|
|
scottgolf
new user
Reg'd: Fri
Posts: 23
|
|
Well - here it is guys: I previously posted my problem in a different thread in "Web Browser software" but was advised this was the way forward. My original thread read:
My problem here is Google. I Have this set as my homepage and I have the google toolbar installed. I was recently caught by the "Microsoft Privacy Centre" virus. I think I have eradicated this now. However, when i search for something in google and click on one of the results, there is a long pause and then I am taken to a random site - examples - search pro, Next Tag, The Click Check, Mooter, K-Directory, Main.exoclick.come, Live to Search to name but a few. If I then click "back" and select the same entry, it takes me to exactly where I wanted to be in the first place ! 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:00:41, on 10/06/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InterVideo\FastTVSync\FastTVSync.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9HE.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\InterVideo\WinDVD4PR\SchSvr.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Documents and Settings\Scott Payne\Local Settings\Temporary Internet Files\Content.IE5\JEQZVG8P\HiJackThis[1].exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: (no name) - {8B68564D-53FD-4293-B80C-993A9F3988EE} - (no file)
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [FastTVSync] "C:\Program Files\Common Files\InterVideo\FastTVSync\FastTVSync.exe"
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [EPSON Stylus Photo RX620 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9HE.EXE /P31 "EPSON Stylus Photo RX620 Series" /O6 "USB001" /M "Stylus Photo RX620"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SMSTray] C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [EPSON Stylus Photo RX620 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9HE.EXE /P31 "EPSON Stylus Photo RX620 Series" /M "Stylus Photo RX620" /EF "HKCU"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: InterVideo Scheduler server.lnk = C:\Program Files\InterVideo\WinDVD4PR\SchSvr.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: WH GBP Casino - {37236812-C1A2-4529-A9CE-CFE04E3DF08A} - C:\Documents and Settings\Scott Payne\Desktop\WH GBP Casino.lnk
O9 - Extra 'Tools' menuitem: WH GBP Casino - {37236812-C1A2-4529-A9CE-CFE04E3DF08A} - C:\Documents and Settings\Scott Payne\Desktop\WH GBP Casino.lnk
O9 - Extra button: Betdirect Poker - {6709727A-27C0-4822-ACF7-C572E1899CD6} - C:\Microgaming\Poker\betdirectMPP\MPPoker.exe
O9 - Extra button: Ladbrokes Poker - {C2A80015-C447-4dc4-82DD-AED83D6ED57E} - C:\Program Files\ladbrokesMPP\MPPoker.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WH GBP Casino - {37236812-C1A2-4529-A9CE-CFE04E3DF08A} - C:\Documents and Settings\Scott Payne\Desktop\WH GBP Casino.lnk (HKCU)
O9 - Extra 'Tools' menuitem: WH GBP Casino - {37236812-C1A2-4529-A9CE-CFE04E3DF08A} - C:\Documents and Settings\Scott Payne\Desktop\WH GBP Casino.lnk (HKCU)
O9 - Extra button: Littlewoods Casino - {BAA37C20-5000-11DB-B0DE-0800200C9A66} - C:\Documents and Settings\Scott Payne\Desktop\Littlewoods Casino.lnk (HKCU)
O9 - Extra 'Tools' menuitem: Littlewoods Casino - {BAA37C20-5000-11DB-B0DE-0800200C9A66} - C:\Documents and Settings\Scott Payne\Desktop\Littlewoods Casino.lnk (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.wanadoo.co.uk
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20070711/qtinstall.info.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {0A46CB52-CFA0-4E78-A181-948D5E361BE3} (EpsonObj Class) - http://esupport.epson-europe.com/ePC/activex/EpsonSetup.cab
O16 - DPF: {26CBF141-7D0F-46E1-AA06-718958B6E4D2} - http://download.ebay.com/turbo_lister/UK/install.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.truprint.co.uk/TruprintActivia.cab
O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} (InstallShield Setup Player 2K2) - http://sib1.od2.com/common/Member/ClientInstall/9.20.0002/OCI/setup.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1127302174955
O16 - DPF: {79E0C1C0-316D-11D5-A72A-006097BFA1AC} (EPSON Web Printer-SelfTest Control Class) - http://support.epson-europe.com/selftest/Prg/ESTPTest.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://static.photobox.co.uk/sg/common/uploader.cab
O16 - DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} (Flash Casino Helper Object) - https://flashcasino.ladbrokes.com/instant-play-en/FlashAX2.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{AAE90DD7-D4E7-4362-9192-70D7359135C8}: NameServer = 85.255.112.173,85.255.112.122
O17 - HKLM\System\CCS\Services\Tcpip\..\{C103D8B8-87C0-4673-A595-B1F15FEEBEF1}: NameServer = 193.36.79.100 80.10.246.1
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.112.173,85.255.112.122
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.173,85.255.112.122
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
--
End of file - 13997 bytes
|
|
bricat
HijackThis Helper
Reg'd: Wed
Posts: 31987
Loc: belfast
|
|
Please download Malwarebytes' Anti-Malware from Here
Double Click mbam-setup.exe to install the application.- Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
- If an update is found, it will download and install the latest version.
- Once the program has loaded, select "Perform Quick Scan", then click Scan.
- The scan may take some time to finish,so please be patient.
- When the scan is complete, click OK, then Show Results to view the results.
- Make sure that everything is checked, and click Remove Selected.
- When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
- The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
- Copy&Paste the entire report in your next reply along with a fresh HJT log.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.
Then :-
Download Combofix from any of the links below, and save it to your desktop. For information regarding this download, please visit this webpage: http://www.bleepingcomputer.com/combofix/how-to-use-combofix
Link 1
Link 2
**Note: It is important that it is saved directly to your desktop**
--------------------------------------------------------------------
1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
If you don't know how to disable some of your security programs have a look :- HERE
--------------------------------------------------------------------
Double click on ComboFix.exe & follow the prompts.
When finished, it will produce a report for you.
- Please post the C:\ComboFix.txt and MBAM LOG along with a new HijackThis log for further review.
Please keep me informed about any changes to your problems during the different steps of the fix
FOR OTHER USERS, DO NOT RUN COMBOFIX UNLESS YOU ARE ASKED TO DO SO BY A HJT HELPER
|
scottgolf
new user
Reg'd: Fri
Posts: 23
|
|
Hiya Bricat, thanks for swift response. I have dowloaded the programme but I am unable to open it to start the scan. It appears as an icon on my desktop but double clicking it or right click and open produces the egg timer for a split second and then nothing ?
|
bricat
HijackThis Helper
Reg'd: Wed
Posts: 31987
Loc: belfast
|
|
right click on COMBOFIX and change it's name to COMBO-FIX.EXE
then try it again.
--------------------
IF I HAVE SAVED YOU MONEY, PLEASE CONSIDER GIVING A DONATION TO HELP IN MY FIGHT AGAINST MALWARE.
 
When the only tool you own is a hammer, every problem begins to look like a nail. 
|
scottgolf
new user
Reg'd: Fri
Posts: 23
|
|
Combo fix ?????
|
bricat
HijackThis Helper
Reg'd: Wed
Posts: 31987
Loc: belfast
|
|
in my last post i asked you to install MBAM and COMBOFIX.
i take it that you haven't installed combofix yet.
follow the last instructions, d/load combofix, but before you run it
right click on COMBOFIX and change it's name to COMBO-FIX.EXE
--------------------
IF I HAVE SAVED YOU MONEY, PLEASE CONSIDER GIVING A DONATION TO HELP IN MY FIGHT AGAINST MALWARE.
When the only tool you own is a hammer, every problem begins to look like a nail.
|
scottgolf
new user
Reg'd: Fri
Posts: 23
|
|
Hiya, no I didn't download Combofix because your post said to do this after I'd downloaded Malwarebytes and ran this - the problem being, it will not run ! Am I to miss out the first step and go str8 to Combofix then ?
|
bricat
HijackThis Helper
Reg'd: Wed
Posts: 31987
Loc: belfast
|
|
run combofix first.
--------------------
IF I HAVE SAVED YOU MONEY, PLEASE CONSIDER GIVING A DONATION TO HELP IN MY FIGHT AGAINST MALWARE.
When the only tool you own is a hammer, every problem begins to look like a nail.
|
scottgolf
new user
Reg'd: Fri
Posts: 23
|
|
Hiya - I have downloaded combo, but I cannot run it :-( I have re-named it COMBO-FIX.EXE but still no joy !!
|
bricat
HijackThis Helper
Reg'd: Wed
Posts: 31987
Loc: belfast
|
|
Then boot up in SAFE MODE and try combofix again.
--------------------
IF I HAVE SAVED YOU MONEY, PLEASE CONSIDER GIVING A DONATION TO HELP IN MY FIGHT AGAINST MALWARE.
When the only tool you own is a hammer, every problem begins to look like a nail.
|
scottgolf
new user
Reg'd: Fri
Posts: 23
|
|
Hiya Bricat, just after I posted my last message, my screen froze and I had to power off and on. When it reloaded, I tried it again and it worked - However, on completing the log, my desktop disappeared - is this normal - luckily, I saved a copy of the log to the desktop (probably would have been stored elsewhere as well I know) I again had to restart my system - don't know if this info helps ? Anyway here is the log:
ComboFix 09-06-12.02 - Scott Payne 12/06/2009 22:50.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.667 [GMT 1:00]
Running from: c:\documents and settings\Scott Payne\Desktop\COMBO-FIX.EXe.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: ZoneAlarm Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Scott Payne\Application Data\PCenter
c:\documents and settings\Scott Payne\Application Data\PCenter\dbases\cg.dat
c:\documents and settings\Scott Payne\Application Data\PCenter\dbases\mw.dat
c:\documents and settings\Scott Payne\Application Data\PCenter\dbases\rd.dat
c:\documents and settings\Scott Payne\Application Data\PCenter\dbases\sc.dat
c:\documents and settings\Scott Payne\Application Data\PCenter\dbases\sm.dat
c:\documents and settings\Scott Payne\Application Data\PCenter\dbases\sp.dat
c:\documents and settings\Scott Payne\Application Data\PCenter\keys\cg.key
c:\documents and settings\Scott Payne\Application Data\PCenter\keys\rd.key
c:\documents and settings\Scott Payne\Application Data\PCenter\keys\sc.key
c:\documents and settings\Scott Payne\Application Data\PCenter\keys\sp.key
c:\documents and settings\Scott Payne\Application Data\PCenter\temp\settings.ini
c:\documents and settings\Scott Payne\Application Data\PCenter\temp\spfilter
c:\windows\system32\Plugins
c:\windows\system32\drivers\gxvxcrnirqobltfumlxwbimxrbuntjixdqpqj.sys
c:\windows\system32\gxvxccount
c:\windows\system32\gxvxcevjbkoqyibmwpoqhjeupklfrlaxqpxgw.dll
c:\windows\system32\gxvxcrrvkbgoypootxadiodjooyiuwswpyxxq.dll
c:\windows\system32\muzapp.exe
c:\windows\system32\Plugins\colors_rgb.avsi
c:\windows\system32\Plugins\DirectShowSource.dll
c:\windows\Tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_gxvxcserv.sys
((((((((((((((((((((((((( Files Created from 2009-05-12 to 2009-06-12 )))))))))))))))))))))))))))))))
.
2009-06-11 22:51 . 2009-06-11 22:51 -------- dcsh--w- c:\documents and settings\NetworkService\IETldCache
2009-06-11 18:02 . 2009-06-11 18:02 -------- dc----w- c:\program files\GSP
2009-06-10 19:52 . 2009-05-26 12:20 40160 -c--a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-10 19:52 . 2009-06-10 19:52 -------- dc----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-06-10 19:52 . 2009-06-10 19:52 -------- dc----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-10 19:52 . 2009-05-26 12:19 19096 -c--a-w- c:\windows\system32\drivers\mbam.sys
2009-06-10 16:57 . 2009-06-10 16:57 -------- dc----w- c:\program files\Trend Micro
2009-06-10 15:55 . 2009-04-30 21:22 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-06-10 15:55 . 2009-04-30 21:22 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-06-10 05:19 . 2009-06-12 07:32 -------- dc-h--w- C:\$AVG8.VAULT$
2009-06-09 23:35 . 2009-06-09 23:34 64160 -c--a-w- c:\windows\system32\drivers\Lbd.sys
2009-06-09 23:30 . 2009-06-09 23:30 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-06-09 23:30 . 2009-03-12 08:17 2902048 -c--a-w- c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}\Ad-AwareAE.exe
2009-06-09 23:30 . 2009-06-09 23:34 -------- dc----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-06-09 23:30 . 2009-06-09 23:30 -------- dc----w- c:\program files\Lavasoft
2009-06-09 22:27 . 2009-06-09 22:27 152576 -c--a-w- c:\documents and settings\Scott Payne\Application Data\Sun\Java\jre1.6.0_14\lzma.dll
2009-06-09 22:25 . 2009-06-09 22:25 -------- dc----w- c:\program files\CCleaner
2009-06-09 00:05 . 2009-06-09 00:05 11952 -c--a-w- c:\windows\system32\avgrsstx.dll
2009-06-09 00:05 . 2009-06-09 00:05 108552 -c--a-w- c:\windows\system32\drivers\avgtdix.sys
2009-06-09 00:05 . 2009-06-09 00:05 325896 -c--a-w- c:\windows\system32\drivers\avgldx86.sys
2009-06-09 00:05 . 2009-06-09 00:05 27784 -c--a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-06-09 00:04 . 2009-06-12 16:55 -------- dc----w- c:\windows\system32\drivers\Avg
2009-06-09 00:04 . 2009-06-09 00:04 -------- dc----w- c:\documents and settings\All Users\Application Data\avg8
2009-06-08 20:14 . 2009-06-08 20:14 91152 -c--a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-08 20:06 . 2009-06-08 20:06 -------- dcsh--w- c:\documents and settings\Administrator\PrivacIE
2009-06-08 13:17 . 2009-06-08 13:17 -------- dcsh--w- c:\documents and settings\Administrator\IETldCache
2009-06-08 00:19 . 2009-06-08 00:19 -------- dc----w- c:\windows\system32\config\systemprofile\Application Data\AdobeUM
2009-06-07 23:54 . 2009-06-07 23:54 -------- dc----w- c:\program files\PlayAllDVD
2009-06-07 23:48 . 2009-06-07 23:48 -------- dc----w- c:\program files\SeekingAlpha
2009-06-07 23:47 . 2009-06-07 23:47 -------- dcsh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-06-04 17:20 . 2009-06-04 17:20 -------- dcsh--w- c:\documents and settings\Scott Payne\PrivacIE
2009-06-04 17:00 . 2009-06-04 17:00 -------- dcsh--w- c:\documents and settings\Scott Payne\IETldCache
2009-06-04 16:41 . 2009-06-11 01:29 -------- dc----w- c:\windows\ie8updates
2009-06-04 16:39 . 2009-05-12 05:11 102912 -c----w- c:\windows\system32\dllcache\iecompat.dll
2009-06-04 16:34 . 2009-06-04 16:39 -------- dc-h--w- c:\windows\ie8
2009-06-03 21:02 . 2006-05-03 21:53 174592 -c--a-w- c:\windows\system32\framedyn.dll
2009-06-03 20:57 . 2006-07-24 15:05 5632 -c--a-w- c:\windows\system32\drivers\StarOpen.sys
2009-05-13 23:18 . 2009-05-13 23:20 152576 -c--a-w- c:\documents and settings\Scott Payne\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-12 20:45 . 2009-03-25 12:38 -------- dc--a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-06-11 18:02 . 2004-07-06 08:05 -------- dc-h--w- c:\program files\InstallShield Installation Information
2009-06-09 23:25 . 2004-09-04 20:29 -------- dc----w- c:\documents and settings\Scott Payne\Application Data\Lavasoft
2009-06-09 23:22 . 2004-08-11 09:25 -------- dc----w- c:\program files\Spybot - Search & Destroy
2009-06-09 23:20 . 2004-08-11 09:25 -------- dc----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-06-09 22:32 . 2004-08-15 19:24 -------- dc----w- c:\program files\Common Files\Wise Installation Wizard
2009-06-09 21:38 . 2004-08-11 09:22 -------- dc----w- c:\program files\SpywareBlaster
2009-06-04 19:25 . 2009-06-04 19:27 97280 -c--a-w- c:\windows\Internet Logs\xDBC.tmp
2009-06-03 21:21 . 2006-08-21 00:00 -------- dc----w- c:\documents and settings\Scott Payne\Application Data\Samsung
2009-06-03 20:57 . 2008-06-24 16:41 -------- dc----w- c:\program files\Samsung
2009-05-14 00:06 . 2006-06-05 23:52 -------- dc----w- c:\program files\WH £ Casino
2009-05-13 23:21 . 2004-07-06 08:02 -------- dc----w- c:\program files\Java
2009-05-13 05:15 . 2004-02-06 17:05 915456 -c--a-w- c:\windows\system32\wininet.dll
2009-05-13 00:06 . 2009-05-13 07:15 1619456 -c--a-w- c:\windows\Internet Logs\xDB8.tmp
2009-05-07 15:32 . 2002-08-29 04:00 345600 -c--a-w- c:\windows\system32\localspl.dll
2009-04-23 21:13 . 2009-04-23 21:08 -------- dc----w- c:\documents and settings\Scott Payne\Application Data\Spotify
2009-04-23 21:08 . 2009-04-23 21:08 -------- dc----w- c:\program files\Spotify
2009-04-17 12:26 . 2002-08-29 04:00 1847168 -c--a-w- c:\windows\system32\win32k.sys
2009-04-16 08:07 . 2009-04-16 08:07 -------- dc----w- c:\documents and settings\Scott Payne\Application Data\Template
2009-04-15 14:51 . 2004-03-05 20:16 585216 -c--a-w- c:\windows\system32\rpcrt4.dll
2009-03-24 19:52 . 2004-08-26 12:22 91152 -c--a-w- c:\documents and settings\Scott Payne\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"EPSON Stylus Photo RX620 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATI9HE.EXE" [2004-05-19 98304]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"Creative Detector"="c:\program files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 102400]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-08-24 39408]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2003-11-03 4800512]
"PCMService"="c:\program files\Dell\Media Experience\PCMService.exe" [2004-04-11 290816]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-04-11 53248]
"IntelMeM"="c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-03 221184]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-03-15 122933]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592]
"FastTVSync"="c:\program files\Common Files\InterVideo\FastTVSync\FastTVSync.exe" [2003-09-04 241664]
"SpeedTouch USB Diagnostics"="c:\program files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 866816]
"EPSON Stylus Photo RX620 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATI9HE.EXE" [2004-05-19 98304]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-04-06 185896]
"SMSTray"="c:\program files\Samsung\Samsung Media Studio 5\SMSTray.exe" [2007-12-14 132624]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-03 111936]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-09-10 289576]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-11-13 981904]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-06-09 1947928]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-06-09 518488]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696]
InterVideo Scheduler server.lnk - c:\program files\InterVideo\WinDVD4PR\SchSvr.exe [2004-8-5 135168]
InterVideo WinCinema Manager.lnk - c:\program files\InterVideo\Common\Bin\WinCinemaMgr.exe [2004-8-5 131072]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-06-09 00:05 11952 -c--a-w- c:\windows\SYSTEM32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /p \??\E:\0autocheck autochk *
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Spotify\\spotify.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
R0 Lbd;Lbd;c:\windows\SYSTEM32\DRIVERS\Lbd.sys [10/06/2009 00:35 64160]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\SYSTEM32\DRIVERS\avgldx86.sys [09/06/2009 01:05 325896]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\SYSTEM32\DRIVERS\avgtdix.sys [09/06/2009 01:05 108552]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [09/06/2009 01:04 298776]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [09/03/2009 20:06 1005904]
S3 naecd;naecd;\??\c:\docume~1\SCOTTP~1\LOCALS~1\Temp\naecd.sys --> c:\docume~1\SCOTTP~1\LOCALS~1\Temp\naecd.sys [?]
S3 sea1bus;Sony Ericsson Device 0A1 driver (WDM);c:\windows\SYSTEM32\DRIVERS\sea1bus.sys [24/11/2007 18:37 61536]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder
2009-06-11 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
2004-08-05 c:\windows\Tasks\ISP signup reminder 1.job
- c:\windows\System32\OOBE\OOBEBALN.EXE [2002-08-29 00:12]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultUrl = hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZU&fl=0&ptb=iCuQtDBPVBTF2UKSbLl66g&url=http://edits.mywebsearch.com/toolbaredits/barsearch.jhtml&st=sb&searchfor={searchTerms}
uStart Page = hxxp://www.google.co.uk/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: {{37236812-C1A2-4529-A9CE-CFE04E3DF08A} - c:\documents and settings\Scott Payne\Desktop\WH GBP Casino.lnk
IE: {{6709727A-27C0-4822-ACF7-C572E1899CD6} - c:\microgaming\Poker\betdirectMPP\MPPoker.exe
Trusted Zone: nationet.com\olb2
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
DPF: {0A46CB52-CFA0-4E78-A181-948D5E361BE3} - hxxp://esupport.epson-europe.com/ePC/activex/EpsonSetup.cab
DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} - hxxps://flashcasino.ladbrokes.com/instant-play-en/FlashAX2.cab
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-12 23:01
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
EPSON Stylus Photo RX620 Series = c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATI9HE.EXE /P31 "EPSON Stylus Photo RX620 Series" /M "Stylus Photo RX620" /EF "HKCU"??????????????????????????????p???g??w0??w????*??w???w????O??w??&???????????????Y????w????????????????????T???????????g??w???w???????w???w??Y????????????w???????????????????????????????|??????????Y?????????????O??ws??w???w'??w??&???????????)?????????8???????????N???????4????a?w??&?????????????????????????????T????b?w?????????????H??????????????h??w????????????z??w????????8???????????`??
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2009-06-12 23:06
ComboFix-quarantined-files.txt 2009-06-12 22:06
Pre-Run: 11,433,480,192 bytes free
Post-Run: 11,713,839,104 bytes free
203 --- E O F --- 2009-06-11 01:29
|
bricat
HijackThis Helper
Reg'd: Wed
Posts: 31987
Loc: belfast
|
|
How's it running now ?
it looks like combofix found it all.
--------------------
IF I HAVE SAVED YOU MONEY, PLEASE CONSIDER GIVING A DONATION TO HELP IN MY FIGHT AGAINST MALWARE.
When the only tool you own is a hammer, every problem begins to look like a nail.
|
scottgolf
new user
Reg'd: Fri
Posts: 23
|
|
Hiya - it seems to be running fine - I noticed it deleted a few PCentre entries :-). Really appreciate all your help - I will be making that Paypal donation.
|
scottgolf
new user
Reg'd: Fri
Posts: 23
|
|
Doh ! I've just been into my email (Outlook Express) and my email account doesn't exist ?
|
bricat
HijackThis Helper
Reg'd: Wed
Posts: 31987
Loc: belfast
|
|
see how you go after this
just some tidying up to do.
Click START then RUN
Now type Combofix /u in the runbox and click OK
The above procedure will:
- Delete the following:[list]
- ComboFix and its associated files and folders.
- VundoFix backups, if present
- The C:\Deckard folder, if present
- The C:_OtMoveIt folder, if present
Reset the clock settings.
Hide file extensions, if required.
Hide System/Hidden files, if required.
Reset System Restore.[/list]
Then :-
Download and scan with CCleaner - CCleaner installs the Yahoo Toolbar as an option which IS checkmarked by default during the installation.
IF you do NOT want it, REMOVE the checkmark when provided with the option OR download the toolbar-free or Slim versions instead of the Standard Build.
- Before first use, select Options > Advanced and UNCHECK "Only delete files in Windows Temp folder older than 48 hours"
Then select "Cookies"
Move any cookies you wish to retain, e.g. login cookies, in the left-hand window to the right-hand window by highlighting them and clicking the right arrow in the centre.
- Then select the items you wish to clean up.
In the Windows Tab:
• Clean all entries in the "Internet Explorer" section.
• Clean all the entries in the "Windows Explorer" section.
• Clean all entries in the "Advanced" section.
• Clean any others that you choose.
Leave the system section at default.
In the Applications Tab:
• Clean all entries in the Mozilla Firefox Section.
• Clean all in the Opera section if you use it.
• Clean Sun Java in the Internet Section.
• Clean any others that you choose.
- Click the "Run Cleaner" button.
- A pop up box will appear advising this process will permanently delete files from your system.
- Click "OK" and it will scan and clean your system.
- Click "exit" when done.
then DEFRAG your C:\ drive.
to help speed up your system.
then let us know how the computer is running.
HOW DID I GET INFECTED
--------------------
IF I HAVE SAVED YOU MONEY, PLEASE CONSIDER GIVING A DONATION TO HELP IN MY FIGHT AGAINST MALWARE.
When the only tool you own is a hammer, every problem begins to look like a nail.
|
scottgolf
new user
Reg'd: Fri
Posts: 23
|
|
Hiya - Right then - the PC itself seems to be running OK - certainly better than it was, however:
- when I click the IE icon in quicklaunch it takes a few minutes before advising unable to connect. I then have to press "start" "connect to" and select my internet connection. I then click google on the toolbar and page loads fine. Subsequent clicking on IE icon in quicklaunch provides me with a new window no problem ?
- If the PC is left with no activity for say 10 minutes and I come back to it and click a link from the site I was previously in, it hangs for a minute or so and then says connection problem - the internet connection icon in the bottom right is fine and hover over it and it shows connected. I have to right click on it and disconnect and then go "start" "connect to" and select internet connection again - then if I go back and reselect the link I previously asked for there is no problem it loads straight away ?
- My email account still doesn't show in Outlook Express ?
Appreciate all your help here Bricat but this is just annoying now I know I'm rid of what caused the problem in the 1st place
|
bricat
HijackThis Helper
Reg'd: Wed
Posts: 31987
Loc: belfast
|
|
I'm not sure what is going on there.
you might be better posting a question in the general pc forum, or the web browser forum where some of the more techie members should be able to help you.
good luck.
--------------------
IF I HAVE SAVED YOU MONEY, PLEASE CONSIDER GIVING A DONATION TO HELP IN MY FIGHT AGAINST MALWARE.
When the only tool you own is a hammer, every problem begins to look like a nail.
|
Previous
Index
Next
Threaded
Edit
Reply
Quote
