Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected With A Trojan? System Error Pop-up


  • This topic is locked This topic is locked
20 replies to this topic

#1 madec68

madec68

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:03:13 AM

Posted 31 January 2008 - 10:16 PM

I've been getting a System Error pop-up that reads:Your computer was infected by an unknown Trojan. It's dangerous for your system (critical files can be lost)! Click ok to download the antispyware program to clean your system. (Recommended) There was an icon on my taskbar that looked like the windows update icon and when I clicked on it I was taken to a site for Virus Heal. The icon is gone but I'm still getting this pop-up continually. I have AT&T Anti virus Suite which includes antispyware, and a firewall. I've downloaded and ran all of the programs listed on the page concerning what to do before you post a Hijackthis log. I'm going insane, PLEASE HELP. Thank you Madec68. Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:58:37 PM, on 1/31/2008
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\Program Files\AT&T\AT&T Internet Security Suite\Fws.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\ZoneLabs\vsmon.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINNT\system32\cisvc.exe
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\WINNT\system32\HPZipm12.exe
C:\WINNT\system32\regsvc.exe
C:\Program Files\AT&T\AT&T Internet Security Suite\rpsupdaterR.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\mspmspsv.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
C:\WINNT\system32\VTTimer.exe
C:\WINNT\system32\VTtrayp.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\AT&T\Internet Security Wizard\ISW.exe
C:\Program Files\AT&T\AT&T Internet Security Suite\Rps.exe
C:\Program Files\ATT Internet Tools\blsloader.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\AT&T\Internet Security Wizard\ISWComHandler.exe
C:\WINNT\system32\cidaemon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.att.net/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: BlspcHlpr Class - {15C9938F-CB96-496D-800A-B827F2E34EA1} - C:\Program Files\ATT Internet Tools\blspc.dll
O2 - BHO: (no name) - {21ECA600-72B5-4E66-BB2E-573C92CBD8D6} - C:\Program Files\Video Add-on\isfmdl.dll (file missing)
O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\AT&T\AT&T Internet Security Suite\pkR.dll
O2 - BHO: Video decompressor - {490BE71A-AAA4-4616-B6C8-4847CA2972D0} - C:\WINNT\pandsf.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: IE Custom Tools - {C4DFA6F3-1245-41E5-8E60-7D31427F01B3} - C:\Program Files\Video Add-on\ictmdl.dll (file missing)
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [bm] "C:\Program Files\Common Files\AntiSpywareSuite\bm.exe" dm=http://antispywaresuite.com ad=http://antispywaresuite.com sd=http://ykeeper.antispywaresuite.com
O4 - HKLM\..\Run: [ptask] C:\Program Files\AntiSpywareSuite\ptask.exe
O4 - HKLM\..\Run: [ISW.exe] "C:\Program Files\AT&T\Internet Security Wizard\ISW.exe" /AUTORUN
O4 - HKLM\..\Run: [AT&T Internet Security Suite] "C:\Program Files\AT&T\AT&T Internet Security Suite\Rps.exe"
O4 - HKLM\..\Run: [PPRT] C:\Program Files\CA\PPRT\bin\ITMRTSVC_Logon.exe
O4 - HKLM\..\Run: [-FreedomNeedsReboot] "C:\Program Files\AT&T\AT&T Internet Security Suite\ZkRunOnceR.exe"
O4 - HKLM\..\Run: [blspcloader] "C:\Program Files\ATT Internet Tools\blsloader.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Startup: MostFun.lnk.disabled
O4 - Global Startup: HP Digital Imaging Monitor.lnk.disabled
O4 - Global Startup: HP Image Zone Fast Start.lnk.disabled
O4 - Global Startup: Microsoft Office.lnk.disabled
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk.disabled
O4 - Global Startup: QuickBooks 2001 Delivery Agent.lnk.disabled
O8 - Extra context menu item: &Search - ?p=ZCxdm565YYUS
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {321FB770-1FBE-4BFE-BDC1-6F622D4FA499} - https://pbells.broadjump.com/wizlet/iw60/st...aller_4-0-0.cab
O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://www.ca.com/us/securityadvisor/pestscan/pestscan.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1192568344890
O16 - DPF: {9BFC2253-B9D9-477E-9488-CA450232620D} (BinAg1 Class) - https://pbells.broadjump.com/wizlet/iw60/st...flowActiveX.CAB
O22 - SharedTaskScheduler: ficklety - {e31f5c72-8e0d-4921-8375-9573746c170c} - (no file)
O22 - SharedTaskScheduler: aposiopetic - {91316323-2ad5-4794-9589-52a2eaa60a68} - C:\WINNT\system32\shlahsd.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\system32\HPZipm12.exe
O23 - Service: AT&T Internet Security Suite Service (RPSUpdaterR) - Radialpoint Inc. - C:\Program Files\AT&T\AT&T Internet Security Suite\rpsupdaterR.exe
O23 - Service: AT&T Internet Security Suite AT&T Firewall (RP_FWS) - AT&T - C:\Program Files\AT&T\AT&T Internet Security Suite\Fws.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINNT\system32\ZoneLabs\vsmon.exe

--
End of file - 8452 bytes
Thank you, Madec68

BC AdBot (Login to Remove)

 


m

#2 EnigmaChick

EnigmaChick

  • Members
  • 63 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Australia
  • Local time:08:13 PM

Posted 01 February 2008 - 07:00 AM

Hello and Welcome to Bleeping Computer.

I'm EnigmaChick and I will be assisting you with your malware problem today.

Please give me some time to analyze your log, and I will post back with instructions.
I'm waiting for a average computer that can't be infected with malware unless it's intentionally ........ 5 years later: I am still waiting.

A Malware Fighting Tiger's Blog


#3 madec68

madec68
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:03:13 AM

Posted 01 February 2008 - 01:44 PM

Thank you Enigma Chick, look forward to hearing from you.

#4 EnigmaChick

EnigmaChick

  • Members
  • 63 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Australia
  • Local time:08:13 PM

Posted 02 February 2008 - 12:48 PM

Download SmitfraudFix (by S!Ri) to your Desktop.
http://siri.urz.free.fr/Fix/SmitfraudFix.exe
Double Click SmitfraudFix.exe on your Desktop. A folder named SmitfraudFix will be created on your Desktop.

Posted Image

Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press Enter

Posted Image

This program will scan large amounts of files on your computer for known patterns so please be patient while it works. It will create a file named:
c:\rapport.txt


IMPORTANT: Do NOT run any other options until you are asked to do so!

Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.

Please post:
C:\rapport.txt

Please reboot and post a new HijackThis(HJT log.

Logs to include in your reply
SmitfraudFix
HJT

I'm waiting for a average computer that can't be infected with malware unless it's intentionally ........ 5 years later: I am still waiting.

A Malware Fighting Tiger's Blog


#5 madec68

madec68
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:03:13 AM

Posted 03 February 2008 - 06:08 PM

Dear EnigmaChick I did as instucted and here are the logs.

Attached Files



#6 EnigmaChick

EnigmaChick

  • Members
  • 63 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Australia
  • Local time:08:13 PM

Posted 04 February 2008 - 06:20 AM

Please either print or save these instructions to Notepad because you wont have Internet access in Safe Mode.

Please refrain from uploading and attaching logs to your replies in future, instead please just copy and paste them into your reply.

Make sure to work through all the Steps in the exact order in which they are listed below. If there's anything that you don't understand, ask your question(s) before moving on with the fixes.

Reboot your computer in Safe Mode.
  • If the computer is running, shut down Windows, and then turn off the power.
  • Wait 30 seconds, and then turn the computer on.
  • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  • Ensure that the Safe Mode option is selected.
  • Press Enter. The computer then begins to start in Safe mode.
  • Login on your usual account.
______________________________

Open the SmitfraudFix Folder, then double-click smitfraudfix.cmd file to start the tool.
Select option #2 - Clean by typing 2 and press Enter.
Wait for the tool to complete and disk cleanup to finish.
You will be prompted : "Registry cleaning - Do you want to clean the registry ?" answer Yes by typing Y and hit Enter.

Posted Image


The tool will also check if wininet.dll is infected. If a clean version is found, you will be prompted to replace wininet.dll. Answer Yes to the question "Replace infected file ?" by typing Y and hit Enter.

A reboot may be needed to finish the cleaning process, if you computer does not restart automatically please do it yourself manually. Reboot in Safe Mode.

The tool will create a log named rapport.txt in the root of your drive, eg: Local Disk C: or partition where your operating system is installed. Please post that log along with all others requested in your next reply.

Please reboot into Normal Mode and post a new HJT log.

Logs to include in your reply
SmitfraudFix
HJT

I'm waiting for a average computer that can't be infected with malware unless it's intentionally ........ 5 years later: I am still waiting.

A Malware Fighting Tiger's Blog


#7 madec68

madec68
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:03:13 AM

Posted 04 February 2008 - 04:28 PM

I did as you instucted but I'm unable to paste the logs. I can copy them but when I try to paste them in here the paste option isn't there. Madec68

#8 EnigmaChick

EnigmaChick

  • Members
  • 63 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Australia
  • Local time:08:13 PM

Posted 07 February 2008 - 04:49 PM

Please open C:\rapport.txt and try to save the contents by pressing Ctrl & c simultaneously. Then try to paste the contents in a reply by pressing Ctrl & v simultaneously. If this works then please run post a new HJT log and use the same method to post its log into your reply. If this method for copying and pasting doesn't work then please attach C:\rapport.txt and attach your a new HJT log to your reply.
I'm waiting for a average computer that can't be infected with malware unless it's intentionally ........ 5 years later: I am still waiting.

A Malware Fighting Tiger's Blog


#9 madec68

madec68
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:03:13 AM

Posted 08 February 2008 - 06:03 PM

OK here it is. I still couldn't paste so here is the attachments.

Attached Files



#10 EnigmaChick

EnigmaChick

  • Members
  • 63 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Australia
  • Local time:08:13 PM

Posted 10 February 2008 - 12:46 PM

Please download ComboFix by sUBs from HERE or HERE

You must download it to your Desktop

Go to Posted Image -> Run -> paste in the following single line command & click OK


"%userprofile%\desktop\combofix.exe" /killall



Posted Image

ComboFix will automatically start, any monitoring programs will be shut down like your antivirus, antispyware programs for example.

ComboFix may restart your computer, this is normal.

When finished, it will produce a log. Please save its log to post in your next reply .

Note:
Do not mouse-click Combofix's window while it is running. That may cause it to stall.

CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

If ComboFix didn't restart your computer, please reboot it now.

Post a new HJT log and let me know how your computer is going.

Logs to include in your reply
ComboFix
HJT

I'm waiting for a average computer that can't be infected with malware unless it's intentionally ........ 5 years later: I am still waiting.

A Malware Fighting Tiger's Blog


#11 madec68

madec68
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:03:13 AM

Posted 11 February 2008 - 04:39 PM

Thanks so much for your help, everything seems fine now.

Attached Files



#12 Jacee

Jacee

    Bleeping around


  • Malware Response Team
  • 3,714 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:01:13 AM

Posted 15 February 2008 - 07:23 PM

Hi madec68 :thumbsup:
I'll step in for EnigmaChick, to continue helping you.

First I'd like you to disable Spybot's Tea Timer, it's a good application, but it will try to interfere with our 'fix'.
Tutorial
http://russelltexas.com/malware/teatimer.htm

Open Spybot and click on Mode and check Advanced Mode
Check yes to next window.
Click on Tools in bottom left hand corner.
Click on System Startup icon.
Uncheck Teatimer box and Uncheck Resident.
Click Allow Change box.
Look at the right hand corner of the screen to see if the icon for Spybot resident is still there. If it is, click it and choose exit.

Now,

Please rescan with HJT. Place a check mark next to these items:

O2 - BHO: (no name) - {21ECA600-72B5-4E66-BB2E-573C92CBD8D6} - C:\Program Files\Video Add-on\isfmdl.dll (file missing)

O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: IE Custom Tools - {C4DFA6F3-1245-41E5-8E60-7D31427F01B3} - C:\Program Files\Video Add-on\ictmdl.dll (file missing)
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL

O4 - HKLM\..\Run: [bm] "C:\Program Files\Common Files\AntiSpywareSuite\bm.exe" dm=http://antispywaresuite.com ad=http://antispywaresuite.com sd=http://ykeeper.antispywaresuite.com
O4 - HKLM\..\Run: [ptask] C:\Program Files\AntiSpywareSuite\ptask.exe
O4 - Startup: MostFun.lnk = C:\Program Files\MostFun\Bin\MostFun.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk.disabled
O4 - Global Startup: HP Image Zone Fast Start.lnk.disabled
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk.disabled
O4 - Global Startup: QuickBooks 2001 Delivery Agent.lnk.disabled

O8 - Extra context menu item: &Search - ?p=ZCxdm565YYUS

O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm

O22 - SharedTaskScheduler: (no name) - {e31f5c72-8e0d-4921-8375-9573746c170c} - (no file)
O22 - SharedTaskScheduler: aposiopetic - {91316323-2ad5-4794-9589-52a2eaa60a68} - C:\WINNT\system32\shlahsd.dll (file missing)


Close all windows except HJT, the click "fix checked".

Exit HJT and go to your Control Panel > Add/Remove Programs and remove the following:

AntiSpywareSuite <--See link!
http://research.sunbelt-software.com/threa...threatid=194595
MostFunPlayer <-- optional, see link
http://www.prevx.com/filenames/87532518517...OSTFUN.EXE.html
Video Add-on
PokerStars
Empire Poker
<-- optional, but malware is attracted to these types of programs
ZoneAlarmSB/ or SpyBlock

If you have uninstalled these programs, then using Windows Explorer, navigate to and delete these folders:

C:\Program Files\MostFun or MostFunPlayer
C:\Program Files\Video Add-on
C:\Program Files\ZoneAlarmSB\bar ...DO NOT delete the Folder --> ZoneLabs or ZoneAlarm! (just the SpyBlock bar)
C:\Program Files\Common Files\AntiSpywareSuite
C:\Program Files\AntiSpywareSuite

Next, open 'run' and type cleanmgr in the box. Click OK.
Clean all temps

Now reboot/restart your machine normally.

Please run an online scan with BitDefender http://www.bitdefender.com/scan8/ie.html
BitDefender Online Scanner pops up in a separate window, so if you have a pop-up blocker, you'll have to disable or allow this window to open.

Once the scan is ended, press Click here to view the report to see
the scanning results.

Save the report, as .txt then copy and paste it in your next reply (or attach), along with a fresh copy of HJT.

edited out bad link ~ Jacee ~

Edited by Jacee, 22 February 2008 - 06:12 PM.

MS_MVP.gif
MS MVP Windows-Security 2006-2016
Member of UNITE, the Unified Network of Instructors and Trusted Eliminators

Admin PC Pitstop


#13 madec68

madec68
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:03:13 AM

Posted 21 February 2008 - 10:23 PM

I did as instructed but I cannot access the link to download the RestTeaTimer.bat

#14 Jacee

Jacee

    Bleeping around


  • Malware Response Team
  • 3,714 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:01:13 AM

Posted 22 February 2008 - 06:10 PM

I'm sorry madec68, that's my fault. The link is no good and I should have deleted it :thumbsup:

If you have done all of the above, will you please post the bitdefender .txt and a fresh HJT log.

MS_MVP.gif
MS MVP Windows-Security 2006-2016
Member of UNITE, the Unified Network of Instructors and Trusted Eliminators

Admin PC Pitstop


#15 madec68

madec68
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:03:13 AM

Posted 22 February 2008 - 06:30 PM

I would like to finish what you've told me to do but I am unable to access the Add/Remove programs. I've tried everything I know to do, but it still won't work.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users