everytime i click on the internet explorer it directs me to theguardservices.com and informs me that i have an ip address (227.4.167.118) that can view all my files and folders, etc. i believe its the work of a trojan horse. i have found three torjans through using avg, ad-aware, and microsoft defender. i am stationed in iraq and i have no backup disk or start up disk so reinstalling windows is not an option, any advise or help would be greatly appreciated. tojan horse downloader.generics.sfj tojan horse downloader.generics.sbw tojan horse downloader.zlob.ye the following is my hijack this log file: Logfile of HijackThis v1.99.1 Scan saved at 8:11:54 PM, on 4/28/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5346.0005) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe C:\Program Files\iolo\System Mechanic 6\IoloSGCtrl.exe C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe C:\WINDOWS\system32\dcomcfg.exe C:\Program Files\Apoint\Apoint.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Dell\Media Experience\PCMService.exe C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\WINDOWS\system32\LVCOMSX.EXE C:\Program Files\Apoint\Apntex.exe C:\Program Files\Logitech\Video\LogiTray.exe C:\Program Files\iolo\System Mechanic 6\SystemGuardAlerter.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Dell Support\DSAgnt.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\iolo\System Mechanic 6\SMSystemAnalyzer.exe C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe C:\Program Files\Logitech\Video\FxSvr2.exe C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Documents and Settings\Arturo.REMY\Desktop\HijackThis_v1.99.1.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=55245&clcid={SUB_CLCID} R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://www.yahoo.com R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost O2 - BHO: Nothing - {b0398eca-0bcd-4645-8261-5e9dc70248d0} - C:\WINDOWS\system32\hpC8CE.tmp O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file) O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (file missing) O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe" O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe O4 - HKLM\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe O4 - HKLM\..\Run: [SystemGuardAlerter] "C:\Program Files\iolo\System Mechanic 6\SystemGuardAlerter.exe" O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [LDM] \Program\BackWeb-8876480.exe O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot O4 - HKCU\..\Run: [SMSystemAnalyzer] "C:\Program Files\iolo\System Mechanic 6\SMSystemAnalyzer.exe" O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Digital Line Detect.lnk = ? O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (file missing) O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [INTERNATIONAL] International* O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,90/mcinsctl.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,23/mcgdmgr.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{45AC9F58-5A12-45B9-8AF5-7300C0C9CE70}: NameServer = 195.238.40.45,195.238.50.253 O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing) O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: iolo System Guard (IOLO_SRV) - Unknown owner - C:\Program Files\iolo\System Mechanic 6\IoloSGCtrl.exe O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
Hi remy67s. You don't have a firewall on your computer. Download and install one firewall. These are good (free) firewalls: ZoneAlarm --> http://www.zonelabs.com Kerio--> http://www.sunbelt-software.com/Kerio.cfm Outpost-> http://www.agnitum.com Ok, you got some infections.... Cleaning instructions: Move HijackThis into its own folder C:\HJT Fix the following entries with HijackThis (run HijackThis, press "Do a system scan only", close all other windows, checkmark entries and press Fix checked): R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www... R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://www... O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file) O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (file missing) Download SmitfraudFix.zip to your desktop -> http://siri.urz.free.fr/Fix/SmitfraudFix.zip Unzip it (folder named SmitFraudFix) to your desktop: Open the folder SmitfraudFix and doubleclick smitfraudfix.cmd Choose option #1 - Search by typing 1 and pressing "Enter"; a textfile opens and lists the infected files (if those exist) Post the contents of this textfile to here. (Some antiviruses recognises process.exe as a malware. It is not malware, it is a program that stops processes) Then we'll continue the cleaning process.
i went into smitfraudfix.cmd and this is what came up: another window also popped up which the title is (C: WINDOWS/system32/cmd.exe) and it has a black background. Option Explicit Dim Shell Dim KeyPath Dim ObjFileSystem Dim ObjOutputFile Dim ObjRegExp Dim File Dim TmpVar Dim Var Dim Accent KeyPath = "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\" File = "SetPaths.bat" Set Shell = WScript.CreateObject("WScript.Shell") Set ObjFileSystem = CreateObject("Scripting.fileSystemObject") Set ObjOutputFile = ObjFileSystem.CreateTextFile(File, TRUE) Set ObjRegExp = New RegExp Function ShortFileName(Path) Dim f Set f = ObjFileSystem.GetFolder(Path) ShortFileName = f.ShortPath End Function Function Accents(Str) ObjRegExp.Pattern = "[^a-zA-Z_0-9\\: ]" ObjRegExp.IgnoreCase = True ObjRegExp.Global = True Accents = ObjRegExp.Replace(Str, "?") End Function TmpVar = Shell.RegRead (KeyPath & "Desktop") TmpVar = ShortFileName(TmpVar) Var = "Set desktop=" & TmpVar ObjOutputFile.WriteLine(Var) TmpVar = Shell.RegRead (KeyPath & "Favorites") TmpVar = ShortFileName(TmpVar) Var = "Set favorites=" & TmpVar ObjOutputFile.WriteLine(Var) TmpVar = Shell.RegRead (KeyPath & "Programs") TmpVar = ShortFileName(TmpVar) Var = "Set startprg=" & TmpVar ObjOutputFile.WriteLine(Var) TmpVar = Shell.RegRead (KeyPath & "Start Menu") TmpVar = ShortFileName(TmpVar) Var = "Set startm=" & TmpVar ObjOutputFile.WriteLine(Var) TmpVar = Shell.RegRead (KeyPath & "Startup") TmpVar = ShortFileName(TmpVar) Var = "Set startup=" & TmpVar ObjOutputFile.WriteLine(Var) KeyPath = "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\" TmpVar = Shell.RegRead (KeyPath & "Common Desktop") TmpVar = ShortFileName(TmpVar) Var = "Set audesktop=" & TmpVar ObjOutputFile.WriteLine(Var) TmpVar = Shell.RegRead (KeyPath & "Common Favorites") TmpVar = ShortFileName(TmpVar) Var = "Set aufavorites=" & TmpVar ObjOutputFile.WriteLine(Var) TmpVar = Shell.RegRead (KeyPath & "Common Programs") TmpVar = ShortFileName(TmpVar) Var = "Set austartprg=" & TmpVar ObjOutputFile.WriteLine(Var) TmpVar = Shell.RegRead (KeyPath & "Common Start Menu") TmpVar = ShortFileName(TmpVar) Var = "Set austartm=" & TmpVar ObjOutputFile.WriteLine(Var) TmpVar = Shell.RegRead (KeyPath & "Common Startup") TmpVar = ShortFileName(TmpVar) Var = "Set austartup=" & TmpVar ObjOutputFile.WriteLine(Var) ObjOutputFile.Close Set objFileSystem = Nothing Set Shell = Nothing Set ObjRegExp = nothing
Ok you need to run the file named smitfraudfix.cmd from the SmitfraudFix folder. See this picture -> http://siri.urz.free.fr/Fix/Bitmaps/Folder.png Open the folder SmitfraudFix and doubleclick smitfraudfix.cmd Choose option #1 - Search by typing 1 and pressing "Enter"; a textfile opens and lists the infected files (if those exist) Post the contents of this textfile to here.
here is the file, please help this virus is annoying or whatever it is thanks. SmitFraudFix v2.37 Scan done at 16:27:20.56, Sun 04/30/2006 Run from C:\Documents and Settings\Arturo.REMY\Desktop\New Folder (2)\SmitfraudFix OS: Microsoft Windows XP [Version 5.1.2600] »»»»»»»»»»»»»»»»»»»»»»»» C:\ »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32 C:\WINDOWS\system32\dcomcfg.exe FOUND ! C:\WINDOWS\system32\hp????.tmp FOUND ! C:\WINDOWS\system32\ld????.tmp FOUND ! C:\WINDOWS\system32\ot.ico FOUND ! C:\WINDOWS\system32\simpole.tlb FOUND ! C:\WINDOWS\system32\stdole3.tlb FOUND ! C:\WINDOWS\system32\ts.ico FOUND ! C:\WINDOWS\system32\1024\ FOUND ! »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Arturo.REMY\Application Data »»»»»»»»»»»»»»»»»»»»»»»» Start Menu »»»»»»»»»»»»»»»»»»»»»»»» »»»»»»»»»»»»»»»»»»»»»»»» Desktop »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files »»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys »»»»»»»»»»»»»»»»»»»»»»»» Desktop Components [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0] "Source"="About:Home" "SubscribedURL"="About:Home" "FriendlyName"="My Current Home Page" »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler !!! Attention, follow keys are not inevitably infected !!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler] "{CA14EE13-ED15-C4A2-17FF-DA4D15C1BC5E}"="Twain" [HKEY_CLASSES_ROOT\CLSID\{CA14EE13-ED15-C4A2-17FF-DA4D15C1BC5E}\InProcServer32] @="C:\WINDOWS\system32\twain32.dll" [HKEY_CURRENT_USER\Software\Classes\CLSID\{CA14EE13-ED15-C4A2-17FF-DA4D15C1BC5E}\InProcServer32] @="C:\WINDOWS\system32\twain32.dll" »»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection »»»»»»»»»»»»»»»»»»»»»»»» End
Hi remy67s, Boot your computer to SAFEMODE. Open the folder SmitfraudFix and doubleclick smitfraudfix.cmd Choose option #2 - Clean by typing 2 and pressing "Enter" in order to remove the infected files. You are asked: "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove your desktop wallpaper and the infected registry keys. The tool checks if wininet.dll file is infected. You might be asked to replace the infected .dll (if found); answer "Yes" by typing Y and press "Enter". The tool might have to restart your computer; if it won't do it, restart your computer back to normal mode. A textfile will appear after the cleaning process, copy this file and paste it to here. Tha log is saved to your local diskdrive, usually C:\rapport.txt. Send fresh hijack log too.
here is what i got: SmitFraudFix v2.37 Scan done at 16:33:54.84, Mon 05/01/2006 Run from C:\Documents and Settings\Arturo.REMY\Desktop\New Folder (2)\SmitfraudFix OS: Microsoft Windows XP [Version 5.1.2600] »»»»»»»»»»»»»»»»»»»»»»»» Killing process »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files C:\WINDOWS\system32\dcomcfg.exe Deleted C:\WINDOWS\system32\hp????.tmp Deleted C:\WINDOWS\system32\ld????.tmp Deleted C:\WINDOWS\system32\ot.ico Deleted C:\WINDOWS\system32\simpole.tlb Deleted C:\WINDOWS\system32\stdole3.tlb Deleted C:\WINDOWS\system32\ts.ico Deleted C:\WINDOWS\system32\1024\ Deleted »»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning Registry Cleaning done. »»»»»»»»»»»»»»»»»»»»»»»» End
here is the fresh hijack log: SmitFraudFix v2.37 Scan done at 16:47:38.59, Mon 05/01/2006 Run from C:\Documents and Settings\Arturo.REMY\Desktop\New Folder (2)\SmitfraudFix OS: Microsoft Windows XP [Version 5.1.2600] »»»»»»»»»»»»»»»»»»»»»»»» C:\ »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32 »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Arturo.REMY\Application Data »»»»»»»»»»»»»»»»»»»»»»»» Start Menu »»»»»»»»»»»»»»»»»»»»»»»» »»»»»»»»»»»»»»»»»»»»»»»» Desktop »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files »»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys »»»»»»»»»»»»»»»»»»»»»»»» Desktop Components »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler !!! Attention, follow keys are not inevitably infected !!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection »»»»»»»»»»»»»»»»»»»»»»»» End
thank you again!!!! i have my homepage back and i have ran my avg, ad-aware, and microsoft scans three times since i did what you told me and i have not yet been informed by my scans that my laptop is infected with any viruses. i appreciate the help and i will let everyone in my battalion know about afterdawn.com. again i appreciate you helping me with this problem. thank you very much. sgt ramirez hq platoon witchdoctors rock!
