Tech Support Guy banner
  • IMPORTANT: Only authorized members may reply to threads in this forum due to the complexity of the malware removal process. Authorized members include Malware Specialists and Trainees, Administrators, Moderators, and Trusted Advisors. Regular members are not permitted to reply, and any such posts will be deleted without notice or further explanation. Notice
Status
Not open for further replies.

Solved: Please help- computer infected

2K views 18 replies 2 participants last post by  cybertech 
#1 ·
Hello all,

My computer looks to be infected with all sorts of stuuf, but I'm afraid I don't know enough about PCs to describe it very well!

I have run the hijack log thing and this is what it gives, if anyone can help, I would appreciate it very much!

Thanks,

belinda

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:40:38, on 12/07/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\SM1BG.EXE
C:\Program Files\CyberLink\PowerCinema\PCMService.exe
C:\program files\Mastercare\hscupdate\HSCTray.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
c:\program files\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\mcafee.com\mps\mscifapp.exe
C:\PROGRA~1\mcafee\SPAMKI~1\mskagent.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Creative\SBAudigy4\DVDAudio\CTDVDDET.EXE
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
C:\Program Files\Creative\SBAudigy4\Surround Mixer\CTSysVol.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Creative\SBAudigy4\Entertainment Center\RcMan.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\RALINK\RT2500 Wireless LAN Card\Installer\WINXP\RaConfig2500.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows NT\Accessories\wordpad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bbc.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\program files\mcafee.com\mps\mcbrhlpr.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: McAfee PopupKiller - {3EC8255F-E043-4cae-8B3B-B191550C2A22} - c:\program files\mcafee.com\mps\popupkiller.dll
O2 - BHO: McAfee AntiPhishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\PROGRA~1\mcafee\SPAMKI~1\mcapfbho.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [Workflow] E:\Workflow.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SM1BG] C:\WINDOWS\SM1BG.EXE
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PicasaNet] "C:\Program Files\Hello\Hello.exe" -b
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\CyberLink\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [HSCUpdate] "c:\program files\Mastercare\hscupdate\HSCTray.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [MSKDetectorExe] "C:\PROGRA~1\McAfee\SPAMKI~1\MskDetct.exe" /startup
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "C:\Program Files\McAfee.com\VSO\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MPSExe] "c:\PROGRA~1\mcafee.com\mps\mscifapp.exe" /embedding
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\mcafee\SPAMKI~1\mskagent.exe
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\SBAudigy4\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [CTSysVol] "C:\Program Files\Creative\SBAudigy4\Surround Mixer\CTSysVol.exe" /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [McafWelcome] C:\Program Files\McAfee.com\Agent\mcwelcom.exe
O4 - HKLM\..\Run: [OASClnt] "C:\Program Files\McAfee.com\VSO\oasclnt.exe"
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [SpywareBot] "C:\Program Files\SpywareBot\SpywareBot.exe" -boot
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKCU\..\Run: [MSKAGENTEXE] c:\PROGRA~1\mcafee\SPAMKI~1\mskagent.exe
O4 - HKCU\..\Run: [Power2GoExpress] NA
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [RemoteCenter] "C:\Program Files\Creative\SBAudigy4\Entertainment Center\RcMan.exe"
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_5 -reboot 1
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - .DEFAULT User Startup: Power2Go Express.lnk = C:\Program Files\CyberLink\Power2Go\Power2GoExpress.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: CPRun.lnk = C:\Freeline\CPRun.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: STA-AP.lnk = C:\Program Files\RALINK\RT2500 Wireless LAN Card\Installer\WINXP\RaConfig2500.exe
O15 - Trusted Zone: *.beatport.com
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/en-gb/4,0,0,90/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.mail.live.com/mail/w1/resources/MSNPUpld.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/en-gb/1,0,0,23/mcgdmgr.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{7F73A7FF-337B-4CC3-BECA-6A54DF834730}: NameServer = 195.10.102.11 195.10.102.12
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O24 - Desktop Component 0: (no name) - http://www.gov.im/lib/images/iomfinance/landscapes/maughold.jpg
O24 - Desktop Component 3: Security - C:\DOCUME~1\Paul\LOCALS~1\Temp\desktop.htm

--
End of file - 11776 bytes
 
See less See more
#3 ·
Hi there!

I think there's something up because the CPU is running relly fast (fan is always on and it sometimes shows 60-100% usage, even when nothing is running.

Also , some USB stuff I have lieka web cam has stopped working.

And...in the processes log (when I hit Ctrl Alt and Del) there are 101+ .exe files running.

In short, it's screwed!!

Can something be in here that wouldn't show on the log?

Thanks for the reply!

bindi
 
#4 ·
Download WinPFind3U.exe to your Desktop and double-click on it to extract the files. It will create a folder named WinPFind3u on your desktop.

Open the WinPFind3u folder and double-click on WinPFind3U.exe to start the program.
  • In the Processes group click ALL
  • In the Win32 Services group click ALL
  • In the Driver Services group click ALL
  • In the Registry group click ALL
  • In the Files Created Within group click 60 days Make sure Non-Microsoft only is UNCHECKED
  • In the Files Modified Within group select 30 days Make sure Non-Microsoft only is UNCHECKED
  • In the File String Search group select ALL
  • in the Additional scans sections please press select ALL
  • Now click the Run Scan button on the toolbar.
  • The program will be scanning huge amounts of data so depending on your system it could take a long time to complete. Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Save that notepad file but click on the "Format" menu and make sure that "word wrap" is not checked. If it is then click on it to uncheck it.
Please post the resulting log here as an attachment.

  • Click on the orange Post a Reply! button
  • scroll down to Manage Attachments
  • Click in the box that says Upload File from your Computer
  • Click the Browse... button and find the file then click open
  • Click the Upload button
  • Wait until you see Current Attachment and your file name
  • Click on Close this window
  • Then submit the reply.
 
#6 ·
I see a lot of errors related to your CDRom so if you have something in there that you are not using take it out.

Is your McAfee up to date?

Go to Add/Remove Programs and remove these:
Kazaa
BitTorrent 4.2.1
SpywareBot
Hijackthis 1.99.1


Run HJT again and put a check in the following:

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

Close all applications and browser windows before you click "fix checked".

Click Start - Run, type in MSCONFIG, then click OK - "Startup" tab. Remove the checkmark from:

QuickTime Task qttask.exe

TkBellExe realsched.exe

UpdReg UpdReg.EXE

Click Apply - OK afterwards, then reboot. When the SCU window appears during reboot, ignore the message. Place a checkmark in the window, then click OK.

Let me know if that helps or what you find related to my questions.

I don't see any signs of infection or malware.
 
#7 ·
hi again.

yeah- there was a CD in the drive, which I have taken out.

Deleted Bittorrent and hijackthis, but teh other two (Kazaa and SpywareBot weren't on the list in Add/Remove programs [howecer, I saw that Sptware Bot was on the STARTUP tab when I typed MSCONFIG]).

i just bought McAfee v8 last week, which is showing up nothing.

Have done everything as instructed. After booting up, I pressed Ctrl, Alt+Del, and there were 57 processes running in that tab. Is that normal?? All .exe files, but- whie I'm typing this- only Notepad open.

Also, if I press Ctrl + Tab, there is a mysterious program running, but it looks to be in the background. It only shows up as a small grey rectangle on the screen. CPU running at 50% at the moment...

Please advise.

Thanks,

bindi
 
#8 ·
57 processes sounds reasonable.

I'm curious about the grey box...

Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 only

  • Double-click ATF-Cleaner.exe to run the program.
    Under Main choose: Select All
    Click the Empty Selected button.

Click Exit on the Main menu to close the program.

Download and scan with SUPERAntiSpyware Free for Home Users
  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
  • Under "Configuration and Preferences", click the Preferences button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.
  • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply with a new hijackthis log.
  • Click Close to exit the program.
 
#9 ·
hi- here are the 2 logs:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 07/14/2007 at 10:54 PM

Application Version : 3.9.1008

Core Rules Database Version : 3269
Trace Rules Database Version: 1280

Scan type : Complete Scan
Total Scan Time : 02:47:38

Memory items scanned : 577
Memory threats detected : 0
Registry items scanned : 6926
Registry threats detected : 4
File items scanned : 95167
File threats detected : 89

Adware.Tracking Cookie
C:\Documents and Settings\Paul\Cookies\paul@imrworldwide[2].txt
C:\Documents and Settings\Paul\Cookies\paul@doubleclick[1].txt

Adware.ZToolbar
C:\WINDOWS\system32\azebar.xml

Browser Hijacker.Favorites
C:\Documents and Settings\Paul\Favorites\Favorites\Cars.url
C:\Documents and Settings\Paul\Favorites\Favorites\Domain Names.url
C:\Documents and Settings\Paul\Favorites\Favorites\Finance.url
C:\Documents and Settings\Paul\Favorites\Favorites\Games.url
C:\Documents and Settings\Paul\Favorites\Favorites\Humor.url
C:\Documents and Settings\Paul\Favorites\Favorites\Movies.url
C:\Documents and Settings\Paul\Favorites\Favorites\Music and Movies
C:\Documents and Settings\Paul\Favorites\Favorites\Music and Movies\Albums.url
C:\Documents and Settings\Paul\Favorites\Favorites\Music and Movies\Artists.url
C:\Documents and Settings\Paul\Favorites\Favorites\Music and Movies\AudioBooks.url
C:\Documents and Settings\Paul\Favorites\Favorites\Music and Movies\Collections.url
C:\Documents and Settings\Paul\Favorites\Favorites\Music and Movies\Mp3 Search.url
C:\Documents and Settings\Paul\Favorites\Favorites\Music and Movies\New releases.url
C:\Documents and Settings\Paul\Favorites\Favorites\Music and Movies\Ratings.url
C:\Documents and Settings\Paul\Favorites\Favorites\Music and Movies\Soundtracks.url
C:\Documents and Settings\Paul\Favorites\Favorites\Online Pharmacy.url
C:\Documents and Settings\Paul\Favorites\Favorites\Sex Personals.url
C:\Documents and Settings\Paul\Favorites\Favorites\Sports.url
C:\Documents and Settings\Paul\Favorites\Favorites\Spyware Removers
C:\Documents and Settings\Paul\Favorites\Favorites\Spyware Removers\Raze Spyware.url
C:\Documents and Settings\Paul\Favorites\Favorites\Spyware Removers\Reg Freeze.url
C:\Documents and Settings\Paul\Favorites\Favorites\Viagra.url
C:\Documents and Settings\Paul\Favorites\Favorites\Weather.url
C:\Documents and Settings\Paul\Favorites\Favorites\Web Hosting.url
C:\Documents and Settings\Paul\Favorites\Games\Carnival Casino.url
C:\Documents and Settings\Paul\Favorites\Games\Club Dice Casino.url
C:\Documents and Settings\Paul\Favorites\Games\New York Casino.url
C:\Documents and Settings\Paul\Favorites\Games\USA Casino.url
C:\Documents and Settings\Paul\Favorites\Games\You Bingo.url
C:\Documents and Settings\Paul\Favorites\Games\Gambling\Aces & Faces.url
C:\Documents and Settings\Paul\Favorites\Games\Gambling\Baccarat.url
C:\Documents and Settings\Paul\Favorites\Games\Gambling\Black Jack.url
C:\Documents and Settings\Paul\Favorites\Games\Gambling\Caribbean Poker.url
C:\Documents and Settings\Paul\Favorites\Games\Gambling\Casino War.url
C:\Documents and Settings\Paul\Favorites\Games\Gambling\Cinerama.url
C:\Documents and Settings\Paul\Favorites\Games\Gambling\Craps.url
C:\Documents and Settings\Paul\Favorites\Games\Gambling\Deuces Wild.url
C:\Documents and Settings\Paul\Favorites\Games\Gambling\Diamond Valley.url
C:\Documents and Settings\Paul\Favorites\Games\Gambling\Fruit Mania.url
C:\Documents and Settings\Paul\Favorites\Games\Gambling\Gold Rally.url
C:\Documents and Settings\Paul\Favorites\Games\Gambling\Jacks or Better.url
C:\Documents and Settings\Paul\Favorites\Games\Gambling\Magic Slots.url
C:\Documents and Settings\Paul\Favorites\Games\Gambling\Mega Jacks.url
C:\Documents and Settings\Paul\Favorites\Games\Gambling\Pai Gow Poker.url
C:\Documents and Settings\Paul\Favorites\Games\Gambling\Red Dog Poker.url
C:\Documents and Settings\Paul\Favorites\Games\Gambling\Roulette.url
C:\Documents and Settings\Paul\Favorites\Games\Gambling\SafeCracer.url
C:\Documents and Settings\Paul\Favorites\Games\Gambling\Sic Bo.url
C:\Documents and Settings\Paul\Favorites\Games\Gambling\Wall St. Fever.url
C:\Documents and Settings\Paul\Favorites\Games\Monaco Gold Casino.url
C:\Documents and Settings\Paul\Favorites\Travel\Adventure Travel.url
C:\Documents and Settings\Paul\Favorites\Travel\Air Travel.url
C:\Documents and Settings\Paul\Favorites\Travel\Business Travel.url
C:\Documents and Settings\Paul\Favorites\Travel\Discount Travel.url
C:\Documents and Settings\Paul\Favorites\Travel\Food.url
C:\Documents and Settings\Paul\Favorites\Travel\Hawaii Travel.url
C:\Documents and Settings\Paul\Favorites\Travel\Lodging.url
C:\Documents and Settings\Paul\Favorites\Travel\London Travel.url
C:\Documents and Settings\Paul\Favorites\Travel\Travel Agent.url
C:\Documents and Settings\Paul\Favorites\Travel\Travel Insurance.url
C:\Documents and Settings\Paul\Favorites\Travel\Travel package.url
C:\Documents and Settings\Paul\Favorites\Travel\Travel Reservation.url
C:\Documents and Settings\Paul\Favorites\Travel\Travel Spain.url
C:\Documents and Settings\Paul\Favorites\Travel\Travel Web site.url
C:\Documents and Settings\Paul\Favorites\Travel\Vacation Cruises.url
C:\Documents and Settings\Paul\Favorites\Travel\Vacations.url
C:\Documents and Settings\Paul\Favorites\Pharmacy\Carisoprodol.url
C:\Documents and Settings\Paul\Favorites\Pharmacy\Celebrex.url
C:\Documents and Settings\Paul\Favorites\Pharmacy\Cialis.url
C:\Documents and Settings\Paul\Favorites\Pharmacy\Crestor.url
C:\Documents and Settings\Paul\Favorites\Pharmacy\Levitra.url
C:\Documents and Settings\Paul\Favorites\Pharmacy\Lipitor.url
C:\Documents and Settings\Paul\Favorites\Pharmacy\Neurontin.url
C:\Documents and Settings\Paul\Favorites\Pharmacy\Online Pharmacy.url
C:\Documents and Settings\Paul\Favorites\Pharmacy\Paxil.url
C:\Documents and Settings\Paul\Favorites\Pharmacy\Phentermine.url
C:\Documents and Settings\Paul\Favorites\Pharmacy\Tramadol.url
C:\Documents and Settings\Paul\Favorites\Pharmacy\Water Phentermine.url
C:\Documents and Settings\Paul\Favorites\Pharmacy\Xanax.url
C:\Documents and Settings\Paul\Favorites\Pharmacy\Zocor.url
C:\Documents and Settings\Paul\Favorites\Pharmacy\Zoloft.url
C:\Documents and Settings\Paul\Favorites\Pharmacy

Adware.IST/ISTBar (Slotch Bar)
HKU\S-1-5-21-203771874-1434494221-4040243682-1007\Software\Microsoft\Internet Explorer\Main#BandRest [ Never ]
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main#BandRest [ Never ]

Unclassified.SpywareBot (Not A Threat)
HKU\S-1-5-21-203771874-1434494221-4040243682-1007\Software\SpywareBot
HKLM\Software\Microsoft\Windows\CurrentVersion\Run#spywarebot [ "C:\Program Files\SpywareBot\SpywareBot.exe" -boot ]

Adware.TrustInCash
C:\WINDOWS\ADULT.ICO
C:\WINDOWS\CASINO.ICO
C:\WINDOWS\SPYWAREREMOVAL.ICO

Adware.Unknown Origin
C:\WINDOWS\SHOPPING.ICO

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:43:43, on 15/07/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\SM1BG.EXE
C:\Program Files\CyberLink\PowerCinema\PCMService.exe
C:\program files\Mastercare\hscupdate\HSCTray.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
c:\program files\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\mcafee.com\mps\mscifapp.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Creative\SBAudigy4\DVDAudio\CTDVDDET.EXE
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\Program Files\Creative\SBAudigy4\Surround Mixer\CTSysVol.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\WINDOWS\WebCam\M1000\M1000Mnt.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Creative\SBAudigy4\Entertainment Center\RcMan.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\wuauclt.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\RALINK\RT2500 Wireless LAN Card\Installer\WINXP\RaConfig2500.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows NT\Accessories\WORDPAD.EXE
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bbc.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\program files\mcafee.com\mps\mcbrhlpr.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: McAfee PopupKiller - {3EC8255F-E043-4cae-8B3B-B191550C2A22} - c:\program files\mcafee.com\mps\popupkiller.dll
O2 - BHO: McAfee AntiPhishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\PROGRA~1\mcafee\SPAMKI~1\mcapfbho.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [Workflow] E:\Workflow.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SM1BG] C:\WINDOWS\SM1BG.EXE
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PicasaNet] "C:\Program Files\Hello\Hello.exe" -b
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\CyberLink\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [HSCUpdate] "c:\program files\Mastercare\hscupdate\HSCTray.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [MSKDetectorExe] "C:\PROGRA~1\McAfee\SPAMKI~1\MskDetct.exe" /startup
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "C:\Program Files\McAfee.com\VSO\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MPSExe] "c:\PROGRA~1\mcafee.com\mps\mscifapp.exe" /embedding
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\mcafee\SPAMKI~1\mskagent.exe
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\SBAudigy4\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [CTSysVol] "C:\Program Files\Creative\SBAudigy4\Surround Mixer\CTSysVol.exe" /r
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [McafWelcome] C:\Program Files\McAfee.com\Agent\mcwelcom.exe
O4 - HKLM\..\Run: [OASClnt] "C:\Program Files\McAfee.com\VSO\oasclnt.exe"
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [MSConfig] "C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" /auto
O4 - HKLM\..\Run: [M1000Mnt] M1000Rmv.exe /StartStillMnt
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [MSKAGENTEXE] c:\PROGRA~1\mcafee\SPAMKI~1\mskagent.exe
O4 - HKCU\..\Run: [Power2GoExpress] NA
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [RemoteCenter] "C:\Program Files\Creative\SBAudigy4\Entertainment Center\RcMan.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - .DEFAULT User Startup: Power2Go Express.lnk = C:\Program Files\CyberLink\Power2Go\Power2GoExpress.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: CPRun.lnk = C:\Freeline\CPRun.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: STA-AP.lnk = C:\Program Files\RALINK\RT2500 Wireless LAN Card\Installer\WINXP\RaConfig2500.exe
O15 - Trusted Zone: *.beatport.com
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/en-gb/4,0,0,90/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.mail.live.com/mail/w1/resources/MSNPUpld.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/en-gb/1,0,0,23/mcgdmgr.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{7F73A7FF-337B-4CC3-BECA-6A54DF834730}: NameServer = 195.10.102.11 195.10.102.12
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O24 - Desktop Component 0: (no name) - http://www.gov.im/lib/images/iomfinance/landscapes/maughold.jpg
O24 - Desktop Component 3: Security - C:\DOCUME~1\Paul\LOCALS~1\Temp\desktop.htm

--
End of file - 11523 bytes

thanks a million!

bindi
 
#12 ·
Must have been.

SUPERAntiSpyware is a trial version so you can keep that until the trial is over and then uninstall.

It's a good idea to Flush your System Restore after removing malware:
Turn off system restore and then turn it back on: http://support.microsoft.com/kb/310405

Here are some additional links for you to check out to help you with your computer security.

Secunia software inspector & update checker

Good free tools and advice on how to tighten your security settings.

Security Help Tools
 
#13 ·
Hi.

Sorry, I was a bit quick in saying that the grey box had gone. It is back.

It shows no sign of running on the taskbar or in Task Manager, but pressing Ctrl + Tab to cycle through running programs reveals that something is there.

CPU usage was running at 100% about 5 minutes ago.

Is there something else that could be used to blast this thing?

Thanks,

bindi
 
#15 ·
I will do, however annoyingly, it has not appeared for a couple of days. I am beninning to develop one of those irrational beliefs that the computer is out to get me. CPU often still running at 100%.

As soon as it makes an appearance, I'll print screen and send it over.

Cheers,

bindi
 
#19 ·
See if you can post it here as an attachment.

  • Click on the orange Post a Reply! button
  • scroll down to Manage Attachments
  • Click in the box that says Upload File from your Computer
  • Click the Browse... button and find the file then click open
  • Click the Upload button
  • Wait until you see Current Attachment and your file name
  • Click on Close this window
  • Then submit the reply.
 
Status
Not open for further replies.
You have insufficient privileges to reply here.
Top