Can someone take a look a this. Thanks in advance. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:50:23 PM, on 2/21/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\svchost.exe C:\Program Files\Wireless-G Notebook Adapter with RangeBooster\WLService.exe C:\Program Files\Wireless-G Notebook Adapter with RangeBooster\WPC54GR.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\wuauclt.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\Program Files\Grisoft\AVG7\avgcc.exe C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - Default URLSearchHook is missing O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [TrackPointSrv] tp4mon.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [SRFirstRun] rundll32 srclient.dll,CreateFirstRunRp O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user') O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - ProtocolDefaults: '@ivt' protocol is in My Computer Zone, should be Intranet Zone O15 - ProtocolDefaults: 'file' protocol is in My Computer Zone, should be Internet Zone O15 - ProtocolDefaults: 'ftp' protocol is in My Computer Zone, should be Internet Zone O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone O15 - ProtocolDefaults: 'https' protocol is in My Computer Zone, should be Internet Zone O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jinstall-6u3-windows-i586-jc.cab O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe O23 - Service: WPC54GRSVC - GEMTEKS - C:\Program Files\Wireless-G Notebook Adapter with RangeBooster\WLService.exe -- End of file - 4829 bytes
hi, at a glance log looks ok. you have SP2, you should being using Int. explorer 7.0 i dont see a resident anti-malware app in the log and a hjt log dosnt show all and every malware- you should get at least one unless you practice safe-hex and have locked down your machine. I will check out those 015 items, looks like the configuration in IE is not right. echoreply
There ARE problems in his log, taking a glance at it is not enough to judge if a log is alright or not. You have to do close research on every suspicious entry. If you have not been trained in malware removal, please do NOT give malware advice. Doing so without sufficient knowledge can cause problems to other people's computer. Yes, you are right about the O15 entries, they are not the right configuration. This is most likely caused by hidden malware on the computer. Thanks for your understanding. Hey poofs, Please wait for my reply, do NOT fix any entry or download any tools during this while. Thanks for your patience. ~Ltangel~
Hey poofs, Please read the entire instructions before commencing, if there is anything you don't understand, feel free to ask. It would be best if you can print out the instructions as we may need to reboot in between the fix. -------------------------------------------------------------------- Run Combofix Let's run ComboFix. Disable your AVG antivirus as that will prevent ComboFix from working. Please open the AVG Control Center program -> double-click on the "AVG Resident Shield" component -> deselect the "Turn on AVG Resident Shield" checkmark and save the setting. When you need to enable the AVG Resident Shield, ( It will let you know when) just open the AVG Control Center program -> double-click on the "AVG Resident Shield" component -> select the "Turn on AVG Resident Shield" checkmark and save the setting. You should NOT use Combofix unless you have been instructed to do so by a Malware Removal Expert. It is intended by its creator to be used under the guidance and supervision of an expert, not for private use. Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again. If you have used Combofix before, please delete the version you have and redownload it again, because Combofix is being updated everyday. Disconnect from the Internet while running ComboFix. Temporarily disable any anti-virus and anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause unpredictable results. Some scanners may see some combofix related components as suspicious and block or delete them while there's nothing wrong with them. 1. Download this file - combofix.exe to your Desktop. Note: It is important that it is saved directly to your desktop 2. Double click combofix.exe & follow the prompts. 3. When finished, it shall produce a log for you, C:\ComboFix.txt. Post the ComboFix log and a fresh Hijackthis log in your next reply. Do NOT post the ComboFix-quarantined-files.txt - unless I ask you to. Do NOT run ComboFix more than once. Note: Do not mouseclick combofix's window while it's running. That may cause it to stall Do not run Combofix more than once. In case you see a sed.cfexe error with the option to send a report or not, choose "don't send". The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work. Combofix should never take more that 20 minutes including the reboot if malware is detected. If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue. If that happened we want to know, and also what process you had to end. -------------------------------------------------------------------- In your next reply, please include: Fresh HijackThis log C:/ComboFix.txt Go! ~Ltangel~
hi poofs, if you havent gotten a antimalware app yet i suggest one of these to download, install update and scan with. if problems remain then yes the suggestion to see what combofix can dig up is a good one. avg antispyware: http://free.grisoft.com/doc/downloads-products/us/frt/0?prd=asf superantispyware: http://www.superantispyware.com/ spybot search and destroy: http://www.safer-networking.org/index2.html echoreply
Thanks guys for your help. I really appreciate the fact that you guys were willing to help me. I had a lot of trouble downloading the file because IE doesn't want to download almost anything(?). Ltangel here's what you requested ComboFix 08-02-22.3 - ThinkPad 02/22/2008 20:40:10.1 - NTFSx86 Running from: C:\Documents and Settings\TEMP\Desktop\ComboFix.exe WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\ss.exe . ((((((((((((((((((((((((( Files Created from 2008-01-23 to 2008-02-23 ))))))))))))))))))))))))))))))) . No new files created in this timespan . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-02-23 04:09 --------- d-----w C:\DOCUME~1\TEMP\APPLIC~1\AVG7 2008-02-22 06:49 --------- d-----w C:\Program Files\Trend Micro 2008-02-22 05:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg7 2008-02-22 05:29 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll 2008-02-22 05:29 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll 2008-02-22 05:29 --------- d-----w C:\Documents and Settings\LocalService\Application Data\AVG7 2008-02-22 05:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft 2008-02-22 05:13 --------- d-----w C:\Program Files\Google 2008-02-22 05:06 --------- d-----w C:\Program Files\Symantec 2008-02-22 05:06 --------- d-----w C:\Program Files\Common Files\Symantec Shared 2008-02-22 05:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec 2008-02-22 04:48 --------- d-----w C:\Program Files\CCleaner 2008-02-18 03:44 --------- d-----w C:\Program Files\VS Revo Group 2008-02-14 03:50 --------- d-----w C:\DOCUME~1\TEMP\APPLIC~1\yahoo! 2008-02-14 03:42 --------- d-----w C:\DOCUME~1\TEMP\APPLIC~1\MySpace 2008-02-10 08:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo! Companion 2008-02-10 08:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo! 2008-02-10 08:05 --------- d-----w C:\Program Files\Yahoo! 2008-01-13 08:18 --------- d-----w C:\Program Files\MySpace 2007-12-28 23:38 --------- d-----w C:\Program Files\LimeWire 2007-12-02 03:36 4,608 ----a-w C:\WINDOWS\system32\w95inf32.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "TrackPointSrv"="tp4mon.exe" [08/03/2004 04:56 PM 82432 C:\WINDOWS\system32\tp4mon.exe] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [09/25/2007 01:11 AM 132496] "SRFirstRun"="srclient.dll" [08/03/2004 11:56 PM 67584 C:\WINDOWS\system32\srclient.dll] "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [02/21/2008 09:29 PM 579072] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [12/18/2007 05:47 PM 8720384] "AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [02/21/2008 09:29 PM 219136] [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= %windir%\\system32\\sessmgr.exexpsp2res.dll,-22019 "C:\\Program Files\\LimeWire\\LimeWire.exe"= "C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"= "C:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"= "C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"= "C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"= "C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"= "C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"= . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-02-22 20:41:55 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 02/22/2008 20:43:03 ComboFix-quarantined-files.txt 2008-02-23 04:42:35 . 2008-02-14 03:15:19 --- E O F --- here's the other Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 8:53:39 PM, on 2/22/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Wireless-G Notebook Adapter with RangeBooster\WLService.exe C:\Program Files\Wireless-G Notebook Adapter with RangeBooster\WPC54GR.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Grisoft\AVG7\avgcc.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\explorer.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - Default URLSearchHook is missing O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [TrackPointSrv] tp4mon.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [SRFirstRun] rundll32 srclient.dll,CreateFirstRunRp O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user') O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - ProtocolDefaults: '@ivt' protocol is in My Computer Zone, should be Intranet Zone O15 - ProtocolDefaults: 'file' protocol is in My Computer Zone, should be Internet Zone O15 - ProtocolDefaults: 'ftp' protocol is in My Computer Zone, should be Internet Zone O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone O15 - ProtocolDefaults: 'https' protocol is in My Computer Zone, should be Internet Zone O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jinstall-6u3-windows-i586-jc.cab O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe O23 - Service: WPC54GRSVC - GEMTEKS - C:\Program Files\Wireless-G Notebook Adapter with RangeBooster\WLService.exe -- End of file - 4807 bytes
Hey poofs, Please read the entire instructions before commencing them. It's best that you print out the instructions for later reference as we may need to reboot in between the fix. Your ComboFix log looks alright. Let's run some scanning tools to see what we can remove. Scan with SUPERAntispyware 1. Download and install SUPERAntiSpyware and double-click the icon on your desktop to run it. 2. It will ask if you want to update the program definitions, click Yes. 3. Under Configuration and Preferences, click the Preferences button. 4. Click the Scanning Control tab. 5. Under Scanner Options make sure the following are checked: * Close browsers before scanning * Scan for tracking cookies * Terminate memory threats before quarantining. * Please leave the others unchecked. 6. Click the Close button to leave the control center screen. 7. On the main screen, under Scan for Harmful Software click Scan your computer. 8. On the left check C:\Fixed Drive. 9. On the right, under Complete Scan, choose Perform Complete Scan. 10. Click Next to start the scan. Please be patient while it scans your computer. 11. After the scan is complete a summary box will appear. Click OK. 12. Make sure everything in the white box has a check next to it, then click Next. 13. It will quarantine what it found and if it asks if you want to reboot, click Yes. 14. To retrieve the removal information for me please do the following: * After reboot, double-click the SUPERAntispyware icon on your desktop. * Click Preferences. Click the Statistics/Logs tab. * Under Scanner Logs, double-click SUPERAntiSpyware Scan Log. * It will open in your default text editor (such as Notepad/Wordpad). * Please highlight everything in the notepad, then right-click and choose copy. 15. Click close and close again to exit the program. 16. Save the log information on your desktop. If needed (still infected) paste this info along with your HijackThis log. ------------------------------------------------------------------- Fix entries with HJT Please open HijackThis and "Do a system scan only". Put a check on the entries below: R3 - Default URLSearchHook is missing O15 - ProtocolDefaults: '@ivt' protocol is in My Computer Zone, should be Intranet Zone O15 - ProtocolDefaults: 'file' protocol is in My Computer Zone, should be Internet Zone O15 - ProtocolDefaults: 'ftp' protocol is in My Computer Zone, should be Internet Zone O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone O15 - ProtocolDefaults: 'https' protocol is in My Computer Zone, should be Internet Zone Close all windows/browsers and then click "Fix checked". Close HJT. Now please go into the Add/Remove programs in Control panel and remove the following program: LimeWire The reason I'm asking you to remove LimeWire is that it is a P2P program that makes your computer vunerable to infections. -------------------------------------------------------------------- Clean your temporary files Download ATF Cleaner. *Double-click ATF-Cleaner.exe. * Under Main tab choose "Select All". * Click the Empty Selected button. If you use Firefox browser Click Firefox and choose Select All Click the Empty Selected button. If you use Opera browser Click Opera at the top and choose Select All Click the Empty Selected button. Click Exit to close the program. -------------------------------------------------------------------- In your next reply, please include: Fresh HijackThis log SUPERAntiSpyware Scan log Description of how your PC is doing (Any abnormal/suspicious programs running) Go! ~Ltangel~
Due to the lack of response to the thread, I will stop assisting on this thread. If you still need help, please PM me. ~Ltangel~
