstart : Cleaned with backup
    C:\WINDOWS\system32\pppcgm.exe -> Spyware.Msnagent : Cleaned with backup
    C:\WINDOWS\system32\sphlp32.exe -> Spyware.FindSpy : Cleaned with backup


    ::Report End

    And here is the scan report for the ActiveScan:


    Incident Status Location

    Adware:adware/ideskbar Not disinfected C:\WINDOWS\SYSTEM32\idesk.conf
    Adware:adware/sbsoft Not disinfected C:\WINDOWS\rdt.ini
    Adware:adware/ucmore Not disinfected C:\WINDOWS\ucmoreiex.exe
    Virus:Trj/DNSChanger.BD Not disinfected C:\WINDOWS\system32\hgqhp.exe
    Virus:Trj/Agent.GO Not disinfected C:\WINDOWS\system32\taskmgn.exe

    And the HijackThis log

    Logfile of HijackThis v1.99.1
    Scan saved at 11:32:42 PM, on 12/15/2005
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Microsoft Hardware\Mouse\point32.exe
    C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
    C:\Program Files\ewido\security suite\ewidoctrl.exe
    C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
    C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\TEMP\YX81B4.EXE
    C:\Program Files\HijackThis\HijackThis.exe

    O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [POINTER] point32.exe
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
    O4 - HKLM\..\Run: [dmkzt.exe] C:\WINDOWS\system32\dmkzt.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
    O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: OfficeScanNT Personal Firewall (OfcPfwSvc) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe
    O23 - Service: OfficeScanNT Listener (tmlisten) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
     
  4. Flrman1

    Flrman1

    Joined:
    Jul 26, 2002
    Messages:
    46,329
    ** Before you proceed with the removal directions below you need to turn off MS Anti-Spyware's realtime protection as it will interfere with the changes we are trying to make.

    • Open MS Anti-Spyware and click on Options > Settings.
    • Click on "Realtime Protection" in the left pane.
    • Remove the check by these:
      • Enable the Microsoft Security Agents on startup (recommended)
      • Enable real-time spyware threat protection (recommended)
    • Click "Save"
    • Now right click the MS Anti-spyware icon in your system tray and choose "Shutdown Microsoft Anti-Spyware"
    • Leave it disabled until we are finished here.


    * Run Hijack This again and put a check by these. Close ALL windows except HijackThis and click "Fix checked"

    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

    O4 - HKLM\..\Run: [dmkzt.exe] C:\WINDOWS\system32\dmkzt.exe



    * Restart your computer into safe mode now. Perform the following steps in safe mode:


    * Double-click on Killbox.exe to run it.
    • Put a tick by Standard File Kill.
    • In the "Full Path of File to Delete" box, copy and paste each of the following lines one at a time.
    • Click on the button that has the red circle with the X in the middle after you enter each file.
    • It will ask for confimation to delete the file.
    • Click Yes.
    • Continue with that procedure until you have pasted all of these in the "Paste Full Path of File to Delete" box.
    C:\WINDOWS\SYSTEM32\idesk.conf

    C:\WINDOWS\rdt.ini

    C:\WINDOWS\ucmoreiex.exe

    C:\WINDOWS\system32\hgqhp.exe

    C:\WINDOWS\system32\taskmgn.exe


    Exit the Killbox.


    * Run Cleanup:
    • Click on the "Cleanup" button and let it run.
    • Once its done, close the program.


    * Go to Control Panel > Internet Options.
    Click on the Programs tab then click the "Reset Web Settings" button.
    Click Apply then OK.


    * Restart back into Windows normally now.


    * Run Kaspersky online virus scan here.

    When the scan is finished, Save the results from the scan!

    Post a new HiJackThis log along with the results from Kaspersky scan
     
  5. Dice08

    Dice08 Thread Starter

    Joined:
    Feb 20, 2005
    Messages:
    44
    Here's the Kaspersky Scan:

    -------------------------------------------------------------------------------
    KASPERSKY ON-LINE SCANNER REPORT
    Friday, December 16, 2005 13:42:26
    Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
    Kaspersky On-line Scanner version: 5.0.67.0
    Kaspersky Anti-Virus database last update: 16/12/2005
    Kaspersky Anti-Virus database records: 155552
    -------------------------------------------------------------------------------

    Scan Settings:
    Scan using the following antivirus database: standard
    Scan Archives: true
    Scan Mail Bases: true

    Scan Target - My Computer:
    A:\
    C:\
    D:\

    Scan Statistics:
    Total number of scanned objects: 37198
    Number of viruses found: 6
    Number of infected objects: 31
    Number of suspicious objects: 0
    Duration of the scan process: 3631 sec

    Infected Object Name - Virus Name
    C:\!Submit\taskmgn.exe Infected: Trojan.Win32.Agent.i
    C:\System Volume Information\_restore{CC596F3B-0B7F-47AB-8F98-56F6CA2A65F8}\RP5\A0001186.hta Infected: Trojan-Dropper.VBS.gen
    C:\System Volume Information\_restore{F33743F1-55B2-4F91-BB29-5510CA09D8BD}\RP161\A0041391.exe Infected: Trojan-Downloader.Win32.Agent.uj
    C:\System Volume Information\_restore{F33743F1-55B2-4F91-BB29-5510CA09D8BD}\RP161\A0041399.exe Infected: Trojan.Win32.DNSChanger.aw
    C:\System Volume Information\_restore{F33743F1-55B2-4F91-BB29-5510CA09D8BD}\RP162\A0041616.exe Infected: Trojan-Downloader.Win32.Agent.uj
    C:\System Volume Information\_restore{F33743F1-55B2-4F91-BB29-5510CA09D8BD}\RP162\A0041620.exe Infected: Trojan.Win32.DNSChanger.aw
    C:\System Volume Information\_restore{F33743F1-55B2-4F91-BB29-5510CA09D8BD}\RP164\A0041875.exe Infected: Trojan-Downloader.Win32.Agent.uj
    C:\System Volume Information\_restore{F33743F1-55B2-4F91-BB29-5510CA09D8BD}\RP164\A0041879.exe Infected: Trojan.Win32.DNSChanger.aw
    C:\System Volume Information\_restore{F33743F1-55B2-4F91-BB29-5510CA09D8BD}\RP164\A0042111.exe Infected: Trojan-Downloader.Win32.Agent.uj
    C:\System Volume Information\_restore{F33743F1-55B2-4F91-BB29-5510CA09D8BD}\RP164\A0042115.exe Infected: Trojan.Win32.DNSChanger.aw
    C:\System Volume Information\_restore{F33743F1-55B2-4F91-BB29-5510CA09D8BD}\RP164\A0042171.exe Infected: Trojan-Downloader.Win32.Agent.uj
    C:\System Volume Information\_restore{F33743F1-55B2-4F91-BB29-5510CA09D8BD}\RP164\A0042175.exe Infected: Trojan.Win32.DNSChanger.aw
    C:\System Volume Information\_restore{F33743F1-55B2-4F91-BB29-5510CA09D8BD}\RP165\A0042180.exe Infected: Trojan-Downloader.Win32.Agent.uj
    C:\System Volume Information\_restore{F33743F1-55B2-4F91-BB29-5510CA09D8BD}\RP165\A0042188.exe Infected: Trojan.Win32.DNSChanger.aw
    C:\System Volume Information\_restore{F33743F1-55B2-4F91-BB29-5510CA09D8BD}\RP166\A0042266.exe Infected: Trojan-Downloader.Win32.Agent.uj
    C:\System Volume Information\_restore{F33743F1-55B2-4F91-BB29-5510CA09D8BD}\RP166\A0043266.exe Infected: Trojan-Downloader.Win32.Agent.uj
    C:\System Volume Information\_restore{F33743F1-55B2-4F91-BB29-5510CA09D8BD}\RP166\A0043270.exe Infected: Trojan.Win32.DNSChanger.aw
    C:\System Volume Information\_restore{F33743F1-55B2-4F91-BB29-5510CA09D8BD}\RP167\A0043473.exe Infected: Trojan-Downloader.Win32.Agent.uj
    C:\System Volume Information\_restore{F33743F1-55B2-4F91-BB29-5510CA09D8BD}\RP167\A0044473.exe Infected: Trojan-Downloader.Win32.Agent.uj
    C:\System Volume Information\_restore{F33743F1-55B2-4F91-BB29-5510CA09D8BD}\RP167\A0045473.exe Infected: Trojan-Downloader.Win32.Agent.uj
    C:\System Volume Information\_restore{F33743F1-55B2-4F91-BB29-5510CA09D8BD}\RP167\A0045477.exe Infected: Trojan.Win32.DNSChanger.aw
    C:\System Volume Information\_restore{F33743F1-55B2-4F91-BB29-5510CA09D8BD}\RP169\A0045741.exe Infected: Trojan.Win32.DNSChanger.aw
    C:\System Volume Information\_restore{F33743F1-55B2-4F91-BB29-5510CA09D8BD}\RP169\A0045781.exe Infected: Trojan-Downloader.Win32.Agent.uj
    C:\System Volume Information\_restore{F33743F1-55B2-4F91-BB29-5510CA09D8BD}\RP169\A0045785.exe Infected: Trojan.Win32.DNSChanger.aw
    C:\System Volume Information\_restore{F33743F1-55B2-4F91-BB29-5510CA09D8BD}\RP170\A0046777.exe Infected: Trojan-Downloader.Win32.Agent.uj
    C:\System Volume Information\_restore{F33743F1-55B2-4F91-BB29-5510CA09D8BD}\RP170\A0047780.exe Infected: Trojan.Win32.DNSChanger.aw
    C:\System Volume Information\_restore{F33743F1-55B2-4F91-BB29-5510CA09D8BD}\RP170\A0048781.exe Infected: Trojan-Downloader.Win32.Agent.uj
    C:\System Volume Information\_restore{F33743F1-55B2-4F91-BB29-5510CA09D8BD}\RP170\A0048782.exe Infected: Trojan.Win32.DNSChanger.aw
    C:\System Volume Information\_restore{F33743F1-55B2-4F91-BB29-5510CA09D8BD}\RP170\A0048784.exe Infected: Trojan.Win32.Favadd.an
    C:\System Volume Information\_restore{F33743F1-55B2-4F91-BB29-5510CA09D8BD}\RP170\A0048785.exe Infected: Trojan.Win32.Small.gq
    C:\System Volume Information\_restore{F33743F1-55B2-4F91-BB29-5510CA09D8BD}\RP170\A0050782.exe Infected: Trojan.Win32.Agent.i

    Scan process completed.

    And the HijackThis log:

    Logfile of HijackThis v1.99.1
    Scan saved at 1:44:44 PM, on 12/16/2005
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Microsoft Hardware\Mouse\point32.exe
    C:\Program Files\ewido\security suite\ewidoctrl.exe
    C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
    C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe
    C:\WINDOWS\TEMP\NH6C60.EXE
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\HijackThis\HijackThis.exe

    O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [POINTER] point32.exe
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
    O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/kws/kavwebscan_unicode.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
    O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: OfficeScanNT Personal Firewall (OfcPfwSvc) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe
    O23 - Service: OfficeScanNT Listener (tmlisten) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
     
  6. Flrman1

    Flrman1

    Joined:
    Jul 26, 2002
    Messages:
    46,329
    Click on My Computer. Go to Tools > Folder Options. Click on the View tab and make sure that "Show hidden files and folders" is checked. Also uncheck "Hide protected operating system files" and "Hide extensions for known file types" . Now click "Apply to all folders"
    Click "Apply" then "OK"

    Go to the forum here and upload the C:\Windows\TEMP\NH6C60.EXE file.

    Here are the directions for uploading the file:

    Just click "New Topic", fill in the needed details and post a link to your thread here. Click the "Browse" button. Navigate to the file on your computer. When the file is listed in the window click "Post" to upload the file.

    Don't forget to post a link to your thread here.
     
  7. Dice08

    Dice08 Thread Starter

    Joined:
    Feb 20, 2005
    Messages:
    44
  8. Flrman1

    Flrman1

    Joined:
    Jul 26, 2002
    Messages:
    46,329
    You're clean now then. (y)

    Now turn off System Restore:

    On the Desktop, right-click My Computer.
    Click Properties.
    Click the System Restore tab.
    Check Turn off System Restore.
    Click Apply, and then click OK.

    Restart your computer, turn System Restore back on and create a restore point.

    To create a restore point:

    Single-click Start and point to All Programs.
    Mouse over Accessories, then System Tools, and select System Restore.
    In the System Restore wizard, select the box next the text labeled "Create a restore point" and click the Next button.
    Type a description for your new restore point. Something like "After trojan/spyware cleanup". Click Create and you're done.

    Check this out for info on how to tighten your security settings and some good free tools to help prevent this from happening again.
     
  9. Flrman1

    Flrman1

    Joined:
    Jul 26, 2002
    Messages:
    46,329
    I guess I should have asked if everything was ok first. Is everything OK now?
     
  10. Dice08

    Dice08 Thread Starter

    Joined:
    Feb 20, 2005
    Messages:
    44
    Yeah the internet problem seems to be fixed. Thanks a bunch.
     
  11. Flrman1

    Flrman1

    Joined:
    Jul 26, 2002
    Messages:
    46,329
    My Pleasure! :)
     
  12. Flrman1

    Flrman1

    Joined:
    Jul 26, 2002
    Messages:
    46,329
    Since this problem has been solved, I'm closing this thread. If you need it reopened please PM me or one of the other mods.

    Anyone else with a similar problem please start a "New Thread".
     
  13. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/425174

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice