1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Solved: system infected with spyware/virus/trojans

Discussion in 'Virus & Other Malware Removal' started by dinok159, Jul 1, 2007.

Thread Status:
Not open for further replies.
Advertisement
  1. dinok159

    dinok159 Thread Starter

    Joined:
    Jul 1, 2007
    Messages:
    5
    Hi All,

    I wish i was writing under happier cirumstances but unfortuntaely I am not. Since last night system has been taken over by various pop ups for the following: drivecleaner, privacy protector, helpyourpcnow, winantiviruspro, amaena.com, systemdoctor etc.

    I have installed and run spyware dcotor with anti virus which seems to pick them up, but when I reboot, everything is back again. I have attatched a spyware doctor report and also the hijack this report is below.

    I hope someone can help!

    Logfile of Trend Micro HijackThis v2.0.0 (BETA)
    Scan saved at 2:13:11 PM, on 7/1/2007
    Platform: Windows XP (WinNT 5.01.2600)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
    C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
    C:\WINDOWS\System32\MSTMON_S.EXE
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\Program Files\Spyware Doctor\SDTrayApp.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\Program Files\Spyware Doctor\svcntaux.exe
    C:\Program Files\Spyware Doctor\swdsvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\wdfmgr.exe
    C:\Program Files\Microsoft Office\Office\OUTLOOK.EXE
    C:\Program Files\BT Business Hub\Wireless Configuration\WirelessDaemon.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Java\jre1.5.0_11\bin\jucheck.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\David\Desktop\HiJackThis_v2.exe
    C:\WINDOWS\System32\wbem\wmiprvse.exe
    C:\WINDOWS\System32\cmd.exe
    C:\WINDOWS\system32\cscript.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://gomyron.com/NjU2NA==/2/3560/homepage/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.bbc.co.uk
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.bbc.co.uk
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: MSVPS System - {49CF52D7-8D58-4E22-A874-AAD721F5B523} - C:\WINDOWS\ddesupport.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [KONICA MINOLTA magicolor 2400W STD] C:\WINDOWS\System32\MSTMON_S.EXE STARTUP
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [SpyHunter] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe
    O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
    O4 - Startup: Check for TWS Updates.lnk = C:\Jts\WiseUpdt.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
    O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) - http://www.linkedin.com/cab/LinkedInContactFinderControl.cab
    O16 - DPF: {7A0D1738-10EA-47FF-92BE-4E137B5BE1A4} (Stm Class) - http://affiliates.bookmaker.com/Iovation/StmOCXiovation.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://flashcasino.ladbrokes.com/instant-play-en/FlashAX.cab
    O21 - SSODL: msole - {DC9709F3-7662-439F-B0A8-AEFB5B4DC98E} - C:\WINDOWS\msole.dll
    O21 - SSODL: msdde - {F63565C4-ABDB-41CC-80C8-DB5F95EC5A8C} - C:\WINDOWS\msdde.dll
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe (file missing)
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - Unknown owner - C:\Program Files\Spyware Doctor\svcntaux.exe
    O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
    O23 - Service: Wireless Adapter Configurator - Unknown owner - C:\Program Files\BT Business Hub\Wireless Configuration\WirelessDaemon.exe

    --
    End of file - 7130 bytes
     

    Attached Files:

  2. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    Download http://downloads.andymanchesta.com/RemovalTools/SDFix.exe and save it to your Desktop.

    Double click SDFix.exe and it will extract the files to %systemdrive%
    (Drive that contains the Windows Directory, typically C:\SDFix)

    Please then reboot your computer in Safe Mode by doing the following :
    · Restart your computer
    · After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
    · Instead of Windows loading as normal, the Advanced Options Menu should appear;
    · Select the first option, to run Windows in Safe Mode, then press Enter.
    · Choose your usual account.
    · Open the extracted SDFix folder and double click RunThis.bat to start the script.
    · Type Y to begin the cleanup process.
    · It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
    · Press any Key and it will restart the PC.
    · When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
    · Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
    (Report.txt will also be copied to Clipboard ready for posting back on the forum).
    · Finally paste the contents of the Report.txt back on the forum with a new HijackThis log
    ================
    Download Superantispyware (SAS) free home version

    http://www.superantispyware.com/superantispywarefreevspro.html

    Install it and double-click the icon on your desktop to run it.
    · It will ask if you want to update the program definitions, click Yes.
    · Under Configuration and Preferences, click the Preferences button.
    · Click the Scanning Control tab.
    · Under Scanner Options make sure the following are checked:
    o Close browsers before scanning
    o Scan for tracking cookies
    o Terminate memory threats before quarantining.
    o Please leave the others unchecked.
    o Click the Close button to leave the control center screen.
    · On the main screen, under Scan for Harmful Software click Scan your computer.
    · On the left check C:\Fixed Drive.
    · On the right, under Complete Scan, choose Perform Complete Scan.
    · Click Next to start the scan. Please be patient while it scans your computer.
    · After the scan is complete a summary box will appear. Click OK.
    · Make sure everything in the white box has a check next to it, then click Next.
    · It will quarantine what it found and if it asks if you want to reboot, click Yes.
    · To retrieve the removal information for me please do the following:
    o After reboot, double-click the SUPERAntispyware icon on your desktop.
    o Click Preferences. Click the Statistics/Logs tab.
    o Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    o It will open in your default text editor (such as Notepad/Wordpad).
    o Please highlight everything in the notepad, then right-click and choose copy.
    · Click close and close again to exit the program.
    · Please paste that information here for me with a new HijackThis log.

    This will take some time!!!!!!!!
     
  3. dinok159

    dinok159 Thread Starter

    Joined:
    Jul 1, 2007
    Messages:
    5
    Hi, thanks for replying,

    Before I follow your instruction, I noticed on another post you said that one guts problem could be that he was running more than 1 AV, I'm only running one AV, but in my feeble efforts to try and solve this I have x3 spyware software set up, is this a problem?
     
  4. dinok159

    dinok159 Thread Starter

    Joined:
    Jul 1, 2007
    Messages:
    5
    Hi there,

    I've done this 1st bit, here are the files. The dodgy icons have gobe from my desktop

    SD Fix Report:

    SDFix: Version 1.88

    Run by David on Sun 07/01/2007 at 07:55 PM

    Microsoft Windows XP [Version 5.1.2600]

    Running From: C:\SDFix

    Safe Mode:
    Checking Services:






    Restoring Windows Registry Values
    Restoring Windows Default Hosts File

    Rebooting...


    Normal Mode:
    Checking Files:

    Below files will be copied to Backups folder then removed:

    C:\Documents and Settings\David\Desktop\Error Cleaner.url - Deleted
    C:\Documents and Settings\David\Favorites\Error Cleaner.url - Deleted
    C:\Documents and Settings\David\Desktop\Privacy Protector.url - Deleted
    C:\Documents and Settings\David\Favorites\Privacy Protector.url - Deleted
    C:\Documents and Settings\David\Desktop\Spyware&Malware Protection.url - Deleted
    C:\Documents and Settings\David\Favorites\Spyware&Malware Protection.url - Deleted
    C:\WINDOWS\avp.exe - Deleted
    C:\WINDOWS\dat.txt - Deleted
    C:\WINDOWS\ddesupport.dll - Deleted
    C:\WINDOWS\main_uninstaller.exe - Deleted
    C:\WINDOWS\mgrs.exe - Deleted
    C:\WINDOWS\msdde.dll - Deleted
    C:\WINDOWS\msole.dll - Deleted
    C:\WINDOWS\rs.txt - Deleted



    Removing Temp Files...

    ADS Check:

    Checking C:\WINDOWS
    C:\WINDOWS
    No streams found.

    Checking C:\WINDOWS\system32
    C:\WINDOWS\system32
    No streams found.

    Checking C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    No streams found.

    Checking C:\WINDOWS\system32\ntoskrnl.exe
    C:\WINDOWS\system32\ntoskrnl.exe
    No streams found.



    Final Check:

    Remaining Services:
    ------------------



    Authorized Application Key Export:

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

    Remaining Files:
    ---------------

    Backups Folder: - C:\SDFix\backups\backups.zip

    Listing Files with Hidden Attributes:

    C:\Documents and Settings\David\NetHood\travelinsurance on www.moneysupermarket.com\Desktop.ini
    C:\Program Files\Common Files\Adobe\ESD\DLMCleanup.exe

    Listing User Accounts:


    Administrator David Guest
    HelpAssistant SUPPORT_388945a0


    Finished


    HJT report:

    Logfile of Trend Micro HijackThis v2.0.0 (BETA)Scan saved at 8:02:18 PM, on 7/1/2007Platform: Windows XP (WinNT 5.01.2600)Boot mode: Normal Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\System32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\System32\alg.exeC:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exeC:\PROGRA~1\Grisoft\AVG7\avgamsvr.exeC:\PROGRA~1\Grisoft\AVG7\avgupsvc.exeC:\Program Files\Spyware Doctor\svcntaux.exeC:\Program Files\Spyware Doctor\swdsvc.exeC:\Program Files\Spyware Doctor\SDTrayApp.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\wdfmgr.exeC:\Program Files\BT Business Hub\Wireless Configuration\WirelessDaemon.exeC:\WINDOWS\System32\wbem\wmiprvse.exeC:\PROGRA~1\Grisoft\AVG7\avgcc.exeC:\Program Files\Java\jre1.5.0_11\bin\jusched.exeC:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exeC:\WINDOWS\System32\MSTMON_S.EXEC:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exeC:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeC:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exeC:\Documents and Settings\David\Desktop\HiJackThis_v2.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.bbc.co.ukR0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.bbc.co.ukO2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dllO2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dllO2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dllO3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocxO3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dllO3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dllO4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUPO4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"O4 - HKLM\..\Run: [KONICA MINOLTA magicolor 2400W STD] C:\WINDOWS\System32\MSTMON_S.EXE STARTUPO4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimizedO4 - HKLM\..\Run: [SpyHunter] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exeO4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /backgroundO4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeO4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')O4 - Startup: Check for TWS Updates.lnk = C:\Jts\WiseUpdt.exeO4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exeO4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXEO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dllO16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CABO16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) - http://www.linkedin.com/cab/LinkedInContactFinderControl.cabO16 - DPF: {7A0D1738-10EA-47FF-92BE-4E137B5BE1A4} (Stm Class) - http://affiliates.bookmaker.com/Iovation/StmOCXiovation.cabO16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cabO16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://flashcasino.ladbrokes.com/instant-play-en/FlashAX.cabO22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dllO22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dllO23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exeO23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe (file missing)O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exeO23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exeO23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exeO23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeO23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - Unknown owner - C:\Program Files\Spyware Doctor\svcntaux.exeO23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exeO23 - Service: Wireless Adapter Configurator - Unknown owner - C:\Program Files\BT Business Hub\Wireless Configuration\WirelessDaemon.exe --End of file - 6579 bytesLoading... No message is selected
    Click any message to view it in the reading pane. Attachments, pictures, and links from unknown senders are blocked to help protect your privacy and safety.

    To show messages automatically when you select a folder, change your reading pane settings
    1 message is selected
    Mark as safe | Mark as unsafe
    Show Cc & Bcc From: To...
    To...
    Cc...
    Cc...
    Bcc...
    Bcc...
    Subject:

    Attachments:

    Your sent message won't be saved. Save sent messages
    Scanning & uploading More information | Cancel
    Message body
    Loading... To add photos to your message, first click on the folder where they are stored. Select the photos you'd like to add, and then click Upload Now. Your photos will be reduced in size so they are at most 600 pixels wide or tall. To send full-size photos, click Cancel and use Attach Files.
    Import contacts
    Multiple contacts are selected.Hi, andrew!Sunday, July 1

    Mailbox usage: 1% of 2 GB Get newsletters You're using the full version of Windows Live Hotmail.
    Click here to try the classic version, which is good for slow connections.
    MSN TodayRecent updatesHoe, Hoe, Hoe
    It's hardly the weather for actual gardening, so why not try a spot of virtual horticulture? This ace sim game allows you to grow, tend and sell your own!
    Also on MSN Today

    Ogre and out: why third Shrek film should be the last
    From Lara to Lemmings: the greatest gaming icons
    The Simpsons Movie: should they have bothered?
    Reasons 40 has become the new 30
    Fib or fab: unlikely weight-loss wonder trends
    Butt Out
    That's it. From today smoking is illegal in almost every enclosed public space - more than enough reason, for those afflicted by the habit, to quit the weed for good.
    Newsletters and featured offers
    Get the latest right to your inbox!
    Manage your subscriptions
    Contacts
    Recently updated contacts (0)
    You have no contacts.
    Click here to add contacts.
    Spaces
    Recently updated spaces (0)
    You have no contacts.
    Click here to add contacts.

    Contacts
    Contacts
    Find messages with this subject (in all folders):
    Find messages with this sender (in all folders):
    Find Reading pane settings
    Right
    Bottom
    Off
    Sort contacts
    Last, First
    First Last
    Last, First (Company)
    Company (Last, First)
    Import contacts
    Export contacts
    Themes
    Windows Live
    Blue
    Red
    Black
    Silver
    Pink
    Green
    Purple
    Orange
    Turn-off Tips
    Re-activate Tips
    © 2007 Microsoft
    Legal
    Send us feedback
    More options...Rename folder...
    Delete folder
    Empty folder
    New folder...Message...
    Folder...
    Contact...
    Group...Reply
    Reply all
    Forward
    Mark as read
    Mark as unread
    Delete
    Junk
    Print
    View source[New folder...]
    Inbox
    Junk
    Drafts
    Sent
    DeletedSort by
    Date
    From
    Subject
    Size
    Show only messages
    With subject...
    From sender...
    With attachmentsFile
    PhotoSpell check on
    Spell check offE-mail group
    Rename group
    Delete group
    New group...[New group...]


    cheers for this.
     
  5. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    Keep going - do SAS and then post its log and a new HiJack log
     
  6. dinok159

    dinok159 Thread Starter

    Joined:
    Jul 1, 2007
    Messages:
    5
    ok, boss. here we go:

    SUPERAntiSpyware Scan Log
    http://www.superantispyware.com

    Generated 07/01/2007 at 09:21 PM

    Application Version : 3.9.1008

    Core Rules Database Version : 3263
    Trace Rules Database Version: 1274

    Scan type : Complete Scan
    Total Scan Time : 00:52:37

    Memory items scanned : 378
    Memory threats detected : 0
    Registry items scanned : 4303
    Registry threats detected : 37
    File items scanned : 42108
    File threats detected : 39

    Adware.Tracking Cookie
    C:\Documents and Settings\David\Cookies\[email protected][2].txt
    C:\Documents and Settings\David\Cookies\[email protected][1].txt
    C:\Documents and Settings\David\Cookies\[email protected][1].txt
    C:\Documents and Settings\David\Cookies\[email protected][2].txt
    C:\Documents and Settings\David\Cookies\[email protected][1].txt
    C:\Documents and Settings\David\Cookies\[email protected][1].txt
    C:\Documents and Settings\David\Cookies\[email protected][1].txt
    C:\Documents and Settings\David\Cookies\[email protected][2].txt
    C:\Documents and Settings\David\Cookies\[email protected][3].txt
    C:\Documents and Settings\David\Cookies\[email protected][1].txt
    C:\Documents and Settings\David\Cookies\[email protected][1].txt
    C:\Documents and Settings\David\Cookies\[email protected][1].txt
    C:\Documents and Settings\David\Cookies\[email protected][1].txt
    C:\Documents and Settings\David\Cookies\[email protected][2].txt
    C:\Documents and Settings\David\Cookies\[email protected][1].txt
    C:\Documents and Settings\David\Cookies\[email protected][1].txt
    C:\Documents and Settings\David\Cookies\[email protected][1].txt
    C:\Documents and Settings\David\Cookies\[email protected][1].txt
    C:\Documents and Settings\David\Cookies\[email protected][3].txt
    C:\Documents and Settings\David\Cookies\[email protected][1].txt
    C:\Documents and Settings\David\Cookies\[email protected][1].txt
    C:\Documents and Settings\David\Cookies\[email protected][2].txt
    C:\Documents and Settings\David\Cookies\[email protected][2].txt
    C:\Documents and Settings\David\Cookies\[email protected][1].txt
    C:\Documents and Settings\David\Cookies\[email protected][2].txt
    C:\Documents and Settings\David\Cookies\[email protected][2].txt
    C:\Documents and Settings\David\Cookies\[email protected][2].txt
    C:\Documents and Settings\David\Cookies\[email protected][3].txt
    C:\Documents and Settings\David\Cookies\[email protected][2].txt
    C:\Documents and Settings\David\Cookies\[email protected][1].txt
    C:\Documents and Settings\David\Cookies\[email protected][2].txt

    Trojan.VideoCach/Gen
    HKCR\NewMediaCodec.VideoSupport
    HKCR\NewMediaCodec.VideoSupport\CLSID
    HKCR\CLSID\{150EA8E7-A97C-4816-AD02-4865EEF8C5FF}
    HKCR\CLSID\{150EA8E7-A97C-4816-AD02-4865EEF8C5FF}\Control
    HKCR\CLSID\{150EA8E7-A97C-4816-AD02-4865EEF8C5FF}\Implemented Categories
    HKCR\CLSID\{150EA8E7-A97C-4816-AD02-4865EEF8C5FF}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4}
    HKCR\CLSID\{150EA8E7-A97C-4816-AD02-4865EEF8C5FF}\Implemented Categories\{7DD95802-9882-11CF-9FA9-00AA006C42C4}
    HKCR\CLSID\{150EA8E7-A97C-4816-AD02-4865EEF8C5FF}\InprocServer32
    HKCR\CLSID\{150EA8E7-A97C-4816-AD02-4865EEF8C5FF}\InprocServer32#ThreadingModel
    HKCR\CLSID\{150EA8E7-A97C-4816-AD02-4865EEF8C5FF}\MiscStatus
    HKCR\CLSID\{150EA8E7-A97C-4816-AD02-4865EEF8C5FF}\MiscStatus\1
    HKCR\CLSID\{150EA8E7-A97C-4816-AD02-4865EEF8C5FF}\ProgID
    HKCR\CLSID\{150EA8E7-A97C-4816-AD02-4865EEF8C5FF}\ToolboxBitmap32
    HKCR\CLSID\{150EA8E7-A97C-4816-AD02-4865EEF8C5FF}\TypeLib
    HKCR\CLSID\{150EA8E7-A97C-4816-AD02-4865EEF8C5FF}\Version
    HKCR\CLSID\{BABA5BDB-4EFF-48DB-B443-679651D37128}
    HKCR\CLSID\{BABA5BDB-4EFF-48DB-B443-679651D37128}\InprocServer32
    HKCR\TypeLib\{CDC0999C-999C-4EE1-875B-5C3542641768}
    HKCR\TypeLib\{CDC0999C-999C-4EE1-875B-5C3542641768}\1.0
    HKCR\TypeLib\{CDC0999C-999C-4EE1-875B-5C3542641768}\1.0\0
    HKCR\TypeLib\{CDC0999C-999C-4EE1-875B-5C3542641768}\1.0\0\win32
    HKCR\TypeLib\{CDC0999C-999C-4EE1-875B-5C3542641768}\1.0\FLAGS
    HKCR\TypeLib\{CDC0999C-999C-4EE1-875B-5C3542641768}\1.0\HELPDIR
    HKCR\Interface\{B6A3935F-8FE4-49A4-B987-A1C09E53589F}
    HKCR\Interface\{B6A3935F-8FE4-49A4-B987-A1C09E53589F}\ProxyStubClsid
    HKCR\Interface\{B6A3935F-8FE4-49A4-B987-A1C09E53589F}\ProxyStubClsid32
    HKCR\Interface\{B6A3935F-8FE4-49A4-B987-A1C09E53589F}\TypeLib
    HKCR\Interface\{B6A3935F-8FE4-49A4-B987-A1C09E53589F}\TypeLib#Version
    HKCR\Interface\{EF94A58F-599B-4602-9C34-99683C5859B1}
    HKCR\Interface\{EF94A58F-599B-4602-9C34-99683C5859B1}\ProxyStubClsid
    HKCR\Interface\{EF94A58F-599B-4602-9C34-99683C5859B1}\ProxyStubClsid32
    HKCR\Interface\{EF94A58F-599B-4602-9C34-99683C5859B1}\TypeLib
    HKCR\Interface\{EF94A58F-599B-4602-9C34-99683C5859B1}\TypeLib#Version
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\NewMediaCodec
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\NewMediaCodec#DisplayName
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\NewMediaCodec#DisplayIcon
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\NewMediaCodec#uninstallString

    Adware.TradeDoubler
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{4D1CC9C9-F909-433B-9FB4-B890CBCC40CC}\RP265\A0041698.LNK

    Trojan.Downloader-Gen/AVP
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{4D1CC9C9-F909-433B-9FB4-B890CBCC40CC}\RP312\A0070535.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{4D1CC9C9-F909-433B-9FB4-B890CBCC40CC}\RP312\A0071603.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{4D1CC9C9-F909-433B-9FB4-B890CBCC40CC}\RP312\A0071612.EXE

    Desktop Hijacker.AboutYourPrivacy
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{4D1CC9C9-F909-433B-9FB4-B890CBCC40CC}\RP312\A0071607.DLL
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{4D1CC9C9-F909-433B-9FB4-B890CBCC40CC}\RP312\A0071608.DLL
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{4D1CC9C9-F909-433B-9FB4-B890CBCC40CC}\RP312\A0071616.DLL
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{4D1CC9C9-F909-433B-9FB4-B890CBCC40CC}\RP312\A0071617.DLL


    HJT:

    Logfile of Trend Micro HijackThis v2.0.0 (BETA)
    Scan saved at 9:28:15 PM, on 7/1/2007
    Platform: Windows XP (WinNT 5.01.2600)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
    C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
    C:\WINDOWS\System32\MSTMON_S.EXE
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\Program Files\Spyware Doctor\SDTrayApp.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    C:\WINDOWS\System32\alg.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\Program Files\Spyware Doctor\svcntaux.exe
    C:\Program Files\Spyware Doctor\swdsvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\wdfmgr.exe
    C:\Program Files\BT Business Hub\Wireless Configuration\WirelessDaemon.exe
    C:\Documents and Settings\David\Desktop\HiJackThis_v2.exe
    C:\WINDOWS\System32\wbem\wmiprvse.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.bbc.co.uk
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.bbc.co.uk
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [KONICA MINOLTA magicolor 2400W STD] C:\WINDOWS\System32\MSTMON_S.EXE STARTUP
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [SpyHunter] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe
    O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
    O4 - Startup: Check for TWS Updates.lnk = C:\Jts\WiseUpdt.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
    O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) - http://www.linkedin.com/cab/LinkedInContactFinderControl.cab
    O16 - DPF: {7A0D1738-10EA-47FF-92BE-4E137B5BE1A4} (Stm Class) - http://affiliates.bookmaker.com/Iovation/StmOCXiovation.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://flashcasino.ladbrokes.com/instant-play-en/FlashAX.cab
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe (file missing)
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - Unknown owner - C:\Program Files\Spyware Doctor\svcntaux.exe
    O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
    O23 - Service: Wireless Adapter Configurator - Unknown owner - C:\Program Files\BT Business Hub\Wireless Configuration\WirelessDaemon.exe

    --
    End of file - 6814 bytes

    fingers crossed
     
  7. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
  8. dinok159

    dinok159 Thread Starter

    Joined:
    Jul 1, 2007
    Messages:
    5
    seems ok now. didn't take a restore point but all looks good with no pop ups and icons gone and home page stays the same.

    I will let you know if anything else happens, but fixed for now!!

    thanks very much for your time and effort.
     
  9. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    You want to do the restore point things so that the infected points a cleared out and a new clean one is set.
     
  10. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/590536

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice